A heartfelt THANK YOU to our amazing clients, stakeholders, and extraordinary employees for voting Vida HR:
#1 "Best HR Firm,"
#1 "Best Place to Work,"
#1 "Best Private Sector Employer"
in Colorado Springs Business Journal Best in Business 2023!
To our incredible clients and stakeholders:
Your trust and partnership have propelled us to new heights. We're grateful for the opportunity to serve you and exceed your expectations.
And to our exceptional employees:
You are the heart and soul of Vida HR! Your passion, teamwork, and dedication have created an exceptional workplace. This recognition is a tribute to your talents and hard work!
Thank you for being part of the Vida HR family!
By: Debra Fowler, SHRM-CP
Director, Compliance & Policy
Colorado’s Healthy Families and Workplaces Act (HFWA) was amended by Senate Bill 23-017 during Colorado’s most recent legislative session.
Effective August 7, 2023, employees will be able to use their protected paid sick leave hours (or HFWA-compliant PTO hours, if applicable) for additional reasons, which include the following:
To grieve, attend a funeral/memorial, as well as address financial and legal matters that occur after the death of a family member
Care for a family member whose school or place of care has been closed due to an unexpected event, such as inclement weather or a power outage
Evacuate their residence due to inclement weather, power outage, loss of heat or water, or any other unexpected occurrence that results in the need to evacuate the employee’s residence.
These additional HFWA-qualifying reasons fall under the same protections as other HFWA-qualifying reasons, which is the right to take leave with full pay, and return to work, without negative consequences:
Pay must be given for all time on leave, without extra delay, and at the same pay rate as time worked
Absences for HFWA-qualifying reasons must not be counted against employees as absences that that may lead to firing or other negative action
Employees have a right to return to work, without retaliation, or other acts interfering with taking leave and return
Remember, Colorado employers have an obligation to notify employees of their right to take paid leave under HFWA, including the reasons for taking leave which are protected under HFWA. To meet this obligation, Vida HR highly recommends an update to your employee handbook to add these additional reasons for HFWA leave, but also to send your employees an email or memo, or schedule a call, to explain these new rights.
We anticipate CDLE will provide an updated Paid Leave and Whistleblower Rights poster in the coming months. When this is available, we will send out the updated poster information.
For questions about this update to HFWA or to inquire about a handbook revision, contact Vida HR today!
By: Sean Hansen
HR Compliance Coodinator
We touched on Controllers last time, but in case you forgot (and who could blame you), a ‘Controller’ is defined as a person or business, whether alone or jointly with others, that determines the purposes for and means of processing personal data. For example, retail outlets like Target collect consumer data when they make purchases, so they would be considered a Controller.
A Controller is held responsible under the CPA if they meet two requirements.
First, they have to conduct business in Colorado, or at least produce or deliver commercial products and/or services that are intentionally targeted to residents of Colorado.
Secondly, they have to meet one or both of two thresholds, those being:
They control or process the personal data of 100,000 consumers or more during the calendar year, and/or,
They derive revenue (or receive a discount on the price of goods and services) from the sale of personal data, and they also process/control the personal data of 25,000 consumers or more.
Now that we have the definitions out of the way, let’s move on to what Controllers are required to do under the CPA.
Everyone has probably experienced going to a website, downloading an app, or something along those lines and getting some sort of privacy notice or terms of conditions. Often times it can feel like we should be asking for a lawyer, and that’s exactly what the CPA is trying to curb. Controllers now have a duty to provide consumers with a privacy notice that is ‘reasonably accessible’ and ‘clear and meaningful’.
In order to meet that obligation,
a privacy notice has to include the following information:
Categories of personal data collected and/or processed (for example, ‘payment information’, ‘contact information’, or ‘government-issued identification’).
The purpose(s) for why the personal data is being processed. This has to provide the consumer with an understanding for each category of personal data collected.
How the consumer can exercise their rights. This has to include a Controller’s contact information, to allow for the consumer to exercise their right to appeal.
If the Controller shares personal data with third parties, they must state what categories of personal data is shared with them.
If the Controller shares personal data with third parties, they must also state what categories of third parties they share with (for example, ‘data brokers’, ‘third party advertisers’, or ‘analytic companies’).
If the Controller sells personal data, or uses it for targeted advertising, the Controller must ‘clearly and conspicuously’ disclose this information in the privacy notice, as well as a way for the consumer to opt out of the sale.
If the Controller is using the personal data for the purposes of profiling, they must make the required disclosures (see our previous article).
A list of all consumer data rights.
A description of how consumers may submit requests to the Controller in order to assert their data rights, including
Instructions for the process(es) of submitting requests.
Instructions about how an authorized agent can opt out on a consumer’s behalf.
A clear method to opt out of a consumer’s data being processed.
The date the privacy notice was last updated.
