skip to Main Content

Workplace Compliance News & Resources

Get the latest safety and workplace compliance news and resources from the federal, state, and local government levels. Below you’ll find late-breaking news, an interactive state map, the latest federal news, and minimum wage changes.

We try to keep it easy to understand and give you some general considerations on what to do, but we always recommend that businesses seek legal counsel for further advice and guidance on your particular situation.

Wherever available, KPA products are updated with the latest government notices and posters for employers.

Breaking News

Check back later!

Latest State & Federal Workplace Compliance News

Who: All employers

When: Effective immediately

On September 21, 2023, the U.S. Equal Employment Opportunity Commission (EEOC) released its strategic enforcement plan for fiscal years 2024 through 2028. The document, which is effective September 22, 2023, describes the agency’s enforcement priorities for the next five years. The EEOC’s purpose is to protect workers against discrimination in the workplace, promote fair and inclusive workplaces, and create equal opportunity for all workers.

The EEOC stated several priorities:

  • Improving recruitment and hiring practices by addressing policies and practices that affect protected-status workers
  • Protecting more vulnerable and underserved workers who may be unaware of their rights, may be reluctant or unable to exercise their rights, or have historically been underserved by federal employment discrimination protections
  • Classifying certain issues as emerging and developing, namely protecting workers impacted by pregnancy, childbirth, or related medical conditions; workers impacted by the long-term effects of COVID-19; and workers who are unfairly impacted by the use of technology (AI)
  • Advancing equal pay for all workers, including the traditionally underrepresented: women and people of color, especially in specific industries and sectors
  • Eliminating barriers in recruitment and hiring related to employers’ increasing use of technology in the hiring process
  • Protecting access to the legal system, including addressing the use of overly broad waivers, releases, nondisclosure agreements, or nondisparagement agreements
  • Preventing and remedying systemic harassment, partly by promoting comprehensive anti-harassment programs and practices

The EEOC intends to make its enforcement efforts more consistent and has committed to supporting employers in their efforts to identify barriers to equal employment opportunities and create more inclusive workplaces. Litigators and investigators will give more attention to claims that fall under the priorities listed in the strategic enforcement plan.


  • Identify barriers to equal employment opportunities and establish diversity, equity, inclusion, and accessibility practices in the workplace.

Additional Resources:

Strategic Enforcement Plan for Fiscal Years 2024-2028

U.S. Equal Employment Opportunity Commission

Laws Enforced by EEOC

Who: All employers

When: Comments due by November 1, 2023

On September 29, 2023, the U.S. Equal Employment Opportunity Commission (EEOC) released proposed updated guidance on workplace harassment. Workplace harassment laws protect employees against discrimination based on race, color, religion, sex (including sexual orientation, gender identity, and pregnancy), national origin, disability, age (40 and older), and genetic information.

In the proposed guidance, the agency explains the legal standards applicable to harassment claims under the federal employment discrimination laws it enforces. It covers the basics of how to prove harassment, how to determine when an environment becomes “hostile,” and how an employer can be liable for harassment. The guidance provides additional protections for LGBTQ+ workers; pregnancy-related medical conditions, including lactation, contraception, and abortion; and religious expression.

The proposed guidance includes many updated examples to reflect different types of scenarios and checklists of what to include in an anti-harassment policy and anti-harassment training. It also incorporates current case law and addresses how digital and social media content can contribute to a hostile work environment.

The public is invited to comment on the proposed Enforcement Guidance on Harassment in the Workplace until November 1, 2023. The final guidance will update and replace all previous guidance that was issued in the late 1980s and 1990s.


  • Review the proposed guidance and comment by November 1, 2023.
  • Monitor for the release of the final guidance.
  • Review your anti-harassment policies and training materials and update them as needed to comply with the final guidance.
  • Train managers on the requirements of the law.
  • Ensure you are up to date on your state and local anti-harassment laws.

Additional Resources:

Federal Register Proposed Enforcement Guidance on Harassment in the Workplace

EEOC PROPOSED Enforcement Guidance on Harassment in the Workplace

Proposed Enforcement Guidance on Harassment in the Workplace

Who: Federal contractors, employers that receive federal funds, and government agencies

When: Effective immediately

On September 29, 2023, the U.S. Equal Employment Opportunity Commission (EEOC) and the U.S. Department of Labor published a resource guide titled “Employment Protections Under the Rehabilitation Act of 1973: 50 Years of Protecting Americans with Disabilities in the Workplace.” The Rehabilitation Act prohibits employers from discriminating based on an individual’s disability. It applies to federal contractors, other programs receiving federal funds, and government agencies.

The Rehabilitation Act of 1973 prohibits disability discrimination in the workplace under Section 501, which covers federal government agencies. Those regulations are enforced by the EEOC. Under Section 503, the Rehabilitation Act applies to federal contractors and subcontractors. Those regulations are enforced by the Office of Federal Contractor Compliance Programs (OFCCP).

