Compliance Corner: CAN-SPAM, CASL and More

Laws around the world regulate how businesses and employers can interact with individuals through emails. While many marketing teams deal with these regulations every day, they also apply to talent acquisition teams that engage with candidates through email. Different countries have different laws, so this post will cover the laws in the United States, Canada and Australia. If you’re emailing candidates in other countries, you should review any applicable anti-spam legislation.

United States: CAN-SPAM

CAN-SPAM, Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, regulates commercial messages in the United States. Commercial messages promote a product or a service—including one-off and mass email sends. It does not apply to transactional or relationship content, which are emails about an already agreed upon transaction. Here’s what it requires:

  • You cannot use false or misleading header information, including “From,” “To,” “Reply-To” and routing information must be accurate and identify the person or business who initiated the message.
  • You cannot use deceptive subject lines.
  • The message must include your valid postal address.
  • You must include an option to opt-out of future emails and you must honor those opt-out requests within 10 days.
  • For every email you send in violation of CAN-SPAM, you can be fined up to $41,484.

Canada: CASL

CASL, The Canadian Anti-Spam Legislation applies to commercial electronic messages in Canada. Commercial electronic messages are emails that encourage participation in a commercial activity. Here’s how it works:

  • Commercial electronic mail to Canadian individuals is covered by CASL.
  • The recipient of the email must give express consent, or implied consent to receive the commercial electronic message.
  • Express consent means the person has agreed to receive the message either in writing or orally. An opt-in option, like a website sign up, is considered express consent. An email requesting consent does not create express written consent.
  • Implied consent can be obtained when the person conspicuously publishes their email. That publication cannot be accompanied by a statement that the person doesn’t want to receive the unsolicited commercial electronic messages and the message must be relevant to the person’s business, role, functions or duties in a business or official capacity.
  • An existing business relationship is an exception, which can arise from a purchase or acceptance of a business, investment or gaming opportunity within the past two years. Organizations that don’t comply risk serious penalties, including criminal charges, civil charges, personal liability for company officers and directors, and penalties up to $10 million.

Australia: SPAM Act

The SPAM Act of 2003 prohibits the sending of unsolicited commercial electronic messages with an Australian link.  Commercial electronic messages offer, advertise or promote the supply of goods, services, land or business or investment opportunities. A message has an Australian link if it originates or was commissioned in Australia or was sent to an address accessed in Australia.

  • The recipient of the message must provide express or inferred consent.
  • Examples of express consent include an opt-in box on a form or website, verbal confirmation over the phone or face-to-face or by swapping business cards. An electronic message requesting consent does not qualify.
  • Inferred consent can occur in an existing business or other relationship or by a person publicly publishing their work-related email address and that posting does not include stating that the person doesn’t want to receive commercial messages and the subject of the message must be directly related to the role or function of the recipient.
  • Every email must contain an unsubscribe option that must be honored within five working days.
  • The email must correctly identify the sender or the individual or organization that authorized the email send and it must include information about how the recipient can contact you.
  • Violations of the Spam Act have a maximum penalty of $2.1 million.

The GDPR, or the EU General Data Protection Regulation regulates how businesses use and protect the personal data of European Union citizens. Read our previous Compliance Corner post on the GDPR.

Compliance Corner is a feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at marketing@peoplescout.com.

Compliance Corner: GDPR

Commonly known as the GDPR, the EU General Data Protection Regulation requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.


GDPR aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.


The GDPR applies to all organizations that collect the data of people who live in the EU, regardless of the organization’s physical location. That means the GDPR impacts organizations across the globe, and the penalties can reach up to 4 percent of the global revenue of the parent company or 20 million euros, whichever is higher. Enforcement begins on May 25, 2018.


The regulation requires privacy by design, which means that a data system needs to include data protection from the start, rather than as an addition. Organizations must only hold and process the data that is absolutely necessary, and limit access to that data to those who need to process it.


The GDPR also requires consent and provides the people whose data is collected with the right to confirmation as to whether or not their personal information is being processed, where it is being processed and for what purpose. If the person requests, the organization also needs to provide a copy of the personal data, free of charge, in an electronic format. The person has the right to give that data to another organization.


