Tag: CRA

OSHA Issues Final Rule on Personal Protective Equipment for Construction Workers, but It Could Start Back at Square One

On December 11, 2024, the Occupational Safety and Health Administration (OSHA) issued a statement that it had finalized a rule amending 29 C.F.R. 1926.95(c) to require construction employers to make personal protective equipment (PPE) available that “properly fits” their employees.

Quick Hits

  • On December 11, 2024, OSHA finalized a rule requiring construction employers to provide properly fitting PPE, effective January 13, 2025, though it faces potential rollback due to political opposition.
  • The new OSHA rule aims to address PPE fit issues, particularly for smaller workers and women, but lacks clear guidance on defining “properly fitting” PPE, causing industry concern.
  • Despite OSHA’s assertion that the term “properly fits” is sufficiently clear, industry feedback highlights the need for more detailed regulatory text and clarification on compliance.

The regulation was published in the Federal Register on December 12, 2024The added language to the construction standard mirrors the current PPE fit requirements found in the general industry and shipyard standards. In OSHA’s notice of proposed rulemaking (NPRM) issued on July 20, 2023, the agency set a comment period on the proposal through September 18, 2023. During that period, comments from industry skeptics and supporters alike mirrored those previously seen.

OSHA reiterated its primary claim that PPE that does not properly fit is an issue for “smaller construction workers,” particularly women, and that implementation of the standard could increase productivity and expand the market for differently sized PPE. Many supporters of the regulatory change submitted comments reflecting that female employees praised the change and bemoaning instances of working with improperly fitting PPE. The preamble highlighted instances in which female employees had created improvised PPE when their PPE did not properly fit.

The industry’s comments acknowledged the essential nature of PPE for all employees while also continuing to express concern about the lack of clarity and guidance on how this rule would be actually implemented by employers. The core of the industry’s concern remained that the rule creates a requirement that an employee’s PPE must “fit properly” but it does not provide an explanation for how “properly fitting” PPE will be defined. Many comments highlighted this hole would create a significant opportunity for employees to complain about whether the provided PPE “properly fit” them if the PPE was simply uncomfortable. There is also no guidance on what factors employers or OSHA’s investigators should consider when evaluating whether PPE properly fits and employee and is therefore compliant with the standard.

OSHA previously dismissed this issue, stating that “employers in general industry have had no issue understanding the phrase ‘properly fits’ with regard to PPE.” The preamble reflects that several commentors requested more detailed regulatory text and clarification of responsibilities and some included recommendations. The American Industrial Hygiene Association (AIHA) recommended an operational definition for compliance, while the National Institute for Occupational Safety and Health (NIOSH) agreed with OSHA but noted the term was not universally understood. Other comments highlighted the need to consider how the body changes during pregnancy in the determination of whether PPE “properly fits” but did not suggest a specific definition for the phrase.

Ultimately, OSHA came to the same conclusion as before that the phrase “‘properly fits’ provides employers with enough information that they can select PPE for their workers that will adequately protect them from the hazards of the worksite without creating additional hazards.” OSHA pointed to the minimal confusion in other sectors and few citations for improperly fitting PPE as a suggestion that most employers can comply with the standard using the phrase “properly fits” without a definition.

We previously warned that this lack of clarity would mean that employers would still have to determine whether the range of sizes they offer would comply with the requirement for properly fitting PPE. One question to resolve is whether the “universal fit” of the PPE would assist with compliance. OSHA did note in a footnote in the preamble that one comment included an objection to the term “universal fit” arguing that “[n]o PPE is universal fit, even the most adjustable PPE may not fit workers on the extremes of anthropometric data.”. In light of this comment, OSHA acknowledged that:

[A]t the tail ends of the distribution of human variation, some adjustable PPE will not fit. For the purposes of this analysis, however, OSHA maintains that some items of PPE that come in standard, adjustable sizes will fit nearly all individuals working in the construction industry and so maintains this designation for a limited number of items in this analysis.

While this does mean employers can use the “universal fit” as a blanket mode of compliance with the standard, OSHA’s comment indicates that use of “universal fit” should allow compliance with “nearly all individuals working in the construction industry[.]”

Ultimately, while this rule remains a likely rollback priority for the second Trump administration, employers should still be mindful of the January 13, 2025, effective date.

© 2024, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
For more on OSHA, visit the NLR Health Law Managed Care section

CFPB Takes Aim at Data Brokers in Proposed Rule Amending FCRA

On December 3, the CFPB announced a proposed rule to enhance oversight of data brokers that handle consumers’ sensitive personal and financial information. The proposed rule would amend Regulation V, which implements the Fair Credit Reporting Act (FCRA), to require data brokers to comply with credit bureau-style regulations under FCRA if they sell income data or certain other financial information on consumers, regardless of its end use.

Should this rule be finalized, the CFPB would be empowered to enforce the FCRA’s privacy protections and consumer safeguards in connection with data brokers who leverage emerging technologies that became prevalent after FCRA’s enactment.

What are some of the implications of the new rule?