The guide provides resources to employers covered under Sections 501 and 503 that are related to recruiting, hiring, and employing individuals with disabilities and summarizes the provisions of the law. The guide also provides suggestions for best practices when it comes to recruiting, hiring, retention, and advancement practices as they relate to people with disabilities.


  • Post the Pay Transparency Nondiscrimination Provision and Know Your Rights Poster.
  • Review the disability resource guide to understand the basic requirements of Sections 501 and 503, what additional resources are available, where to find help, and the regulations and laws.
  • Review your hiring and compensation policies to ensure compliance with the law.

Additional Resources:

Office of Federal Contract Compliance Programs Section 503

Equal Employment Opportunity Posters

The Federal Trade Commission (FTC) voted to amend and expand the Safeguards Rule to require non-banking financial institutions, like dealerships, to report data security breaches.

Data Security Breaches Affecting 500+ People Must Be Reported to FTC

The amendment states that organizations subject to the Safeguards Rule will have to notify the FTC within 30 days after the discovery of a data security breach that includes the information of at least 500 consumers.

This includes a notification to the FTC if unencrypted customer information has been accessed without authorization by the impacted consumers. That notice must include specific information about the event, including the number of impacted or those potentially impacted.


In 2021, final amendments were issued and updated in the Safeguards Rule. Those amendments took effect in January 2022, with a compliance date by this past June. Those amendments didn’t include a data breach reporting requirement.

Later in 2021, the agency separately issued a proposal to amend the Rule to include this data breach reporting requirement. Following a public comment period, the agency has been reviewing those responses.

What Happens Now?

Once this amendment is published in the Federal Register, it will take effect 180 days from the publish date.

KPA will continue to monitor this topic and inform you as we learn more.

If you use KPA or ComplyNet’s Safeguards solutions, we will update your policies and procedures to reflect any changes.

If you don’t have a solution in place now, schedule time to talk to us about how we can help you in the case of a cybersecurity breach. You will need to review your current Privacy & Safeguards solutions and ensure that you are prepared in the case of a cybersecurity breach.

Who: California employers

When: Effective July 1, 2024

On September 30, 2023, Governor Newsom signed legislation that will require workplaces to adopt and implement a workplace violence prevention plan, document any threats or workplace violent incidents, and train employees. Cal/OSHA has been designated as the enforcement agency for this new law.

The prevention plans must cover:

  • The name and title of responsibile individual for program implementation.
  • Procedures for receiving and responding to reports of workplace violence
  • Employers are prohibited from retaliating against an employee who reports an incident
  • How employees can report a violent incident, threat, or other concern to their employer or law enforcement without fear of retaliation
  • Procedures for alerting employees of the presence, location, and nature of a workplace violence emergency
  • Evacuation or sheltering-in-place plans
  • How reports will be investigated and how employees will be informed of the results
  • Procedures for enlisting employees in developing and implementing the violence prevention plan
  • The review of the plan for effectiveness and revising it as needed


  • KPA will continue to monitor this topic for additional information from Cal/OSHA as the effective date nears.

Additional Resources:


Who: Massachusetts employers

When: Effective November 1, 2023

Effective November 1, 2023, Massachusetts employers must give employees the option to supplement Paid Family and Medical Leave (PFML) with their accrued paid leave (i.e., paid time off (PTO), vacation time, sick time, or personal time) to replace up to 100% of their wages while on leave. Previously, employees did not have this option and could use their paid accrued leave only while they were waiting the required seven days for PFML benefits to kick in or in one block of time at the beginning or end of the PFML.

The Massachusetts Department of Family and Medical Leave is also going to update its PFML contribution rates and weekly benefits, effective January 1, 2024. The maximum weekly benefit will increase slightly to $1,144.90. The tax rate will increase for employers with 25 or more employees to 0.88% of eligible wages, with the employer paying 0.42% and the employee paying 0.46%. For employers with fewer than 25 employees, the tax will increase to 0.46%, with the employer paying 0.28% and the employee paying 0.18%.


  • Monitor for the release of the new contribution and benefit rates and provide a notice to employees.
  • Monitor for additional guidance on how to calculate and incorporate accrued paid leave benefits.
  • Review your policies and update them as needed to comply with the law.

Additional Resources:

Massachusetts Paid Family and Medical Leave (PFML) overview and benefits

Paid Family and Medical Leave Information for Massachusetts Employers

PFML workforce notifications and rate sheets for Massachusetts employers

Who: New Jersey employers

When: Effective immediately

The New Jersey Department of Labor released guidance to help employers understand the steps they need to take to comply with the amended unemployment insurance law. The agency has not yet provided official instructions of what employers must submit to the New Jersey Division of Unemployment when an employee is separated from employment but is in the process of creating an online form for employers to use.