Additionally, the GDPR includes the right to be forgotten, also known as data erasure, which entitles the person whose data was collected to have the organization erase the data, cease any dissemination of the data and potentially halt a third party’s processing of that data.


The regulation requires organizations to notify the people whose data they collect within 72 hours of first becoming aware of a data break that is likely to “result in a risk for the rights and freedoms of individuals.”


Organizations that collect data previously had to notify local data protection advisors about their data processing activities. Under the GDPR, data collecting organizations will not be required to submit those notifications or registrations, but they will need to meet internal recordkeeping requirements, and some organizations will need to appoint data protection officers.



Compliance Corner is a feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at marketing@peoplescout.com.

Compliance Corner: HR Compliance Trends for 2018

Download our ebook, HR Compliance Trends for 2018

Explosive regulation at the state and local level, coupled with increased employment class-action litigation, is creating extraordinary risk for employers.

In addition to the proliferation of local minimum wage, sick leave and background check rules, there are new regulatory frameworks for employee scheduling, pay equity, drug testing and paid leave.

These regulations create significant administrative challenges and new risks, as the patchwork of legislation may be inconsistent or contradictory, and multiple policies for a single employer may be required.

Failing to keep up with this rapidly changing landscape can lead to catastrophic consequences. The top 10 settlements in various employment-related class-action cases totaled $2.72 billion in 2017, an increase of over $970 million from 2016. Similarly, the top 10 government enforcement actions settled for $485.25 million in 2017, up drastically from $52.3 million in 2016.

Our team of employment attorneys and experts closely monitor these issues to ensure that we at PeopleScout and our clients are ahead of the curve. This ebook is designed to help you understand the biggest employment compliance trends and what they mean for you in 2018.

Learn about these compliance trends:

  1. Ban the box
  2. Paid sick leave
  3. Medical and recreational marijuana
  4. Arbitration agreements with class-action waivers
  5. Salary history
  6. Predictive scheduling
  7. Accommodations for pregnant and nursing employees
  8. Regulatory protections for gig workers
  9. Harassment training

Download our ebook, HR Compliance Trends for 2018

Compliance Corner is a feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at marketing@peoplescout.com.

Compliance Corner: 2017 in Review

Throughout 2017, we’ve seen important changes in the compliance landscape. State and local governments have passed significant pieces of legislation and courts have weighed in on a variety of issues. We’ve tracked some of the biggest compliance issues throughout the year, and as 2017 comes to a close, here’s a look back on the topics we’ve covered.

Medical Marijuana

Twenty-nine U.S. states and the District of Columbia have laws that allow for some use of medical marijuana, and employers need to be prepared to react when medical use of the drug intersects with workplace policies. However, there’s no legal consensus about what actions employers should take if a candidate or an employee uses marijuana for medical purposes, despite 95 percent of the population living in jurisdictions with some form of legal marijuana.

Ban the Box

“Ban the box” refers to the box on applications requiring applicants to reveal their criminal history. More than 150 cities and 29 states have enacted some form of a ban the box law. The laws are intended to push a background check later into the hiring process so that employers consider an applicant’s qualifications before their criminal history.

Predictive Scheduling

Advocates say predictive scheduling laws, sometimes called “fair workweek” laws, are intended to provide employees with increased income consistency and scheduling predictability so they can more easily plan for childcare and other commitments. Employers lose some flexibility in how they schedule employees.

Salary History

Salary history laws are intended as a way to promote pay equity by imposing limitations on how employers can use a worker’s previous salary as a benchmark to set compensation. These restrictions are usually part of a broader pay equity movement being legislated throughout the country.

Paid Sick Leave

States, counties and cities across the United States are implementing paid sick leave laws, adding to the complicated compliance landscape faced by employers. These laws impact employers with full-time or part-time employees. Employers should review their sick leave policies and have plans in place to implement new policies to ensure compliance.

Freelance Isn’t Free

New York City’s “Freelance Isn’t Free” Act took effect in May 2017. It’s the first of its kind, and its impact will extend far beyond New York City. It sets requirements for contracts and payments, while providing freelancers with a process for addressing organizations that violate those contracts.

