An amendment to the Illinois Equal Pay Act (“Illinois EPA”) that took effect January 1, 2022 clarified that the Illinois EPA does not prohibit employers from discussing with job applicants the unvested equity or deferred compensation that the applicant would forfeit upon resigning from the applicant’s current employer.
While the Illinois EPA continues to restrict employers’ ability to ask applicants questions about their compensation, the amendment clarifies that employers may discuss unvested equity and deferred compensation, only if an applicant for employment voluntarily discloses that the applicant would forfeit unvested equity and/or deferred compensation by resigning from their current employer. If an applicant voluntarily discloses that they will forfeit unvested equity or deferred compensation, employers may request that the applicant verify the aggregate amount of such compensation.
Employers and employment recruiters should be cognizant of this important change to the Illinois EPA, particularly given the current labor market. Further, employers and employment recruiters should be careful to not violate the Illinois EPA if the applicant does not voluntarily disclose compensation from his or her prior employer.
Having an experienced employment attorney evaluate your employment issues is critical to avoiding problems resulting from failing to comply with state and federal law. For more information regarding these or similar issues, please contact Mitchell S. Chaban at email@example.com or (312) 368-0100.
The threat of the theft or accidental disclosure of electronic personal information is on the rise. On January 1, 2017, new legislation went in effect amending the Illinois Personal Information Protection Act (the “Act”) to expand the definition of protected personal information and increase certain security and notification requirements for data breaches. Important amendments to the Act include:
- Expanded definition of “Personal Information” for which notice of a breach is required to include certain medical and online account information. The definition of “Personal Information” includes an individual’s first name or first initial and last name and any of the following:
- social security number;
- driver’s license or State identification card number;
- account number or credit or debit card number, or an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account;
- medical information (including any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional, including such information provided to a website or mobile application);
- health insurance information (including an individual’s health insurance policy number or subscriber identification number or any other unique identifier); and
- unique biometric data generated from measurements or technical analysis of human body characteristics used by the owner or licensee to authenticate an individual, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data.
The definition of “Personal Information” also includes an individual’s user name or email address in combination with a password or security question and answer that would permit access to an online account.
- Expanded Notification Requirements. If a security breach involves an individual’s user name or email address, in addition to a password or security question answer that can allow access to an online account, notice is required to inform the individual that his account information has been breached and that he should promptly change his user name or password and security question or answer, as applicable, or to take other steps appropriate to protect all online accounts for which the individual uses the same user name or email address and password or security question and answer.
- Expanded Data Security Requirements for Data Collectors. Any data collector that owns, maintains, stores, or licenses records that contain Personal Information must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure.
- Compliance with HIPPA. The Act also provides that any covered entity or business associate that is subject to and in compliance with the privacy and security standards for the protection of electronic health information established pursuant to the federal Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) and the Health Information Technology for Economic and Clinical Health Act shall be deemed to be in compliance with the provisions of the Act, provided that notification of a breach is provided to the Illinois Attorney General within five business days of notifying the Secretary of Health and Human Services.
If you have any questions regarding the Personal Information Protection Act’s application to your business or your obligations under the Act, please contact:
firstname.lastname@example.org or 312-368-0100.