There are lots of reasons to love Colorado – the sunshine, the mountains, Colfax Avenue and all its splendid weirdness, just to name a few. While those things are all great, the coolest thing about Colorado is that it’s leading the way in innovative uses of the cooperative structure, in no small part thanks to our incredibly flexible cooperative statutes. Any business can be a cooperative in Colorado. This means that when we talk with a new client about entity formation, in addition to discussing the merits of traditional business structures, we also get to educate them about cooperatives and help them decide if it might be the right structure for them. While that in itself is pretty cool, Colorado is one of the few states that has adopted the Uniform Limited Cooperative Association Act (“ULCAA”). The ULCAA gives cooperatives the flexibility that is most commonly associated with LLCs, including having investors that exclusively make capital contributions. Having an investor member class can make the cooperative structure feasible for companies that would normally have to forgo it because they need to raise outside capital on more flexible terms. As lawyers, this means we get to collaborate with our clients and come up with creative solutions for structuring the investor class, creating profitable exits when there is no public offering or sale on the horizon, and attracting investors – all while keeping the cooperative mission at the forefront. Basically, it equates to a lot of intellectual gymnastics and brainstorming sessions, which is when being a lawyer is the most fun and where we offer the most value to our clients. If I’ve piqued your interest, my colleagues, Linda and Jason, have written a wonderful blog that breaks down in more detail why Colorado is leading the way in cooperative law. A big thank you to Fifty by Fifty for publishing the blog and producing great content to advance employee ownership.
On May 25, 2018, the European Union’s new data protection legislation, the General Data Protection Regulation (GDPR), will take effect. This law heralds a new era of rigorous data privacy and security and makes data privacy a fundamental right for EU citizens. Of course, all EU companies and many multinational companies doing business in the EU have to be fully compliant with this legislation on Friday. What is important to note is that some U.S.-based businesses, even those without employees or offices within the EU, may also be required to comply with the GDPR.
Does my U.S.-based business need to comply with this law?
If your business processes and/or holds personal data of individuals residing in the EU (including employees) or you are marketing/selling products to consumers in the EU, then your business must comply with GDPR. In a broad sense, the GDPR requires businesses to understand what data they are collecting, be able to articulate why they are collecting it and which of the six categories of lawful processing its purpose falls into, what the business’s strategy is in the event of a data breach, what the timeline for retention of personal data is, and how such data is destroyed when the purpose for collecting and retaining the data no longer exists. There is a record keeping exception that companies with less than 250 employees may qualify for.
But what is ‘personal data’ and what do you mean by ‘processing’?
‘Personal data’ is any information related to a person that could be used to identify such a person. This includes the person’s name, identification number, location data or online identifier, email addresses, bank information, social media posts, or other factors specific to the physical, genetic, physiological, economic, mental, cultural, or social identity of that person. The EU is taking a very broad approach to defining ‘personal data’ so it is best to consider almost any information you collect about an EU citizen to be personal data.
‘Processing‘ means any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.
Most, if not all of us, have a website and if a German resident stumbles upon our website, the GDPR will likely not apply just because that person found the website. However, if you are actively encouraging EU residents to visit your website, ship your products to the EU, market or translate your webpage in a language of an EU country, or if you engage with EU residents and process their personal data in any other way (for example track and collect information on webpage users from the EU to analyze online behavior), the GDPR may be applicable to your business.
The GDPR requires all businesses to protect the personal data of EU citizens, and specifically prescribes how this should be done.
How do I ensure compliance before May 25?
There is a “quick fix” that you can implement before Friday: add a ‘cookie banner’ to your website that allows your business to ask permission before processing an EU resident’s data and also allows you to stop collecting data from any IP address from an EU country if they do not consent.
For the permission or consent to be valid in terms of GDPR, be sure not to use legal jargon or to bury the consent in fine print. Consent needs to be specific, in plain language, explain what you will be using the personal data for, and positive (i.e. the person must opt in to allow you to process the data).
Is there more to it?
Yes, the GDPR’s requirements are far-reaching and ensuring full compliance may take a bit more time.
One of the biggest and most important tasks is to map your data, i.e. figure out what personal data you store and collect in your databases (online, on computers, tablets and phones, and on paper), how that data is being used, and how long the data is being stored.
Once you have an idea of your data collection and retention practices, you need to determine what data relates to EU residents.
All EU residents need to consent (i.e. opt in) to your processing of their data, so the business will have to reach out to these residents to obtain consent or, alternatively, destroy the data.
What if my business doesn’t comply?
The penalties for non-compliance are quite steep: 4% of your company’s worldwide annual turnover of the preceding financial year or € 20 million, whichever is greater, for serious infringements of the GDPR; 2% or € 20 million, whichever is greater, for less serious infringements.
Contact us to schedule a consultation.
Tonya Price (email@example.com)
Francisca Pretorius (firstname.lastname@example.org)
Are you following Colorado law when it comes to paying for vacation time when an employee leaves your company? What if you lump together vacation time, sick time and other time off into “Paid Time Off” (PTO)? What follows is a discussion of whether your current employee policies regarding PTO are following Colorado law, especially with regard to the limitation on the amount of time an employee can accrue PTO.