Compliance Corner is a feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at marketing@peoplescout.com.

Age Discrimination in the Workplace: What Employers Need to Know

According to the Pew Research Council, 18.8 percent of people over 65 worked in 2016, while the National Council on Aging reports that, by 2019, over 40 percent of people over age 55 are expected to be working. With the increase of older employees in the workforce, age discrimination in the workplace will become a greater issue, necessitating strategic planning to avoid age-related issues. In this post, we outline the issues and offer concise solutions to combat age discrimination in the workplace.

What is Age Discrimination in the Workplace?

In the United States, the Age Discrimination in Employment Act (ADEA) is a federal law that protects individuals 40 years of age or older from age-based employment discrimination. According to the ADEA, the following are examples of age discrimination in the workplace:

  • Not hiring an individual because an employer wants a younger-looking person for the role.
  • If a person receives a negative performance review because they were too old or inflexible to taking on new projects.
  • Firing an individual because management wants to hire and retain younger less expensive workers.
  • Turning an individual down for promotion because they are “too old” for the position or they want “new blood” in a position.
  • When company layoffs are announced, most of the persons laid off are older, while younger workers with less seniority and less on-the-job experience are kept on.
  • Before termination, supervisors or management made age-related remarks about an individual such as the person being “over-the-hill,” “ancient,” or “an old man or woman.”

If any of these situations take place, employees may have a solid case against a company for age discrimination in the workplace.

Managing Age Diversity in the Workplace

A study by PricewaterhouseCoopers revealed that 64 percent of CEOs surveyed had adopted strategies promoting diversity and inclusiveness. However, only 8 percent included age as a factor in their diversity strategy. This means that many businesses may be ill-equipped to properly manage an age-diverse workplace.

Older employees bring with them years of experience, tried and true ideas and problem-solving approaches that can be of great benefit to a business. However, multi-generational workplaces also come with unique challenges, which if mismanaged, can lead to unsatisfied employees and hampered business efficiency. This means getting it right depends on smart management and an open-minded leadership approach. Here are some ways businesses can effectively manage and create a positive working environment free of age discrimination in the workplace:

Flexibility:

Older individuals may need more flexibility in the workplace dues to age-related illnesses, family obligations and physical ability. Providing flexibility to older employees allows them to participate in the workplace without feeling like they are a burden to the company they work for.

Foster Multi-Generational Team building:

Building age-diverse teams in the workplace allows employees to learn from one another. Older employees can impart knowledge gained through experience to younger employees while younger employees can teach them how to use new technology and techniques.

Both parties benefit from the chance to challenge and motivate one another. That is why businesses should look for opportunities for inter-generational teams to collaborate on projects whenever possible.

Job Requirements:

There are a few circumstances when it is lawful for an employer to treat people differently if it is a legal requirement that the employee must be of a particular age. When deciding if this applies, it is necessary to consider the nature of the work and the context in which it is carried out. Jobs may change over time and companies should review whether the requirement continues to apply, particularly when recruiting for certain positions.

Age Discrimination in the Workplace and Recruitment

According to Department of Labor data, the unemployment rate for those over age 55 stands at just 3.6 percent, compared with 5 percent for the total population. While older workers have found a place in the modern workforce, many individuals find themselves the victims of age-based discrimination when it comes to being recruited and hired. There are many ways businesses can avoid age-based discriminatory hiring practices. Below we have listed a couple of tips:

Job Applications

Businesses should remove the age and date of birth fields from job applications. In addition to removing these fields, businesses should also review their applications to ensure that they are not asking for unnecessary information about dates. Asking for age-related information on an application could project an air of discrimination, which could be a liability and dissuade older candidates from applying.

Job Descriptions:

Avoid references, however oblique, to age in the job description. For example, a job seeker could challenge any time requirement, and a business may have to justify it in objective terms, again leaving a business vulnerable to discrimination allegations.

Harassment and Age Discrimination

Harassment is unwanted conduct related to a relevant protected characteristic, such as age, which has the purpose or effect of violating an individual’s dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for that individual.