Employers need to register online at Employer Access and give the agency an email address, which—for the time being—satisfies the requirement for an employer to communicate with the agency only through electronic means. The agency recognizes that it has not given clear instructions and so does not expect employers to submit information about separations that result in unemployment insurance for the employee, other than the date upon which the unemployment will begin.

The agency has indicated that it will be lenient in its enforcement of the amended law until it gives clear instructions, including enforcement of the new seven-day limit for employer appeals.


  • Register with Employer Access.
  • Monitor for the release of the online form, instructions, and any additional guidance.

Additional Resources:


Get started with Employer Access

FAQs about new changes to the NJ Unemployment Compensation Law

Who: New York City employers

When: Effective immediately

On September 15, 2023, New York City amended its Earned Safe and Sick Time Act (ESSTA) and the New York City Department of Consumer and Worker Protection adopted the changes effective October 15, 2023. Changes include the definition of covered employee, how to determine employer size, notice requirements, documentation requirements, and how to make leave balances available to employees.

The amendments clarify that an employee who performs work, including telecommuting, only while physically located outside of the City of New York is not “employed for hire within the City of New York,” even if the employer is located in New York City. An employee with a primary work location outside of New York City could be covered “if they regularly perform, or are expected to regularly perform, work in New York City” during a calendar year. Only hours worked within the City count as “hours worked” for the purposes of safe and sick time accrual. All domestic workers are entitled to safe and sick time.

The amended law clarifies that for the purpose of counting employees to determine how much paid safe and sick time the employer has to provide, the count is based on the number of employees nationwide. The employer must count the highest total number of employees employed at any point during the calendar year to date, including full-time employees, part-time employees, employees jointly employed by one or more employers, and employees on leaves of absence, suspensions, and other temporary absence.

If an employer’s headcount increases to 100 employees at any time during the year, it must allow its employees to use an additional 16 hours of sick and safe time for the remainder of the calendar year (for a total of 56 hours). If an employer’s headcount shifts below 100 employees, it cannot reduce employee sick and safe time benefits from 56 hours to 40 hours until the following calendar year.

An employer may require reasonable advance notice of an employee’s need to use safe and sick time, but now they have to include information about that requirement in a written policy that explains how to give notice. Now an absence is considered “foreseeable” only if the employee is aware of the need to take the leave seven days or more before the use.

If an employer requires written documentation of an employee’s need for sick time, it must reimburse employees for all fees charged by a licensed health care provider and all reasonable costs or expenses incurred in obtaining such documentation. Documentation signed by a licensed clinical social worker or licensed mental health counselor is now considered “reasonable documentation” as long as it indicates a need for the employee to take sick time.

Employers who require documentation of the need to take safe and sick time must have a written policy that includes a statement of the requirement, the types of written documentation the employer will accept, and how employees can submit the documentation. Employers who withhold payment of safe and sick time until they receive reasonable documentation must state that rule in their policy.

Accruals of safe and sick time must account for all time worked, even when less than a 30-hour increment. Employers can round accruals to the nearest five minutes, one-tenth of an hour, or one-quarter of an hour.

The “regular rate of pay” means the employee’s regular rate of pay at the time they take safe and sick time. The rate cannot be less than the highest rate of the pay the employee is entitled to under applicable law, contract, or agreement.

Employers who provide paid safe and sick time in an annual upfront lump sum must inform employees upon hire that the time is immediately available for use. Employers must also include a written statement in their ESSTA policy that the employer will not ask for details about what led the employee to take safe and sick time and that they will keep the information confidential.

Additionally, the changes clarify employers’ responsibility to report accrual, usage, and balance information to employees. Employers must specify the balance and the amount of time available for use, if those two values differ. If they use an electronic system to issue documentation of the availability of sick and safe time, they must electronically alert the employee each pay period as to the availability of the required information; make the required content readily accessible by the employee outside of the workplace within the electronic system; and maintain accrual, use, and balance information for any past pay period in the electronic system.

If an employer fails to maintain or distribute a written safe and sick leave policy or maintain adequate records of employees’ safe and sick time use and balances, New York City will now make a “reasonable inference” that the employer is not in compliance with the ESSTA.


  • Monitor for the release of the updated Earned Safe and Sick Time notice.
  • Monitor for updated administrative guidance on employers’ paid sick leave obligations.
  • Update your safe and sick leave policies and paid time off policies to comply with the law.
  • Train managers, supervisors, and HR personnel on the amended law.

Additional Resources:

Adoption of Final Rule

Earned Safe and Sick Time Act

NYC’s Paid Safe and Sick Leave Law

Who: New York employers

When: Effective November 13, 2023

On September 14, 2023, New York Governor Kathy Hochul signed Senate Bill 4878A, which amends Section 590 of New York Labor Law. The law goes into effect November 13, 2023, and applies to all New York employers.