Colorado law states that employers do not have to offer their employees paid time off for vacations or sick leave. If you do offer vacation time or PTO and employee leaves, you are expected to pay the employee for any time that has “accrued”. So what happens if you have great employees who never take vacation? You are allowed to place restrictions on the amount of vacation pay an employee receives. For example, an employee earns 10 days a year of PTO. But the employee only uses 5 days and the other 5 days get forwarded to the next year. You can create a policy that an employee cannot accumulate more than 20 days of PTO. The Courts look at vacation time as a contract issue between a company and its employees. An employee handbook acts as a contract for purposes of this discussion. The Colorado Department of Labor provides: “An employer may establish a vacation policy in writing or by custom and practice. Employees must be made aware of the employer’s policy. Employers and employees must follow established policy unless and until that policy is changed.”
So, as an employer, you can provide in your employee handbook that an employee can accrue no more than 3 years of PTO (or a certain number of days). You have to make sure your employees are aware of the policies and usually employees sign acknowledgements that they have received copies of the handbook.
Here’s another example. Say an employee earns PTO each week. In other words, depending on seniority (some earn more PTO than others), an employee receives at least 3 hours each pay period for PTO. Putting a restriction on the amount of PTO time that can be accumulated is perfectly within the right of your company. A court case from 1998 that has not been overturned or received negative treatment has discussed this issue (City of Lamar v. Koehn, 968 P.2d 164 (Colo.App. 1998)). The case determined whether vacation time was to be included in the definition of “wages” for purposes of workers compensation. The Court state the following:
Both vacation and sick leave were subject to forfeiture if claimant accrued a specified maximum number of leave days. However, claimant did not forfeit any vacation leave under this policy and was paid his full entitlement. [The reason he did not forfeit any vacation was because he had not yet reached the maximum number of leave days.]
In this case, the Court discussed a prior decision where vacation time was looked at as a type of leave that had a reasonable, present-day, cash equivalent value, and that claimant had a reasonable expectation of receiving the benefits under appropriate reasonable circumstances. However, this Court found that because the employer policy had vacation time as capped and subject to forfeiture, it was not proper to be included in the definition of “wages” for determining workers compensation benefits.
Colorado wage law states that vacation pay (which would include PTO for purposes of this discussion), earned in accordance with the terms of any agreement, is classified as wages or compensation. If an employer provides paid vacation (or PTO) for an employee, the employer must pay, upon termination of employment, all vacation pay earned and determinable in accordance with the terms of any agreement between the employer and the employee. So take a look at your vacation and PTO policies. Are they similar to the following?
PTO Yearly Carry Over
Employees may carry up to two full years of accrued PTO leave into the following calendar year. This will allow employees the benefit to carrying up to three (3) years accrued PTO in their PTO banks. Any overage of PTO at the end of the year will be forfeited.
Payment for PTO Overages
If an employee accumulates more than 3 years of PTO and a calendar year is ending within 30 days, PTO for the final two pay periods of the calendar year shall be adjusted such that an employee can only earn 25% of the PTO that has accumulated over the 3-year cap for PTO for that employee. There will be no further accruals of PTO following the end of the calendar year until employee uses some of the accrued PTO. Upon retirement, termination or death during the year, the employee or his or her heirs or estate shall be paid for any accrued, but unused PTO.
The carry-over provisions in the second paragraph above may be a little complicated but they are perfectly within an employer’s rights. The company can cap vacation and PTO time to three years. This prevents a huge buildup of a company liability that will be incurred when an employee leaves the company. If an employee is not taking their earned PTO during the year, then management needs to encourage or force time off for those employees.
This is just one example of how employers can create vacation or paid time off benefits for their employees but everyone should be aware of the responsibilities employers have for properly structuring their vacation policies. Please give us a call if you would like us to review your employee manuals or handbooks about this issue.
I went to law school because I wanted to make a difference. Initially, I though I would focus on environmental issues, but through a variety of courses and internships, my focus shifted to economic inequality and access to justice. This new focus piqued my interest in how technology could expand access to legal services and led me to Michigan State University College of Law’s LegalRnD program. The program offers several courses, and as a 3L I took a course call Litigation: Data, Theory, Practice and Process, with Daniel W. Linna Jr. I had no idea what to expect, but I was excited for a hands on, practice focused class. I was not disappointed; Professor Linna introduced new concepts and challenged the traditional ideas about legal services throughout the class. We experimented with several process improvement techniques including Lean Six Sigma, Kanban Boards, design thinking, and process mapping as tools to solve for inefficiencies in legal processes. He challenged us to think about legal issues and client needs from a process point of view and was constantly asking how our proposed improvements would add value for clients. By understanding the process, we could remove most of the inefficiencies without technology and when we did employ technology, we had a crystal-clear understanding of why it was necessary and how it improved the process.
As part of the class we were asked to re-imagine a legal process and automate it using ThinkSmart’s (a legal software developer) legal workflow automation tool, TAP. I chose to create a new system for referring pro bono work to attorneys. I created an automated workflow that aggregated attorneys’ availability for pro bono work, areas of legal expertise, contact information, and location into a database that would be hosted by the State Bar Association. The rest of the process is automated with inputs from legal aid offices looking to refer clients out and attorneys in the State Bar database. ThinkSmart spotlighted the project on their blog in February.
I’ve carried many of the skills I learned in the Litigation course into my daily practice. I look forward to continuing to leverage process improvement and technology to deliver better services to our clients, create organizational documents that are legally sound and user friendly, and to evolve the practice of law for the 21st century.