Harassment may be intentional bullying which is obvious or violent, but it can also be unintentional, subtle and insidious. It may involve nicknames, teasing, name calling or other behavior that does not have malicious intent but is upsetting. It may be about the individual’s age (real or perceived), or it may be about the age of those with whom the individual associates. It may not be targeted at an individual but consist of a general culture which, for instance, appears to tolerate the telling of age-related jokes.

Businesses may also be held responsible for the actions of employees. To ensure age-related harassment does not take place, businesses should clearly communicate an anti-harassment policy and make sure the policy is thoroughly enforced.

Conclusion:

Fairness at work and good job performance go hand in hand. Tackling discrimination helps to attract, motivate and retain staff and enhances a businesses’ reputation as an employer. Eliminating age discrimination in the workplace helps everyone to have an equal opportunity to work and develop their skills regardless of age.

Compliance Corner: Medical Marijuana

Twenty-nine U.S. states and the District of Columbia have laws that allow for some use of medical marijuana, and employers need to be prepared to react when medical use of the drug intersects with workplace policies. However, there’s no legal consensus about what actions employers should take if a candidate or an employee uses marijuana for medical purposes, despite 95 percent of the population living in jurisdictions with some form of legal marijuana. In this month’s Compliance Corner, we’re digging into the issues employers need to consider when planning their own responses.

A Patchwork of Laws

The landscape of medical marijuana laws is complicated. While states like Oregon and Colorado allow the use of marijuana for recreational purposes, others like Iowa and Texas restrict the types of conditions eligible for the treatment and the level of THC, the psychoactive component of marijuana, the drug can contain. Many states do not provide any employment law protection to people who use medical marijuana; however, some, like Connecticut, do offer protection to employees.

Additionally, all marijuana is illegal under federal law. As the New York Times reports, the Justice Department has given some indication it plans to crack down on the industry.

Recent Developments

Traditionally, many employers have had one-size-fits-all policies that have zero tolerance for any use of marijuana. For several years, courts supported those policies. However, recent court rulings indicate employers should proceed with caution when it comes to medical marijuana.

Earlier this year, a Massachusetts court ruled in favor of a woman who was terminated after failing a drug test due to her use of medical marijuana. She argued her off-duty medical marijuana use is a “reasonable accommodation” under the state’s disability law.

The court found the use of medical marijuana was a reasonable accommodation when “medical marijuana is the most effective medication for the employee’s debilitating medical condition, and where any alternative medication whose use would be permitted by the employer’s drug policy would be less effective.”

More recently, a court in Connecticut ruled in favor of a user of medical marijuana. Connecticut’s law is unique in that it does prevent employers from terminating, penalizing, threatening or refusing to hire a person based on their use of medical marijuana. In this case, an employer rescinded a job offer from a woman after she tested positive for marijuana. The woman presented the employer with her medical marijuana registration and claimed the employer violated the anti-discrimination portion of Connecticut’s law.

The court sided with the woman, finding that the federal law that makes it a crime to use marijuana does not preempt Connecticut’s state law. The court found that the federal law does not make it illegal to employ a person who uses medical marijuana, so the anti-discrimination portion of Connecticut’s law does not conflict with the federal law.

The Takeaway

Considering the wide variety of state laws and recent court cases, employers should evaluate their own policies regarding the use of medical marijuana outside of the workplace as well as any state laws that may apply. There is currently no broad legal consensus regarding the issue; employers should watch for any court decisions that can provide clarity.

Compliance Corner is a feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at marketing@peoplescout.com.

Compliance Corner: Predictive Scheduling Laws

Oregon is the first state to pass a predictive scheduling law, which requires employers in some industries to give employees a set work schedule a week in advance. On July 1, 2020, that period will increase to two weeks.

Advocates say these laws, sometimes called “fair workweek” laws, are intended to provide employees with increased income consistency and scheduling predictability so they can more easily plan for childcare and other commitments. Employers lose some flexibility in how they schedule employees.

