Legal Implications of Remote Work in the COVID-19 Era (In the Workplace 2021)

For many employers, the pandemic has meant transitioning from the traditional office work environment to a remote home-space workplace. As of mid-2020, the number of full-time U.S. remote workers had increased more than 40% compared to pre-COVID times, according to the Stanford Institute for Economic Policy Research.

It appears the transition generally has been smooth for most employers from a productivity perspective, and employees seem to have adjusted well to working from home. According to a recent Gallup poll, nearly two-thirds of employees who have worked remotely during the pandemic would like to continue doing so, which may be possible given that some major U.S. companies like Facebook and Microsoft plan to make working from home, at least part-time, a permanent option for most employees.

Even if working from home won’t be a permanent option for your employees, it looks as though remote work will remain the norm for the foreseeable future. But like so many things pandemic-related, remote work presents a host of legal challenges for employers to consider. In making sure your remote workforce remains healthy and productive, here are some key legal issues to think about:

Determining who should be allowed to work remotely. Analyze what work can be done remotely and what criteria should be applied when selecting which employees can work remotely.

The criteria should be objective, based on legitimate business reasons, and applied consistently to avoid claims of illegal discrimination and/or retaliation.

Also, consider any request to work remotely due to a medical condition as a request for an accommodation and be prepared to engage in the interactive process under the Americans with Disabilities Act, even if you don’t have a remote work program in place or if the requesting employee’s position does not meet your criteria for remote work.

Dealing with out-of-state remote workers. Be mindful of other states’ legal requirements for conducting business. For example, some states require a higher minimum wage than others and require employers to reimburse employees for any home office expenses.

(In the absence of a state-specific law, employers are subject to the Fair Labor Standards Act when it comes to business-related expenses and are prohibited from requiring any direct payments or reimbursements for such expenses if doing so would cause an employee’s wage rate to fall below the required minimum wage or overtime pay threshold.)

Some states may also have more expansive civil rights protections for employees as well as unpaid and paid leave rights.

In addition, there are tax considerations to evaluate. Some states may require employers to withhold unemployment and state income taxes in the state where the employee is located instead of the state where the employer’s home office is located. In some situations, remote employees may be subject to income tax in both the state they reside and the state in which their employer operates.

Finally, a lot of states’ requirements for unemployment insurance and workers’ compensation coverage depend on how many workers a company employs. And states vary on whether out-of-state employees are counted in the minimum requirement count for compliance.

Protecting company data. Employers are not only dealing with customer and client data, they are gathering employee medical information at an all-time high. With employees spread across the workplace and the community using both company and personal devices, the need for proper data and cybersecurity practices is critically important — this requires a team effort between employees and the IT department.

Employers should stay vigilant on the latest happenings from bad-faith cyber actors. The Cybersecurity & Infrastructure Agency and a combination of national and international organizations have been regularly releasing alerts on security issues, vulnerabilities, and exploits during the pandemic.

Employers may also want to strengthen email and phishing attack precautions by using simulated platforms to test employees on identifying dangers, and make sure employees are using best practices, such as:

Reporting anything suspicious to the IT department;
Ensuring Wi-Fi routers and all devices are protected by a strong password and the latest encryptions;
Regularly changing passwords and making them more complex;
Avoiding public Wi-Fi;
Exercising caution when opening attachments or clicking links from unfamiliar senders or websites;
Trusting only well-known sources for information on COVID-19 as fake donation websites and email addresses are being used to steal passwords and financial information; and
Not sending sensitive corporate data to personal email or cloud accounts and not allowing family members to access company systems or devices.

Avoiding common remote work-related wage and hour issues. It is more important than ever to ensure that your employees are properly classified as exempt or non-exempt.

For exempt remote workers, keep in mind that their classifications depend on whether they meet the minimum salary threshold of $684/week and the primary duty test for the specific exemption under which they are classified (which requires an analysis of actual job duties performed).

Also, exempt workers generally are entitled to a full week’s salary for any week in which they perform any remote work. Before deducting an exempt remote worker’s weekly salary, remember that an employer can lawfully do so in only a few limited circumstances.

Non-exempt remote workers are entitled to pay for hours actually worked (including unscheduled hours and/or unauthorized overtime work), so their accurate recording of all hours worked is critical. Employers should clearly communicate in writing that off-the-clock work, underreporting of hours and unauthorized overtime are strictly prohibited. Also, educate and train managers on the company’s timekeeping and pay policies, as well as on monitoring potential wage and hour issues.