The amendment requires employers to provide a written notice of their right to unemployment insurance benefits under these circumstances:

  • Reduction in hours
  • Permanent or indefinite separation
  • Temporary separation
  • Any other interruption of employment that results in total or partial unemployment

Employers must use the notice provided by the New York Department of Labor or one that it approves. It must include:

  • Employer name,
  • Employer registration number,
  • Employer address, and
  • Any other information required by the New York Department of Labor commissioner.


  • Provide notice of an employee’s right to unemployment insurance benefits upon separation as required by the law.
  • Review your separation notices and agreements and update your notification process as needed to comply with the law.

Additional Resources:

Senate Bill 4878A

New York Section 590 Rights to Benefits

New York Record of Employment Form

Who: Utah employers

When: Effective December 31, 2023

On March 24, 2022, Governor Spencer Cox signed the Utah Consumer Privacy Act (UCPA) into law, effective December 31, 2023. It is the fourth state to pass such a law, which protects the data privacy rights of Utah residents—specifically, the sale of personal data and the use of it for targeted advertising. Sharing of data and exchange of data for non-monetary compensation are practices that are not covered under this law.

The law establishes that a business can collect, process, or sell data, or use it for targeted advertising without asking for or obtaining the consumer’s consent (unless the consumer is a child under 13 years of age). Organizations must notify consumers that they are processing the data. Consumers have the right to opt out, and the business must provide them with the option to do so.

The UCPA applies to Utah entities that control or process personal data. The controller is a person who determines the purpose and means by which to process the data. The processor processes personal data on behalf of a controller. A controller must have a contract with a processor that contains certain provisions as spelled out in the UCPA.

The consumer is defined as a resident of Utah acting in an individual or household context. Personal data is defined as “information that is linked or reasonably linkable to an identified individual or an identifiable individual.” Sensitive personal data is defined as having to do with racial or ethnic origin, religious beliefs, sexual orientation, citizenship or immigration status, medical history, mental or physical health condition, medical treatment or diagnosis, and genetic, biometric, and geo-location data.

The UCPA applies to any entity that:

  1. Conducts business in the state or produces a product or service targeted to Utah consumers AND
  2. Generates $25 million or more in annual revenue AND
  3. Meets one of these thresholds:
    1. Controls or processes the personal data of 100,000 or more consumers in a calendar year OR
    2. Derives 50% or more of its gross revenue by selling personal data AND controls or processes the personal data of 25,000 or more consumers.

Certain organizations are exempt: government organizations, contractors, nonprofit organizations, higher education institutions, air carriers, and financial institutions covered by the Gramm-Leach-Bliley Act. It also does not apply to information already covered by other laws: Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Driver’s Privacy Protection Act, Family Educational Rights and Privacy Act, and the Farm Credit Act. Data processed or maintained in the course of hiring and employment is also exempt from the law.

Covered organizations must have a privacy policy and present it to consumers (can be on the website). It has to spell out the categories of personal data being processed, what data the controller shares with third parties, the purpose of processing the data, categories of third parties that the controller shares personal data with, how the consumer can exercise their rights, and methods for opting out of their data being sold for targeted advertising.

Data controllers and processors must “establish, implement, and maintain reasonable administrative, technical, and physical data security practices designed to protect the confidentiality and integrity of personal data.”

Consumers can confirm if a controller is processing personal data and can request that data. They can delete their personal data that they provided to the controller. Consumers may obtain their personal data in a portable format. They may opt out of the sale of personal data or use of data for targeted advertising. Entities must respond to a consumer’s request within 45 days.

Entities may not discriminate against a consumer for exercising their rights, but they may offer incentives for participation in a loyalty program and may offer someone who opts out of targeted advertising a different price, quality, or selection of goods. They may not charge for processing the opt-out request except under certain circumstances.

The Attorney General is responsible for enforcing the law. They must give an entity 30 days to cure the violation and then may impose actual damages and fines of up to $7,500 per violation.


  • Create a privacy policy to comply with the law.
  • Provide a privacy notice to consumers.

Additional Resources:

SB 227

2023 Minimum Wage Updates

KPA tracks state and local minimum wage changes for our Vera HR customers, providing them with updated labor posters and more.

Check out the latest minimum wage changes for 2023, typically updated in December and June to ensure you know about the majority of increases before taking effect on January 1 and July 1.


Resources for Success

OSHA Reporting Resource Hub

If regulatory paperwork makes your head spin, have no fear—the workforce safety and compliance professionals at KPA are here to help.

We’ve created this resource hub chock full of OSHA recordkeeping and reporting best practices to help keep your head on straight.

Check is out

Back To Top