Here’s an overview of Oregon’s law:

  • Applies to retail, food service and hospitality companies with more than 500 employees nationwide
  • Specifically exempts workers provided by a worker leasing company
  • Requires employers to post schedules one week in advance, and in 2020, that increases to two weeks
  • Dictates several types of “predictability pay,” or additional compensation the company must provide for different types of schedule changes
  • Permits employers to keep a voluntary standby list of employees who want extra hours who can be offered additional shifts outside of the schedule posting requirements without predictability pay
  • Requires employers to provide a good faith estimate of the employee’s work schedule at hiring

Several cities across the country, including San Francisco, Seattle, New York City and Emeryville, California have enacted similar ordinances. However, all of the laws vary significantly in the industries and size of companies impacted, the length of advance notice required and the penalties imposed.

Most of the laws affect national retail, hospitality and food service companies with multiple branches. With the rising popularity of this type of legislation and the current patchwork of requirements, businesses in impacted industries cannot have one-size-fits-all scheduling policies. Jurisdictions in several states across the country have recently considered similar measures, so companies should be prepared for even more changes.

If you want to read more about compliance-related issues, check out our other Compliance Corner blog posts on salary history, paid sick leave and New York City’s Freelance Isn’t Free law.

Compliance Corner is a feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at marketing@peoplescout.com.

Compliance Corner: Paid Sick Leave

States, counties and cities across the United States are implementing paid sick leave laws, adding to the complicated compliance landscape faced by employers.

These laws impact employers with full-time or part-time employees. Employers should review their sick leave policies and have plans in place to implement new policies to ensure compliance. Organizations with a contingent workforce should also reach out to their staffing vendors to inquire if they are following the appropriate regulations.

The city of Chicago’s paid sick leave law took effect July 1. The law applies to most workers who perform at least 80 hours of work within a 120-day period inside the city of Chicago. For every 40 hours of work, employees must earn one hour of sick time, and they must be able to accrue up to 40 hours of sick leave per year. After one year, the law requires employers to allow employees to carry over at least half of their accrued sick leave.

Washington state’s paid sick leave law takes effect January 1, 2018. It is similar to Chicago’s law in that employees must earn one hour of paid sick leave for every 40 hours worked, but Washington’s law allows employees to carry over anything less than 40 hours of accrued sick leave every year.

Currently, various states require employers to provide paid sick leave. However, for employers across the country, the compliance picture isn’t as simple as just following state law. In addition to Chicago’s paid sick leave law, other cities like New Brunswick, New Jersey and New York City have implemented their own laws, and counties like Montgomery County, Maryland have also followed suit.

While the paid sick leave legislation across these locations is all similar, an employer cannot have a one-size-fits-all policy. Some laws require one hour of paid sick leave for every 30 hours worked while others accrue for every 40 hours worked. Further complicating the issue, the requirement for roll-over requirements can also vary.

While some states have pushed back against paid sick leave legislation, it is growing in popularity. Employers need to be prepared to deal with the changing patchwork of laws.

Compliance Corner is a new feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at marketing@peoplescout.com.

Compliance Corner: New York’s Freelance Isn’t Free Act

New York City’s Freelance Isn’t Free Act took effect in May. It’s believed to be the first of its kind, and its impact will extend far beyond New York City.

The act covers all New York City based freelancers and the parties that hire them – regardless of where the hiring organization is based. This has big implications in the growing gig economy.

The act defines a freelancer as someone hired or retained as an independent contractor but excludes medical professionals, lawyers and sales representatives. It requires any contract worth more than $800, or more than $800 in a 120 day period, to be put in writing.

The contract needs to include the scope of work, pay rate, method of payment and the payment due date.

If a company or organization violates a part of the act, it gives the freelancer the ability to file a report with the city and possibly file civil suit to get payment. According to the act, as a part of that suit, the freelancer could also receive damages, reasonable attorney’s fees and costs. Companies are also prohibited from retaliating against any freelancers who exert any of their rights.

Freelancers are a growing part of the workforce. A recent survey by the Freelancers Union shows as many as 55 million Americans were freelancers in 2016. Companies are growing their contingent workforces. Some experts say other state and local governments could use the New York City act as a model for their own legislation.

Companies that are part of this growing gig economy need to have the right tools to stay in compliance.

You can read the full text of the act here.

Compliance Corner is a new feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best.