Beginning July 1, 2022 – New Sexual Harassment Obligations for Chicago Employers

Stopping sexual harassment where religious communities meet

On April 27, 2022, Chicago’s City Council approved important amendments to Chicago’s sexual harassment laws. These changes impose additional requirements on covered employers to provide notice of the new sexual harassment laws and enhanced training. These changes also expand the type of misconduct covered under the ordinance and increase the penalties for businesses that violate the ordinance’s requirements.

What Was Changed

1. As of June 4, 2022, the definition of “Sexual Harassment” was amended to include “sexual misconduct,” which is now defined as “any behavior of a sexual nature which also involves coercion, abuse of authority, or misuse of an individual’s employment position.”
2. As of July 1, 2022, covered employees must have a written policy regarding sexual harassment that complies with the ordinance, and must also display a poster regarding sexual harassment.
3. As of June 4, 2022, the time period within which the Chicago Commission on Human Relations (“Commission”) must notify the respondent (the person causing harm) increases from 10 days to 30 days to mitigate against any retaliation.
4. Charging parties now have 365 days, instead of 300 days, to file complaints with the Commission.
5. As of July 1, 2022, all covered employers must provide enhanced training each year that includes: (a) 1 hour of sexual harassment prevention for all employees; (b) 1 hour of bystander training; and (c) 1 hour of additional training for all supervisors and managers.
6. As of June 4, 2022, penalties for violations increased from $500 – $1,000 per violation to $5,000 – $10,000 per violation.

What Should Covered Employers Do?

The obligations for covered employers go into effect on July 1, 2022. Employers will need to do several things to ensure they are compliant and to avoid the significant increase in penalties:

• Update or draft a sexual harassment policy to comply with the new changes.
• Post the updated poster regarding sexual harassment.
• Update annual sexual harassment training programs to include the additional training required by the City of Chicago.

Illinois’ current sexual harassment training template is sufficient for 1 hour of training required by these changes. However, covered entities will need to provide up to an additional 2 hours of training. The City of Chicago will create separate training modules for employers covering the additional hour of training for supervisors and managers, as well as the additional hour for bystander training. These modules will be available by July 1, 2022.

These changes go into effect shortly, and it is important for employers to take steps to meet their obligations imposed by the new Chicago sexual harassment laws. If you have questions about how Levin Ginsburg can help, please reach out to Walker R. Lawrence, a partner in the employment law practice at Levin Ginsburg, at 312-368-0100 or


Unexpected Liability for Service Providers

With “hacking” and identify thefts becoming all too common place, each service provider must place more and more emphasis on protecting itself from legal liability caused by not only its own actions, but the actions of the company(ies) to whom it outsources. This article provides an introduction to contracting for service providers with an eye toward gaining legal platform upon which to adequately defend itself, if necessary.

In addition to government compliance, which will vary depending upon the industry, any company that collects personal information during the course of providing its services must take steps to safeguard itself from legal liability arising due to unwanted disclosures.  One way to provide a legal safety net is to consider the applicable issues in the service provider’s agreement.  The following is an abbreviated checklist.

  1. Whether personally identifiable information will be provided to service provider’s employees, and if so, what measures are taken to narrowly tailor the need to expose such information to only those employees or third parties who need to know in order to provide the service.  In considering this, a service provider may want to consider identifying types of employees or third parties that may be exposed to such information, or even listing such persons and having them sign a confidentiality agreement with respect to such information.
  2. When does a service provider have to notify a customer of a security breach?   Is there an obligation to notify customers of a potential privacy-related compliance issue?  Or, only when a security breach has occurred?  If a security breach is defined, service providers will be required to undertake all tasks from notification to remediation and payment for such remediation upon receipt of a complaint.
  3. While necessary, service providers will want to limit their contractual obligations to comply with compliance with IT management standards such as the International Organization for Standardization certification.
  4. If the service provider receives credit card information of customers, then at the very least, the following issues must be considered:
    1. Limitation of access of personal information to authorized employees or parties
    2. Securing business facilities, data centers, paper files, servicers, backup systems and computing equipment (mobile and other equip with info storage capability;
    3. Implementing network/ device application, database and platform security
    4. Securing info transmission storage and disposal
    5. Implementing authorization and access controls with media, apps, operating systems and equipment
    6. Encrypting highly sensitive personal information stored on any mobile media
    7. Encrypting highly sensitive transmitted over public or wireless networks
    8. Strictly segregating personal information from and info of service provider or its other customers so that personal information is not commingled;
    9. Implementing appropriate personnel security and integrity procedures and practices (conducting background checks, and providing appropriate privacy and info security training to service providers’ employees.

If you have any questions regarding your liability for disclosure of personal information, please contact:

Natalie Remien at: or (312) 368-0100.