Compliance Without the Chaos: Updates, Risks & Readiness for 2026

Lori Cole:

Hi, everyone. We’re going to wait for just a couple of minutes here to let people get logged in. We’ve got a lot of people coming today and people are still coming in. Well, while we’re waiting to get started, I’m excited to share a brand-new feature of our webinar platform that we’ve just launched. It is our candidate interview scheduling tool. Now, this is included with your job slots at no extra cost, and it really is so helpful when you’re trying to schedule these candidate interviews because now, you can do it right from the iHire platform. It syncs with your calendar and your conferencing tools instantly. It’s a very quick and easy setup, and then candidates will be able to pick their own time slots based on your availability on your calendar. So, you can set up your preferences, you can choose interview types and the duration, and you can even add some special instructions, and the really good part is that our employers are reporting a 33% decrease in interview no-shows. So, that’s worth it to you right there to just give it a try. It really does take the friction out of the hiring process and the interview scheduling process. So, if you haven’t tried it already, I really encourage you to.

The other thing that I want to make you aware of is that you have an emoji widget on your screen, and we would love for you to test that out right now. It’s usually at the bottom of your screen, and our speakers love it when you send us an emoji when we’re talking about a topic that really hits home for you. So, if you want to try to test that out now, that would be wonderful. All right. We’ve hit the two-minute point, so let’s go ahead and get started. Thank you for joining us today. I’m Lori Cole. I’m a certified career coach and advisor and content creator and brand ambassador here at iHire, and I want to offer you a warm welcome to today’s webinar, Compliance Without the Chaos: Updates, Risks, and Readiness for 2026. So, before we get started, I’d like to point out some other features of our webinar platform. I see y’all found the emoji widget, so that’s great.

These other features really put you in the driver’s seat and let you control how you see things today. The widgets allow you to move and resize windows and explore content related to today’s presentation. Make sure you find that Ask a Question widget and submit your questions at any time during the presentation. Only our producers will see those questions, and we will get to as many after the webinar as we can. Also, keep an eye on your inbox for a recording of this webinar. And lastly, just a quick reminder that you’ll earn one credit today for SHRM and HRCI recertifications. Stick around to the very end. You’ll see a recertification widget pop up on your screen, and that’s where you will download everything.

And with that, I’d like to introduce our expert today who has seen compliance challenges firsthand, and she’s here to guide us through what’s ahead. This is Vickie Krolak. Vickie is a SHRM-CP, and SPHR. She is an HR consultant at iHire, and she has over a decade of experience in HR, accounting, and office administration, mostly in companies like iHire who are software as a service companies. She’s highly knowledgeable, she’s results driven, and she’s super passionate about the people. We just love having her at iHire. She’s also very knowledgeable in recruitment, training, and development. She helps a lot of companies with different little side projects that they need assistance on. In addition to being a member of National SHRM, she’s also the SHRM Mid-Florida Chapter’s President. So, welcome Vickie. It’s so good to have you.

Vickie Krolak:

Thank you, Lori. I’m happy to be here today.

Lori Cole:

So, before we dive in, we want to do a quick little pulse check here and do a survey. So, we are interested to know what keeps you up at night. Which of these compliance topics keep you up at night: paid transparency, paid leave, AI use in hiring, employee classification, data privacy, or something else? So, while you’re taking a minute to fill out that survey, I’ll go over the agenda today. Here’s the roadmap for what we’ll cover. We’re going to break this down into six core areas that will give you the framework to tackle your compliance issues with confidence, workplace accommodation and protections, worker classification and contract terms, regulations for using AI in hiring decisions, data privacy and employee data protection, expansion of paid transparency laws, and expansion of paid and protected leave.

So, let’s see our results. Wow, we’ve got about an even split through everything. A few at the bottom are not as high as the ones at the top, but you know what? They’re all important topics, they’re all intertwined, and we are going to cover all of them today, so that will really help you be more confident about your practices here. So, compliance used to feel like it was optional, but it doesn’t feel like that anymore. The stakes are higher, audits are happening all over the place, and fines are serious. We’re seeing penalties and fines increasing across the board, and this isn’t just noise. Recent enforcement activity shows audits are happening more often and that the financial exposure is getting bigger for both federal and the state levels. Since early 2025, ICE has really stepped up their Form I-9 audits with 72-hour notice inspections and penalties that can approach $30,000 per violation.

So, making internal audits, tightening your onboarding and a rapid response, those plans are now essential. You have to know what you’re going to do if you’re in those situations. Audits and scrutiny are becoming more the norm than the exception, especially for data classification and AI-enabled processes. Manual HR processes won’t really scale with this. The regulatory and complexity demands, it demands that you have automation, it demands that you have robust documentation, and that your systems are audit-ready. So, to stay compliant and honestly just to stay sane, teams need to get this automation in place. They need that strong documentation, and they need to make sure that those systems are audit-ready because the point is it’s not really a question of if you’ll be audited, it’s probably more like a question of, “When will the audit happen?” So, with that, Vickie, I’m going to turn it over to you to talk about workplace accommodations and protections.