What all this means is that these privacy notices have to be clear and accessible for consumers, as well as inform them on how a Controller will be using their information. They also have to inform consumers about the rights they have under the CPA and how they can use them. Controllers also cannot engage in ‘dark patterns’, which we defined in our last article. To summarize, it’s a user interface specifically designed to manipulate a user. There are a lot of manipulative practices that fall under a ‘dark pattern’. If you don’t know what rights consumers have under the CPA, or need a refresh on dark patterns, check out our article we published about it: HERE
One of the ways the CPA sets out to provide transparency about personal data is ensuring that all disclosures, notifications, and other communications to consumers is understandable to everyone. To do this, communications must be designed around the target audience, considering their vulnerabilities, especially if they are children. Controllers need to avoid language that is not straightforward or that is legal jargon. Any language that is written or presented in a way that is unfair, deceptive, false, or misleading is not allowable.
They also need to be, within reason, accessible to those with disabilities. Controllers should follow the industry standards when it comes to accessibility.
Communications should also come in any language that the Controller provides web pages, disclaimers, contracts, and other information in. For example, if you provide an option for consumers to receive information in Spanish, your disclosures should also come in Spanish.
The Controller has an obligation to provide a readable disclosure across all devices the consumer may regularly interact with them on. This depends on your business, but for example this may mean you need to make sure it is readable on a phone, tablet, or computer.
Specify what purposes they are collecting processing personal data for.
To minimize the data collected. This means the personal data they collect must be relevant and limited to only what is reasonably necessary to fulfill the Controller’s purpose
The Controller cannot process personal data that is not reasonably related to their purpose, unless they first obtain a consumer’s consent.
Take reasonable measures to secure personal data against unauthorized access. Specifically, the measures have to be appropriate relative to the volume and scope of the personal data being processed.
In this same vein, they must also implement appropriate technical and organization measures on a level that is appropriate to the risk. They must also have a clear allocation of responsibilities for each Controller or processer to implement said measures.
Controllers cannot violate any state or federal law relating to discrimination when collecting or processing personal data.
Sensitive data cannot be processed without first obtaining consent (Sensitive data is defined as personal data that reveals racial or ethnic origin, religious beliefs, a mental or physical health condition/diagnosis, sex life/sexual orientation, citizenship/citizenship status, genetic or biometric data that can be processed for the purpose of uniquely identifying an individual, or personal data from a known child).
Good news – you can offer PTO to your employees to satisfy the Colorado Healthy Families and Workplaces Act (HFWA) without having to add a separate paid sick leave bank.
CDLE’s website states (https://cdle.colorado.gov/hfwa):
Paid leave in a PTO policy, or a Collective Bargaining Agreement, can satisfy HFWA, if it covers all the same conditions or needs, at the same pay rate, and with no tougher requirements (documentation, notice, etc.) than HFWA (see Colorado Wage Protection Rules, specifically Rules 3.5.4 and 3.5.8).
What this means is that you can use your PTO policy for paid sick leave as long as it meets the minimum requirements of HFWA, which include accruing a minimum of one hour for every 30 hours worked (on regular and overtime hours), allowing employees to access their leave for HFWA-qualifying reasons without any repercussions, keeping the same documentation and notice requirements, and paying employees their paid sick leave hours at their regular rate of pay.
One thing to keep in mind is that in Colorado, PTO, just like Vacation, is required to be paid out at time of separation, whether voluntary or involuntary. If you decide to use PTO to satisfy the HFWA paid sick leave requirements, these hours are also required to be paid out at time of separation and are required to carry over from year to year. A bank of paid sick hours is not required to be paid at separation but is required to carry over up to a minimum cap of 48 hours*.
Combining paid sick leave and PTO/vacation can be one way to allow employees flexibility in how they use their paid leave for whatever purpose they choose – including HFWA-qualifying reasons. It can also simplify the paid leave administration for the employer, as you only have to track one policy.
Employers that want to implement a combined PTO policy should be aware of specific state regulations, like in Colorado, which prohibits the forfeiture of accrued PTO. This means if employees accumulate PTO hours under a PTO policy, you’ll want to consult with Human Resources if you want to make changes to your paid leave structure in the future.
*HFWA encourages employers to be more generous with paid sick leave, whether under a paid sick leave bank or PTO bank, the minimum cap allowable under the law is 48, but employers can allow employees to accrue at a higher rate per hour worked and can have a higher cap than the minimum
I’ve worked for Vida HR for 8 months as a Benefits Administrator. My PI profile is Artisan, which means I am very analytical and collaborative! My career started in recruiting for a staffing agency in my hometown of Fremont, Ohio. I quickly realized I enjoyed the human resources area of my job the most and wanted to pursue more in that field. As luck would have it, an HR Manager at a local manufacturing company was retiring and she wanted me to be her replacement and the rest is history, HR became my new career path. Along the way, I gravitated toward benefits and had an opportunity to work from home focusing on benefits and here I am today.
A little about me:
I live in a small town in Ohio, population of 2400 people and love feeling safe enough to let my children wander the streets like I did as a child. I have been with my fiancé for 6 years this July. We have 5 children between us, I have two girls, 20 and 14 and he has 3 boys, 28, 22 and 16 and a new grandson born on 6/15/2023. We also have an almost 2-year-old dalmatian named Pierce and two cats, Tiggs and Nova. In our free time in the summer, we are on the lake boating and swimming or spending the day on our local islands exploring new things. In the winter, we hibernate or attend the kids’ sporting events.
.png){kind=small}