  • Data Brokers are Now Considered CRAs. The proposed rule defines the circumstances under which companies handling consumer data would be considered CRAs by clarifying the definition of “consumer reports.” The rule specifies that data brokers selling any of four types of consumer information—credit history, credit score, debt payments, or income/financial tier data—would generally be considered to be selling a consumer report.
  • Assembling Information About Consumers Means You are a CRA. Under the rule, an entity is a CRA if it assembles or evaluates information about consumers, including by collecting, gathering, or retaining; assessing, verifying, validating; or contributing to or altering the content of such information. This view is in step with the Bureau’s recent Circular on AI-based background dossiers of employees. (See our prior discussion here.)
  • Header Information is Now a Consumer Report. Under the proposed rule, communications from consumer reporting agencies of certain personal identifiers that they collect—such as name, addresses, date of birth, Social Security numbers, and phone numbers—would be consumer reports. This would mean that consumer reporting agencies could only sell such information (typically referred to as “credit header” data) if the user had a permissible purpose under the FCRA.
  • Marketing is Not a Legitimate Business Need. The proposed rule emphasizes that marketing is not a “legitimate business need” under the FCRA. Accordingly, CRAs could not use consumer reports to decide for an advertiser which consumers should receive ads and would not be able to send ads to consumers on an advertiser’s behalf.
  • Enhanced Disclosure and Consent Requirements. Under the FCRA, consumers can give their consent to share data. Under the proposed rule, the Bureau clarified that consumers must be provided a clear and conspicuous disclosure stating how their consumer report will be used. It would also require data brokers to acknowledge a consumer’s right to revoke their consent. Finally, the proposed rule requires a new and separate consumer authorization for each product or service authorized by the consumer. The Bureau is focused on instances where a customer signs up for a specific product or service, such as credit monitoring, but then receives targeted marketing for a completely different product.

Comments on the rule must be received on or before March 3, 2025.

Putting It Into Practice: With the release of the rule so close to the end of Director Chopra’s term, it will be interesting to see what a new administration does with it. We expect a new CFPB director to scale back and rescind much of the informal regulatory guidance that was issued by the Biden administration. However, some aspects of the data broker rule have bipartisan support so we may see parts of it finalized in 2025.

Listen to this post

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.
For more on the CFPB, visit the NLR Financial Institutions Banking section

LinkedIn, the Fair Credit Reporting Act, and the Real-World Implications of Online Activity

With the ever-increasing amount of information available on social media, employers should remember to exercise caution when utilizing social media as a part of their Human Resources/ Recruitment related activities. We live in a digital-age, and how people choose to define themselves is often readily showcased on social networking sites. Whether – and how – employers choose to interact with the online presence of their workforce will continue to develop as the relevant legal standards try to catch up.

A recent federal court filing in the Northern District of California against LinkedIn Corp. provides yet another example of the growing interaction between online personas and real-world employment law implications. There, in Sweet, et al v. LinkedIn Corp., the plaintiffs sought to expand the application of the Fair Credit Reporting Act (“FCRA”) by alleging that LinkedIn’s practice of providing “reference reports” to members that subscribe to LinkedIn’s program for a fee, brought LinkedIn within the coverage of the FCRA as a Credit Reporting Agency (“CRA”). Briefly, the FCRA (and relevant state statutes like it) imposes specific requirements on an employer when working with “any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.” In other words, there are rules – such as providing requisite disclosures and obtaining prior authorization – that apply when an employer engages a CRA to perform background checks, reference checks and related inquiries.

In the lawsuit, the plaintiffs alleged that LinkedIn was a CRA – and that these various rules should apply – because LinkedIn collected and distributed consumer information to third parties and the resulting reference reports “bear on a consumer’s character, general reputation, mode of living, or personal characteristics, and/or other factors listed in 15 U.S.C. § 1681a(d).” Further, according to the complaint, LinkedIn violated the FCRA because it should have provided FCRA compliant disclosure and followed the reporting obligations applicable to CRAs.

LinkedIn, which is touted as the “world’s largest professional network,” does not portray itself as a CRA and moved to dismiss the complaint. LinkedIn argued that the plaintiffs’ interpretation of the statute was too broad and, moreover, was inconsistent with the facts. A federal judge agreed and dismissed the complaint (although the plaintiffs have the opportunity to file another complaint). The Court ruled that these reference searches could not be considered “consumer reports” under the law – and LinkedIn was not acting as a CRA – because, in part, the plaintiffs had voluntarily provided their information to LinkedIn with the intention of it being published online. (The FCRA excludes from the definition of a consumer report a report that contains “information solely as to transactions or experiences between the consumer and the person making the report.”) The Court also noted that the allegations suggested that LinkedIn “gathers the information about the employment histories of the subjects of the Reference Searches not to make consumer reports but to ‘carry out consumers’ information-sharing objectives.’”

The LinkedIn case should still serve as a reminder of several important and interrelated trends. First, as it concerns the FCRA, the statute is broadly worded to cover “any written, oral or other communication of any information by a consumer reporting agency . . .” and the equally expansive definition of a CRA can apply in numerous situations that extend beyond the traditional notion of a consumer reporting agency. If applicable, the requirements of the FCRA must be followed. Second, employers need to continue to be mindful of the fact that their online activity can have real-world employment law implications. Third, as the law governing traditional employment law continues to evolve in response to online developments, the challenges to that activity will evolve as well.

Authored by: Ian Gabriel Nanos and Maxine Adams of Epstein Becker & Green, P.C.

©2015 Epstein Becker & Green, P.C. All rights reserved.