Vickie Krolak:

Yes, thank you, Lori. We look at recent enforcement trends and a few laws themes really stand out here. First, the Pregnancy Workers Fairness Act and the PUMP Act. These have been around for a little while, but these laws have significantly expanded employer obligations around pregnancy, childbirth, and lactation accommodations. What we’re seeing is enforcement is less tolerant for informal and inconsistent approaches. Employers are expected to engage in real discussions and document their accommodation process. Pregnant-related discrimination continues to be a major focus here. Many of these cases involve routine workplace decisions from scheduling, performance management, or leave that weren’t intended to be discriminatory, but were handled inconsistently and not carefully. We’re also seeing an increase in scrutiny around religious accommodations. The bar has shifted in recent years and employees need to show that they’ve made meaningful efforts to accommodate sincere, religious beliefs, not just that it was an inconvenience or disruptive.

There are numerous religious discrimination lawsuits that happened in 2025 under Title VII for failure to accommodate other religious discrimination claims, showing that enforcement intention in this area is still going to remain active as we go into 2026, and then there’s Title VII and ADA accommodations that continue to dominate the EEOC claims. We saw in 2024 about 60%, and this was actually the largest category again in 2025. Age discrimination claims remain strong about 40% of the filings in recent years and age discrimination, so ADA being disabilities and then age discrimination. These claims are still out there in minority of the cases, but they’re still happening.

And then under Title VII, common threads for our processes we need to look at is, “Can you show how decisions were made in your organization, can you show consistency in how they were handled, and can you show that managers understood their obligation before the complaint was filed?” This is why manager training is so important so they understand these laws and how to work with them and then also partnering with HR. A lot of times I’ve heard comments like, “They don’t need that or this isn’t real,” or they don’t even come to HR to understand the law if they haven’t been trained, and it really can land you in some hot water.

Lori Cole:

All right. It takes just a minute for my slides to progress. So, Vickie, how are companies actually getting worker classifications wrong and why is the Department of Labor suddenly cracking down on all of this?

Vickie Krolak:

Yeah, this has been going on for a couple of years, too, but we’re definitely seeing some tightening from the DOL with this definition of independent contractor, echoing strict tests that already exist in states like California. If you’ve got a contractor who looks, acts, and works an employee, you can expect the regulators to take notice here. To recap, prior years in 2024 January, the US Department of Labor published a final rule, and this was effective in March of 2024, and this revised department guidance on how to analyze who was an employee and who was an independent contractor under the Fair Labor Standards Act. This final rule rescinded the independent contractor status under the Fair Labor Standards Act. So, now, it’s more being handled by the DOL. This final rule reduced the risk that an employee or misclassified as independent contractor while providing a consistent approach for how businesses engage with individuals who are in business with themselves.

If you’re unsure, if you have an independent contractor misclassified, we do recommend referencing the DOL for more information and this will be at the federal level. There’s also, we’re seeing strict standards in place at the state level, such as the ABC test under California’s Assembly Bill 5, and this bill focuses on what’s called the economic realities test, essentially asking whether workers are truly in business for themselves or economically dependent on the company. What regulators look for is simple. If someone looks, acts, and functions like an employee, meaning they work full-time, they follow your schedule, they use your systems, and they’re managed like staff, they may legally be an employee regardless of what their contract says, and the risk aren’t minor here. Misclassification can trigger back wages, overtime, payroll liabilities in tax, benefits exposure and workers’ compensation, and even unemployment claims. The takeaway here is you should be proactive and audit your contract relationship rather than wait for the challenge to come your way.

This is a clean-it-up-before-someone-else-finds-out situation. Meanwhile, noncompetes are on the chopping block. The FTC has floated a nationwide ban and while this is still in litigation, the writing is on the wall that restrictive covenants are dying. Nothing’s final yet, but the broad trend is clear. Several states already limit or prohibit noncompetes including California, Washington, D.C., and Colorado. Courts are increasingly skeptical of over-broad restrictions on employee mobility. The writing, as I mentioned, is on the wall, “Restrictive covenants are becoming harder to enforce.” Strategically, this means we need to focus less on restricting people from leaving our organization and more on protecting our trade secrets using well-drafted confidentiality agreements, strengthening our retention strategies and build a company culture that’s engaged. In other words, competitive advantage is shifting from contractual control to organizational strength.

Last point I want to touch on here is severance agreements, and these have come a little bit riskier. Due to recent NLRB rulings, you can’t include just a sweeping confidentiality and non-disparaging clauses anymore. This applies even in non-union environments. We no longer can use language that prevents an employee from discussing working conditions or exercising protected rights. If severance agreements appear to silence someone too broadly, they could be considered unlawful. In the past, severance documents were fairly standard templates, but that is no longer the case here. They now require careful drafting and periodic review. I recommend partnering with your employment attorney to make sure that you’re in compliance with your local and state laws. I have seen this vary by state. Also make sure that you’re using different agreements for those individuals that are over 40. This is to comply with the Older Workers Benefit Protection Act, which amended the Age Discrimination Employment Act.

These agreements specifically require legally mandated disclosures. Claims are knowing and voluntary enforceable. Key requirements for over age 40, mandatory review periods, employees must be given 21 days to consider that agreement. If you do a group layoff, they get 45-days revocation period for those over 40. After they sign the agreement, they have seven days to revoke that agreement. And then specific language, as I mentioned, has to mention the Older Workers Benefit Protection. And like I said, if you’re not sure your severance agreement is in compliance or you haven’t reviewed it in a while, please consult your labor law attorney and review that and make sure that you are sending those out. Well, those employees under 40, there are different requirements and languages. You don’t need as much as you do of those over 40.

Lori Cole:

I was going to ask about that. I wondered why there was a difference between under 40 and over 40.

Vickie Krolak:

Yeah, at the federal level, as I said, the age discrimination, older workers benefit protection, they require the specific language in those severance agreements. But as I mentioned with the states, some of the laws now are not just over 40. I’ve seen as young as 18. So, please check those is my recommendation.

Lori Cole:

Good. So, I get to handle this slide because AI is one of my favorite topics. I use it every day, and there are just so many new things that are coming on the scene, but this is a big one. AI is touching everything in HR, but until now, nobody was really enforcing rules around it. So, let’s talk about some of the things that have changed. When we talk about AI in the workplace, it’s really important to be clear about one thing up front. AI tools are no longer operating in a regulatory gray area, especially when they’re used for hiring, promotions, discipline, scheduling, or other employment decisions. Regulators are paying very close attention to how AI influences people’s jobs and their careers, and the expectation is shifting from experimentation to, “We got to figure out how to govern over this.” So, one of the first things employers are being asked to do is simply know what they’re using.

And that sounds really basic, but when you start to think about all the different programs you have at your company and then what your employees may be bringing in on their personal machines, it’s maybe harder than it seems. AI can show up in applicant tracking systems. It’s probably in your resume screening tools, in your video interview platforms, in your performance analytics, scheduling software, and are often embedded inside larger systems. We’re seeing this more and more in HRIS systems, too. So, employers are now expected to maintain an inventory of these tools. They have to assign accountable owners and clearly document why each tool is being used and what role it plays in the hiring, decision-making process, and that documentation matters. Regulators want to see that AI isn’t just being used as a black box. They’re asking questions like, “What problem is this tool solving? What data does it rely on? How are results being reviewed and where does human judgment come into play?”

We’re also seeing bias audits and impact assessments moving from “nice to have” to “expected to have” in some places. Some places like New York City and Colorado have made it clear that employers can’t wait for a complaint to test whether their AI tools create a disparate impact. The expectation is proactive evaluation, testing tools for bias, understanding their limitations, and being able to explain the results in plain language. So, that’s a big shift. It means that organizations need a repeatable process, not one-time checks, and it means that HR, legal and IT, and the business leaders all need to be working together to figure out what tools you’re actually using and what managers are using what tools. Somebody might be asking ChatGPT a disciplinary question, and you would have no idea about it because no one single function owns all of the risk. Everybody owns the risk across the board.

In some states, they’re going even further. Illinois, for example, now requires employers to provide notice and maintain records when AI influences employment decisions. Employees have the right to know where AI is involved and employers need to be able to demonstrate how that technology is being used, not just what the vendor promises, but how it’s actually being applied in practice. The broader takeaway here is AI doesn’t eliminate human responsibility. It amplifies it. Employers are still accountable for outcomes even when a system helps make or informed decisions. So, treating AI as “set it and forget it” is no longer defensible. Organizations that are ahead of this are shifting their mindset. They’re building AI governance into existing HR and compliance frameworks. They’re documenting processes. They’re training their managers, and they’re making sure they can clearly explain it to the regulators and the employees and themselves how AI fits into their employment decisions because the real risk isn’t just using AI now, the real risk is using it without understanding it or documenting it or being prepared to defend it.

So, I want to do a quick little emoji poll here and just ask people, “Do you feel like you have all of your AI ducks in a row? Do you feel like you could properly defend all the systems that you have in place and you have those monitoring spreadsheets in there so that you know exactly that inventory spreadsheet that we talked about?” So, if you have that all... If you feel like you’re very comfortable with that, I’d love to see some emojis, and it might take... I saw one, but they were like, “Oh, no.”

Vickie Krolak:

Yeah, we’re going to see a lot around this.

Lori Cole:

I’m not sure [inaudible 00:23:20] places.

Vickie Krolak:

I think we’re going to see more around this, Lori, in the coming years as it still continues to evolve because AI is pretty much baked into a lot of systems we already use: our HRIS systems, our payroll systems and recruiting as you mentioned. I think we’re going to have to see more disclosures around that. I saw a comment other day on LinkedIn. Someone posted about these applicant tracking systems and having to modify their resumes to meet the keywords to even get through as a candidate, and that’s taking away that authentic self in some areas. So, I think this is an area, like we’re going to see a lot of changes coming in the future here. If you have not done your AI policy in your employee handbook, definitely recommend you get those guardrails in place for your staff. I don’t know if you want to add anything else, Lori. This is such an area that we could go on forever.

Lori Cole:

So, if you do need help with that AI policy, I think Vickie is a prime person to be able to help you with that. That’s one of the things that she does. She has at least a starting point for you so that she can help you to formulate that policy and get your ducks in order in this area.

Vickie Krolak:

In order to need to know, like are they going to allow it? Are they going to have limitations on it? Are they going to let their employees free rein? It’s going to get interesting here in the next few years.

Lori Cole:

It’s just baked into everything, and it’s getting deeper and deeper. So, Vickie, let’s talk about data privacy. How many companies actually know who’s accessing their employee records and whether they’re protecting their data properly?

Vickie Krolak:

Yeah, so in 2026, employee data privacy is becoming significantly more regulated and more visible at the leadership level. Employee data is no longer treated as internal HR information-only. There’s increasingly regulated... just like consumer data. So, which means no longer is it just an HR or an IT issue, it’s a governancy and risk issue, and four main areas we’re seeing trends in is stronger consent requirements, tighter data retention rules, faster breach notification obligations, and expanded state-level regulations, and this is across multiple states, enhancing those consent standards. We’re seeing those emerge. In practical terms, it means when we collect employee and applicant data, we must clearly disclose what we’re collecting, why we’re collecting it, how it’s being used, how long it will be retained. There’s a growing regulatory pressure to delete data once it’s no longer necessary, and this impacts the entire employee lifecycle, including recruiting and applicant tracking systems, payroll records, performance documentation, background checks, investigation files, and I-9s.

I’m also seeing this with handbooks, more policies around having it in your handbook and making sure that employees understand what you’re storing and how you’re keeping it protected. I also recommend if you haven’t, or you’re not familiar with the retention policies, I love to go to SHRM and look at their resources. They have an excellent record retention table that you can reference and use. One of my former employers, one of my colleagues, we developed a whole schedule. We took that spreadsheet, our temple table, and we said, “Okay, this is how we’re going to dispose of the I-9s, the resumes.” We followed all the guidelines, set up all our files in place. So, when the new year came, we were ready to destroy those files that we no longer needed to keep. Leadership should question, “What do we exactly collect from our employees and how long do we want to keep it here?” Oh, go ahead. Sorry.

Lori Cole:

No, I was going to say, “You go ahead and finish,” because you might be answering my question here.

Vickie Krolak:

It’s okay. I want to talk specifically about I-9s because this is an area that I see my clients struggle with sometimes. So, employees must retain the I-9s for at least three years after the date of hire and after the date of termination, whichever is latter. Active employees, you must keep the entire duration of their employment. These forms can be stored paper or electronically. I’m seeing this big shift with these payroll systems. We just didn’t implement it here at our company, and I have many clients that use Paylocity and implement it there. They even have it now where you can link it to your E-Verify account, and it’s all in one sweep, and you get it done and your people are good, and you have your documentation and there’s no worry about IDs and are they legal to work in the US and all that stuff.

And also note, these must be kept separate from the personal files. I can’t tell you how many people are employers. I see just, “I put it in their file,” and I’m like, “No, it’s got to be kept separate. You got to keep the current employees and the terminated employees separate.” So, make sure your storage is proper. Make sure that each I-9 is filled out properly. Another thing I see here is missed signatures or dates or do I keep IDs or do I not keep IDs? Whatever you’re doing, be consistent on that and whether you’re keeping them or not. We’re also seeing several states expanding privacy laws, including Indiana, Kentucky, and Rhode Island, and these laws increasingly extend privacy rights to employees and applicants, not just customers. In some cases, individuals have the right to request access to their data, request corrections, request deletions, and also understanding how their data is being used.

For multi-state employers, especially those with remote employees, here’s the key here. This creates patchwork and compliance challenges. Even if we’re headquartered in one state, and we have employees are working remotely in another, it could trigger additional legal obligations. So, please understand what state you’re in and what applies to you. There’s also this faster breach notification requirement. These timelines are tightening. For example, California now has clear expectations for timely disclosures once a breach has been discovered. This means organizations must move quickly to determine what data was accessed, whose data it was, where it was stored, and who had access. If we cannot answer these questions quickly, we risk missing notification deadlines that can result in penalties and damages to reputation. Speedy documentation has become critical here. I’ve been a victim of breach. My medical provider was breached not that long ago. They sent all the letters out and everything. It’s no fun to be as the person that’s been breached or even the company that has to send those notices. It can be a little bit scary.

When it comes to audit, as we move into audit season, one of the best practices that stand out that we should be able to answer at any time is again, who has access to our data? When, why, and how is it protected? Look at your HRIS systems, your payroll platforms, your benefit vendors, applicant tracking systems, shared drives, and spreadsheets. We have moved to this Microsoft 360 world and sometimes there’ll be multiple people who have access and make sure you understand who has those access. Privacy risk typically are not malicious, they’re operational. So, common exposures areas include former managers who may still have some system accesses, overbroad admin permissions, sensitive data is not stored and could be secured in unsecured spreadsheet, no formal retention schedule, and vendor agreements that don’t clearly define how those employees data is protected.

The bigger picture, a broad risk level issue here, there’s an overarching theme that data privacy is no longer just an IT responsibility, it’s an HR governance issue increasing broad level risk. Organizations will be safest in 2026 that maintain documentation data inventory, clear retention schedule, regular review and restrict system accesses. That’s a big one, those system accesses, and test your breach response protocol. Does your IT and HR department work hand in hand to understand what happens if your data gets breached? And then also audit vendors. Audit your vendors for data protection standards. A lot of companies will partner with other ones. We use Employee Navigator here. They’re storing a lot of sensitive data just like our payroll system. So, really understand how those systems work together. The question is not whether or not price relations will increase because they will. The real question is, “Are you ready to manage that risk before it becomes an issue?” Do you recommend... Oh, go ahead, Lori.

Lori Cole:

Sorry. Sorry, you go ahead. Finish your slide.

Vickie Krolak:

No, I’m good. I’m done.

Lori Cole:

I was going to ask, so the I-9s are such an important thing right now, and I just wanted you to reiterate, how long do you have to keep those for inactive employees and how long do you have to keep them for active employees?

Vickie Krolak:

So, your active employees, you keep the entire duration of their employment. For those that have left the company is typically three years after date of hire or one year after termination. So, if they leave within a year, you want to keep that for three years, if they’ve been there 10 years, and they leave, you can destroy it after one year. Another point there, Lori, is the E-Verify. This is so important. Many states have also... I’m in Florida and Florida has the threshold of 25 employees. If you’re a government contractor, you must comply with the E-Verify, and it’s free. So, even if you don’t meet those thresholds or requirements, it’s such an easy thing to do, an easy thing to set up, and it just makes you feel like you’re good, you’re buttoned up, and you’re protected. You know that person is authorized.

Lori Cole:

All right. Good points. All right. Let’s talk about pay transparency for a minute. As this pay transparency spreads across the country, what are the biggest challenges employers are running into?

Vickie Krolak:

So, pay transparency mandates are continuing to spread as you mentioned, Lori, and for recruiters and HR teams and executives, it’s no longer just a legal issue, it’s an operational and trust issue. States like Massachusetts and New Jersey already requires salary ranges to be in those job postings and candidates now expect that level of transparency everywhere. It is best practice, I say, to have that salary range posted. When the range is posted, it sets an anchor not just for the candidate, but internally as well. Here’s where we’re seeing the challenges show up in the real world though. A recruiter makes an offer at the top of the post range that is good for a strong candidate, but a week later, an internal employee with the same role sees that posting and asks, “Why am I at a different range? I’ve been here three years.” It’s no longer just a compensation conversation, it’s an equity retention and credibility conversation, and it doesn’t stop there.

Industry forecast points to additional state-wide and local pay transparency requirements in ‘26 and beyond. This means the organizations not covered today need to start building those repeated processes now because these laws are not slowing down. You can’t even ask a candidate in these states to have these protections. “What’s your current salary?” You have to ask them what’s their target salary or what’s their salary requirement. So, they could be making $25 an hour, and they come into your company, and they ask for 36. I’ve seen it happen. Best practices and environment are to include regular pay equity audits, set up those salary structured, well document your compensation decisions, give your recruiters some flexibility in that range. They understand what they can offer. And also, I’m trying to think... I lost my train of thought there. Sorry. Lost my train of thought. I’m sorry. I’m having a day.

Lori Cole:

No, that’s okay. Find your place [inaudible 00:36:36].

Vickie Krolak:

Make sure you have those salary structures in place. Make sure you’re doing those benchmarking compensation studies. Include them in your job postings, internal communications. Have them in your ATS, your job descriptions. Make sure everything is in alignment. You don’t want to have any area for inconsistency because this can, again, cause some risk, right? The key takeaway here is leaders need to think about pay transparency. It’s not about giving up control, it’s building consistency. It’s building trust among your workforce and treat it as part of your core value and talent strategy. It’s not just a compliance checks box. It’s going to position you better to attract candidates and retain your employees.

Lori Cole:

So, I have a question about... You were talking about a current employee seeing an ad and the pay for maybe a new employee you’re advertising for that might be advertising more money than that current employee makes. How do you handle those situations where the older employee that’s been there? And when I say older, I mean that employee that’s been with you for a little while. How do you handle that when they say, “Hey, why are you advertising what’s basically my job at a higher rate than I’m currently making?”

Vickie Krolak:

Yeah, this is a real situation I actually faced in my career at a previous employer with the NLRB rulings. You can’t restrict them talking about compensation. So, I had an employee that I hired, and he was hired at a higher range than a couple other individuals in the organization, and he was like, “Hey, this is what I came in at,” and of course, one of the employees come up to me and was like, “Hey, why did he start at that rate? I’m at this rate,” and we had to make a salary adjustment. Unfortunately, we thought we were going to hire this guy. He seemed like he had all the experience. He was highly qualified. We were trying to be competitive because he had another offer on the table, and it backfired. So, I do recommend doing the salary benchmarking, setting up those pay scales and really staying within your range.

Don’t overstretch. Don’t cause pay compression. Work with your employees. If you have someone that’s been there five years, and you know should probably look at their pay because the market has shifted. Make that market adjustment. Make that merit adjustment. Or if it’s something else, that employee’s stabilized. Maybe it’s something else. Maybe the company has a tight budget for salary increases. Be transparent about that with your staff. They need to understand what’s going on because they could. I don’t know. The economy’s a whole nother topic, too. I mean, you never know what could happen. They could go somewhere and get more money, but if they’re truly engaged with your organization, they’re passionate about working there, they probably will end up staying without that huge pay increase. Pay is such a area that we could talk about for a while. I love doing compensation studies for my clients. I love building salary structures. It’s one of my passions at comp and benefits.

Lori Cole:

Wonderful. Thank you, Vickie. All right. Our next topic is we’re touching on payroll, benefits, culture, and retention all at once. The paid family leave is expanding in 2026 and the rules are getting complicated, so give us an update on that.

Vickie Krolak:

Yeah, these laws have been coming... They’ve been coming on the pipeline for a couple of years now, and several states are launching these new medical leave benefits in 2026, including Delaware, Maine, Minnesota, and Maryland has been on the block for a couple years now. Looks like they’re finally going to follow through in 2028. They steadily are expanding. These are state-administered paid programs across the country from multi-state employers. This means growing complexity, not supplication. Leave is already one of the most complex areas in HR. As Michael Grosso of ADP previously noted, “Leave is one of the most confusing areas of employment law for both the employees and the employers,” and that’s absolutely accurate. Employers are now navigating overlapping obligations including FMLA, paid state leave laws, state sick leave laws, local ordinances. I have seen specific counties have their own sick leave policies. Employers provide PTO policies. They’ve shifted away from those vacation, sick buckets and tried to incorporate it into one bucket, and then there’s the complexity of the ADA accommodations that can come with these.

Each program is different. They have different thresholds, calculations, job protection rules, and different notice requirements. It’s not just compliance, it’s coordination, especially if you have employees in multiple states having trying to make it fair across your staff. So, employees in one state may receive pay benefits while others do not, and this can be perceived as inequity across your team. If policies are difficult to understand and inconsistently applied, trust can erode quickly. HR teams must track contribution requirements, coordinate wage replacement, manage job protection timelines, and payroll deductions across multiple jurisdictions. It does get complex. Without strong systems and clear communication, it can be a drain on your operational efficiency.

And as these areas expand, there are risks for every organization out there. Are your payroll systems configured correctly for those state deductions? Many times, they’re payroll deductions. Are managers trained on those protected obligations? If they’re having a hard time with some of the other ones you talked about earlier today, leave is definitely one that they might struggle with. Do your policies clearly explain how federal and state leave run concurrently? Are you tracking intermittent leave accurately? FMLA has intermittent leave and this does need to be tracked accurately, and do we have consistent communication templates that we’re using? Mistakes in leave administration can be one of the fastest ways to trigger employment complaints and investigations from agencies.

As these paid leave laws don’t slow down, you want to look at the long-term trends here. More states are adopting those paid programs. There is increased awareness among employees of their rights and then greater enforcement scrutiny. If they make a complaint, you’re going to have to figure out how you’re going to explain it and then from a leadership perspective, the focus should be on proactively looking at your policies and reviewing them, making sure that if you’re a multi-state, you’re in compliance, clear communications, manager education, and then that integrated system between HR and payroll. Leave compliance is no longer just an HR technical issue. It also is affecting that employee experience, retention, and culture.

Lori Cole:

All right. We are finally to our Q&A here. If you haven’t already gotten your question in, now would be a good time to do it. We have so many to go over. I hope that we have enough time. Don’t forget to hang tight until the end of the webinar to click that view certificate button for your certification widget for those certificates for SHRM and HRCI. All right, let’s start at number one. Vickie, what is the best way small businesses can start implementing pay transparency?

Vickie Krolak:

Yeah, as I mentioned earlier, looking at the market data, looking at your internal equity. Budgeting for realities, you may need to make some pay increases if the market has shifted, if your budget allows. Look at experience of the individuals and skills. Make sure you have differentials there. If they’re less experience versus more experience, do you have a broad range there you can work from? Maybe it’s grades. Maybe it’s steps. Even developing a mid-low, mid-high structure rather than making ad hoc decisions and then create a pay compensation philosophy. Be clear about it. How do you determine your starting pay when someone comes into organization? How does performance impact increases? What about promotions? And then make sure that it’s clear and transparent when you communicate that out.

And then train your managers. Train them how to explain. If someone comes to them with a pay question, are they prepared to explain that range and what they need to do to move up in their career or get a pay increase? And then how are raises determined. Without your managers being ready to answer that, it’s going to make it tough, and it could create morale issues among your team.

Lori Cole:

All right. Ooh, I like this one. Are there any new rules around employee monitoring or workplace surveillance?

Vickie Krolak:

Yes, and this is definitely evolving quickly. We’re seeing... I can’t talk anymore, growing legal regulatory expectations around this. Disclosing your monitoring practices, limits on biometric data collection, restrictions on AI-driven productivity tracking, privacy rights. We’re seeing those expand in the laws we talked about earlier. Some states now require employees to notify them if they’re monitoring email, internet use, GPS location. A lot of those time clocks, if you do the clock in by your phone, they GPS locate it, right? You can set boundaries on your time clocks. Video and audio surveillance. Biometric data, I already mentioned that. Fingerprint time clocks, facial recognitions. Additionally, workplace surveillance also tied to productivity around AI decision-making. We talked about that in link today and then clearly disclosing what you’re monitoring, why limit the monitoring to legitimate business purposes. Don’t spy on your employees. That goes back to the NLRB and your tips.

And then avoid monitoring personal devices without... Make sure you have a requirement or they consent to it. A lot of companies allow people to use their personal phones for email, but letting that employee know they have the right to your phone if the company email’s on there. It is discoverable if there’s a lawsuit and then also looking at the privacy impact assessment before implementing any new tools that you’re going to implement. It’s not just an IT function, it needs to be a strategic decision, and I think I mentioned yesterday, Lori, about the AI glasses. Employees are now wearing these glasses. They can videotape in the workplace. That’s going to add a whole another level of complexity. How do you control that?

Lori Cole:

I know. I know. I was thinking about it from... I’ve been thinking about getting a pair because I thought would they make me more productive? Would I be able to see, ask a quick question and have it just in my range of view with my glasses? But yeah, that’s tricky when you start thinking about where are people wearing it? Oh my goodness, healthcare, that would be a huge compliance issue because you can’t have people recording.

Vickie Krolak:

The court systems.

Lori Cole:

Yeah. My first thing was could I wear it to the casino so I could win in Blackjack?

Vickie Krolak:

So funny.

Lori Cole:

How are the casinos regulating that? Because there are going to be people coming in and every place.

Vickie Krolak:

We saw this with the cell phones, right? With the cameras, and they’ve been out for a while now. I mean, I had a procedure on Monday, and they had something on the wall saying, “No video cameras in the waiting area,” where I was for pre-op. So, I thought it’s such an interesting area to me, and we saw this with the body cameras on the law enforcement. There was a whole big thing about that and then there’s some law enforcement agents out there that won’t admit to the body cam or the dash cams. So, whew.

Lori Cole:

I had a follow-up question there. If you have the work email on your personal phone, does that make your whole phone discoverable if they need to look at something or is it just the work email section of it?

Vickie Krolak:

No, your whole phone becomes discoverable, right? Because we have the email. We have the teams. It should be in your handbook. I know it’s in iHire’s that they have the right to take your phone and look at it because you have company software on it.

Lori Cole:

All right. Can your company’s social media policy include any specifics on how employees use their personal social media accounts?

Vickie Krolak:

Yes, and there are important legal boundaries here, Lori. Employees can regulate conduct that impacts the workplace, harms company reputation, violates any kind of harassment or discrimination policies or any kind of confidential information. However, policies can’t unlawfully restrict employees from their protected rights. So, they still have that right at the federal level to discuss wages, working conditions, and engage in concerted activity. This means you cannot prohibit an employee from, as I said, discussing pay, criticizing management in certain contexts or even workplace discussions. What you can include in your social media policy is a prohibitive sharing conflict information or proprietary information, expectations around respectable conduct, not using social media during working hours. Clear disclaimers of when employee references the company. They can’t speak on your behalf. You need to include that language.

And then as I mentioned, those anti-harassment, anti-discrimination standards, and then also best practices on behavior is to avoid overbroad statements. Employees may not post negative comments about the company. Instead, use something like employees may not disclose conflict information or engage in unlawful harassment. The goal is to protect the business while respecting the employee’s rights.

Lori Cole:

All right. So, regarding the severance agreements that you mentioned, you mentioned that language needs to be avoided in two things. Number one was preventing employees from discussing work conditions. But then what was that second one?

Vickie Krolak:

Oh.

Lori Cole:

Remember off the top of your head?

Vickie Krolak:

Hang on.

Lori Cole:

It’s probably in your notes.

Vickie Krolak:

[inaudible 00:52:15].

Lori Cole:

That’s okay. Let me go to this next one. You find that, and I will answer this next one. So, the next one is, who are the AI regulating bodies? And I think the answer is if it has anything to do with government, they’re all going to get their fingers into it. I listen to AI podcasts regularly and all of the different states and the federal government are all considering the different regulations that they can impose and apply on you. Let’s see. I did do a quick ChatGPT, and you could do that too if you have-

Vickie Krolak:

Yeah, I was going to say the EEOC is the biggest one when it comes to discrimination and any of those ADA... And then there’s the DOL and the...

Lori Cole:

National Labor Relations.

Vickie Krolak:

Yes.

Lori Cole:

National Labor Relations is one and then the state level regulatory. So, I think it just depends on which piece of AI that you’re talking about, but I feel like you can count on the fact that it will become more regulated and not less because I think this really... AI has caught the government off balance, and it came on so fast, and they are just trying to catch up and figure out what can we do and how can we protect people.

Vickie Krolak:

Yeah, you have those protections at the federal level and now at the state level. It gets interesting, and they all have their own agencies at the state level, even local municipalities. As I mentioned, there’s one county in Maryland, Montgomery County, that has its own regulations when it comes to sick leave and requirements. I know California, there’s many cities: Sacramento, LA, San Francisco. They all have very specific labor laws in place. So, if you are a SHRM member, there’s a plethora of resources where you can do the multi-state law review. I do these for my clients all the time because they’re changing and shifting so much. It’s hard to keep up with.

Lori Cole:

I think you just answered the next question. Are the AI regulations applicable to employers of all sizes or are some employers exempt? The SHRM would be the exact right place to go to figure that out.

Vickie Krolak:

Yeah, I would think it would apply to all companies and if you’re using it, if it’s built into your systems, definitely recommend putting a policy in your handbook. I help my clients with this, but SHRM also has a great template that you can use as a baseline.

Lori Cole:

All right, and the very last thing here, can Vickie share, again, the SHRM tool resources on data privacy?

Vickie Krolak:

Oh. So, in the SHRM tools is if it’s the retention one, there is a records retention table that they have that’ll explain everything from maintaining your I-9s, your applications, resumes, payroll data, background checks, all those important forms that the employees fill out. I do also recommend having a payroll file for your employee and also a private folder. So, anything that’s related to medical workers’ comp, these should all be housed separately.

Lori Cole:

Well, that’s all the time we have left today, Vickie. Thank you so much. We appreciate all the work you’ve put into this presentation, and we appreciate the audience, everybody that took the time out of your busy day to join us today. If you’re interested in working with Vickie or anybody on our HR Pro Services team, schedule a free consultation. I believe there’s a widget on your screen so that you can learn more about how they can provide personalized guidance and support for your HR projects. If any other questions come to mind, you can always reach out to Customer Success at [email protected], and we’ll get you connected with the right person. Remember to click that View Certificate button in the certification widget now and download that certificate of completion for SHRM and HRCI. Keep an eye on your inbox for an on-demand recording of today’s webinar and also an invite to the next webinar that will be heading your way shortly. Thank you all so much. Have a great rest of your day.