Finally, if the paid leave provisions of the Families First Coronavirus Response Act are supplemented and extended past their original end date of Dec. 31 (as we expect them to be), keep in mind that employees who are unable to work or telework due to COVID-19 related reasons may qualify for paid leave benefits.

Making sure that remote employees are working. Technology provides many monitoring tools that can be both beneficial to employers and employees alike. Not only are employers able to monitor the handling of confidential and proprietary information, but they are able to monitor productivity to identify peak productivity and efficiency levels and aid in scheduling adjustments.

As a result, efficient and productive workers that may have gone unseen may be put in place for promotion. Some of the types of monitoring software used include spyware and keylogging. This software allows employees to monitor computer activity including internet activity and keystrokes.

The monitoring, however, may implicate privacy concerns and laws, including:

Social media laws (including in Arkansas) that prohibit employers from requesting employees’ login information for social media sites. While monitoring may not be considered a request, looking at the features of a software like keylogging, employers are able to gather private account credentials or confidential communications.
Privacy laws (both federal and state) may be implicated when monitoring and recording telephone conversations, Zoom and Teams calls, emails, and internet usage outside of legitimate business purposes.
Health-related laws (i.e., the ADA, HIPAA, Genetic Information Nondiscrimination Act) may be implicated if employers come across confidential medical and health information while monitoring remote workers.
Employers may come across employee personal financial information that could implicate credit protection laws that prohibit employers from making decisions based on an employee’s poor credit and payment history in certain situations.
The traditional tort of invasion of privacy as employees have a reasonable expectation of privacy in certain situations.

An employer’s best practices in monitoring remote workers include:

Disclose monitoring to employees — this helps build trust and removes employees’ reasonable expectation of privacy which forms the basis for invasion of privacy claims;
Manage expectations — employers should not expect employees to work every single second of every single day;
Conduct monitoring equally and consistently — also make sure to avoid committing any retaliatory-motivated actions based on information discovered through monitoring; and
Be prepared to investigate — this includes any nonperformance, irregular activity, malicious insiders, harassment, etc. that may be discovered through monitoring.

Preventing virtual/remote harassment. Employers’ anti-harassment policy (and standards of conduct) still applies when employees are working remotely. Although harassment typically brings to mind inappropriate physical touching or verbal remarks in an in-person workplace, a hostile work environment certainly can exist in a virtual one. And, given that physical distance may embolden some workplace harassers, employers may need to be extra vigilant when it comes to virtual harassment, which can range from cyberbullying via email, text or private group chat; verbal bullying (e.g., raised voice, humiliation, snarky comments, etc.) in virtual meetings; and inappropriate comments or conduct during virtual meetings.

Employers should review (and revise if necessary) their existing anti-harassment policies to ensure that they cover conduct expressed through virtual mediums and communication, and also train managers to look for signs of virtual/remote harassment (e.g., an employee who becomes uncharacteristically withdrawn on Zoom, offensive décor or photos in an employee’s workspace that is visible on video calls, etc.). In addition, even if done virtually/remotely, all reports of harassment should be promptly and thoroughly investigated.

Handling remote worker injuries. Under most workers’ compensation laws, employers may be liable for injuries that employees suffer while working from home.

For instance, Arkansas’ workers’ compensation laws generally apply to all legitimately injured workers who suffer an injury or disease arising out of and in the course of their employment. According to the Occupational Safety and Health Administration, an injury is considered work-related if it occurs at home while performing paid work directly related to the performance of the work, rather than to the general home environment.

On the whole, it may be more challenging to try to determine if an injury sustained by an employee working from home is the result of his or her employment because the lines can be blurred between what activities at home should be considered work-related as opposed to normal day-to-day activities. For example, courts in Oregon and Florida have dealt with trip-and-falls involving home pets and come to different conclusions as to whether the injury arose out of and in the course of employment.

In order to minimize exposure to claims for injuries, employers may want to consider:

Requiring written authorization before an employee can work remotely;
Updating and maintaining accurate employee job descriptions and expectations;
Having employees define their home office space;
Providing employees with information and training about setting up safe workstations;
Providing a safety checklist;
Requiring all remote workers to record and maintain detailed time records, including detailed records of meal breaks and other personal breaks; and
Having employees report any injuries immediately. (With employees at home, it is likely that there will be no other witnesses, so timely reporting is paramount to help ensure that the most accurate version of events is documented.)

Implementing remote work policy changes. Employers should have a written remote work policy in place and periodically review/update the policy on an as-needed basis. Remote workers should acknowledge the policy along with any updates, and managers should be trained on the policy, which should cover at a minimum the following topics: