Blog Home

The State of Remote Workforce Compliance

Company

The Team at CallMiner

November 25, 2020

looking down at a clean desk businessman's hands holding tablet with Compliance graphic
looking down at a clean desk businessman's hands holding tablet with Compliance graphic

Compliance with local and international regulations has never been a simple task for organizations to manage. In an increasingly connected global market, this complicated aspect of business has only grown more complex.

With the sudden push for remote work, business leaders must adapt the inherent complexities of the legal and regulatory compliance process to a much wider operational scope. This involves learning the ins and outs of the many regulations that apply to employees of all types, as well as implementing comprehensive strategies to ensure employees working from home continue to satisfy such regulations and maintain performance standards.

To learn more about how call centers can adapt to new challenges in the era of remote work, download our white paper: Contact Center Practices and Guidelines for Managing Through COVID-19.

As companies embrace long-term remote work, the importance of creativity in achieving compliance has been magnified. This blog dives into the details of achieving and maintaining legal compliance with a remote workforce.

Unprecedented Circumstances Drive Companies to Embrace Remote Work

Remote working arrangements have surged in popularity, connected to a host of unprecedented global circumstances unfolding at once. Most notable is the influence the COVID-19 pandemic has had on this workforce trend.

The Pandemic Push for Social Distancing

More and more employees have taken to working remotely as local and state authorities mandated shutdowns of non-essential businesses or strongly encouraged companies to allow employees to work remotely as much as possible to slow the spread of COVID-19. Some schools remain closed in areas with high levels of community spread, forcing parents to find alternative care arrangements or work from home while their children are learning remotely. Employees may be caring for aging or disabled loved ones who are at high risk of complications should they contract COVID-19 – or perhaps they are at high risk themselves – leading them to ask for flexible working arrangements to minimize contact with others and reduce their risk of contracting the virus.

This sudden shift has placed enormous strain on existing businesses to adapt, with little forewarning. Necessary shifts in the way workers get their work done have given rise to numerous innovative approaches to ensure business continuity. In healthcare, such innovations have taken the form of remote consultations leveraging video conferencing tools. In the public service sector, nonphysical contributions have been removed from central workspaces and continued from home. Across most industries, the need for increased acceptance of remote work has been acknowledged and accepted.

Despite the sudden acceleration of the remote workforce trend, the shift had largely been underway for quite some time. Back in 2006, Gallup revealed a strong emerging trend of about 32% of all U.S. workers having performed duties remotely.

Screenshot via Gallup

This figure greatly outmatched the paltry 9% recorded in 1995. However, the steepest growth line Gallup has recorded occurred from 2019 to 2020, jumping from 42% to 49% thanks to pandemic pressures. Prior to the pandemic, an analysis conducted by the U.S. Bureau of Labor Statistics (BLS) found that an estimated 45% of employment in the U.S. is in occupations in which telework is feasible, yet the percentage of those workers who actually worked from home was between 22% and 25%.

An article published by the National Bureau of Economic Research in June 2020 found that 31% of workers who were employed in early March had shifted to working from home a month later, by the first week of April. A staggering amount of U.S. employees have reported working entirely from home from July to August of 2020 – one in every four, according to Gallup.

Screenshot via Gallup

With so many people resorting to working remotely for safety reasons, employers have had to quickly accommodate the growing remote workforce, while reacting to complications in maintaining worker engagement and overall productivity.

It’s also likely that many employees will continue to work remotely even after the pandemic crisis has ended. Global Workplace Analytics estimates that 56% of the non-self-employed workforce, or 75 million U.S. employees hold jobs that are compatible with remote work, at least partially. They predict that employees who were working remotely prior to the pandemic will continue to work from home with greater frequency after they’re allowed to return to their offices, noting, “Our best estimate is that we will see 25-30% of the workforce working at home on a multiple-days-a-week basis by the end of 2021.”

In fact, findings from the Iometrics/Global Workplace Analytics’ Global Work-from-Home Experience Survey revealed that 76% of global office workers and 82% of U.S. office workers indicated a desire to continue working from home at least once per week after the pandemic crisis ends. Out of the nearly 3,000 survey respondents, 88% of global respondents and 97% of U.S. respondents were working remotely during the pandemic, and more than half of respondents (57% of global respondents, 67% of U.S. respondents) said it was their first experience working from home.

Sixteen percent (16%) of global office workers and 19% of U.S. office workers indicated that they’d prefer to work from home full-time after the pandemic, while most respondents said they’d prefer a mix of in-office and remote work. That means the remote workforce trend is likely here to stay – and employers must adapt.

Remote workforce policies and training now have a far greater effect on an organization’s continued success than ever before, but one major element towers above the rest in relative importance – regulatory compliance. Read on to learn more about the regulatory requirements laid out for employers to follow and more.

Regulatory Guidelines for Employers to Consider

There are multiple official acts and regulations that employers must take into account when managing their remote workforces. The following are directly applicable to employees in the U.S., the European Union (EU) or both:

Families First Coronavirus Response Act

The FFCRA was signed into effect in 2020 to provide emergency relief for both employees and employers during the pandemic.

Special consideration was given to the issue of defining and delivering paid sick leave, as well as how employers could be reimbursed for such an expense.

Sick Leave Benefits

The FFCRA specifies that employees are to be given a certain amount of paid sick leave, depending on the reason for their absence.

The FLSA-based regular pay rate must be given to employees for up to 80 hours (two full weeks) of leave if they have been quarantined.

Two-thirds of the FLSA-based regular pay rate must be granted to employees who need to care for children or someone who has been infected. This same pay rate must be granted to employees who have been employed for more than thirty days for up to 10 full weeks in addition to the above.

The special sick leave paid under the above conditions cannot replace existing leave benefits (both must be provided).

The guidelines established by this act for paid sick leave only apply to businesses with 50-500 employees.

Valid Reasons for Employees to Demand Leave

The FFCRA outlines several specific situations that qualify as valid reasons for employees to demand leave, including:

  • They have been ordered to quarantine by authorities.
  • They have been advised by healthcare providers to quarantine.
  • They are seeking a Covid-19-related diagnosis.
  • They are caring for someone who is quarantined.
  • They are caring for a child whose school has been closed.
  • They are suffering from a condition that is similar to Covid-19.

Tax Reimbursements

To help employers meet the requirements specified above, the FFCRA provides access to dollar-for-dollar tax credits as reimbursement.

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) dictate the manner in which private consumer payment card information should be handled to prevent fraud and theft.

For companies that routinely handle consumer payment information, such as call centers, experimenting with remote working practices can introduce additional complexity to the PCI-DSS compliance process. The suggestions below stem from those discussed in the official standards and should help employers implement an effective data security plan among their remote employees.

Screenshot via PCI Security Standards Council

Make Security Awareness a Priority

Training employees to recognize common security threats and respond appropriately can help stave off most security issues that arise from remote payment processing operations. The PCI-DSS suggest doing this for remote workers and maintaining a consistent training schedule to keep everyone abreast of developments in infrastructure, security policies and procedures, etc.

A bare minimum annual training refresher on security protocol regarding payment information handling is recommended to ensure standards are reasonably upheld across your remote workforce.

Common training topics include the following:

  • Password Sophistication Rules and Standards
  • Home WiFi Network Security Standards
  • Communication Expectations and Encryption
  • System Monitoring Processes

Implement Systems Control and Maintenance Procedures on Equipment Used Remotely

Besides limiting access to all systems used to process payment information to themselves, employees should also be instructed on how to routinely maintain their equipment and make sure it is secure.

Making regular security maintenance a part of each remote worker’s general workload can help in eliminating unnecessary data breach risks.

HIPAA

The Health Insurance Portability and Accountability Act aims to provide safeguards for consumers’ private health information.

To remain compliant with the rules stipulated in this act, the following practices are advisable:

Consult with a Compliance Officer or Appoint One

Your chosen compliance officer is in charge of approving and managing training programs within your organization and documenting this process accordingly.

Training Personnel is Pivotal to Success

This kind of training cannot effectively be administered once – it must be continuous. Conditions change, even as legal guidelines remain the same. Keeping up with new developments in technology and infrastructure changes means revisiting standard procedures is absolutely necessary.

Team members who are confused about how recent developments might affect their workflows should be provided with detailed instructions and consistent guidance to ensure they uphold necessary precautionary measures in accessing private health information securely.

Server Security Should be Outsourced

HIPAA server and data center requirements are notoriously complex, requiring a significant amount of time and energy to be devoted specifically to maintaining such compliance. Shouldering this overhead is simply not in the best interests of most institutions in the healthcare industry.

Instead, licensed and certified providers of Business Associate Agreement-protected, HIPAA-compliant server and data center services should be contracted to handle the process. This ensures a lower chance of noncompliance, offloads the risk of such to the associate and preserves your team’s resources for core competencies in actually serving your patients.

Review Business Associate Agreements

Although outsourced data protection through Business Associate Agreements (BAAs) can take most of the burden of strict technological compliance off of your organization’s shoulders, the onus is still on you to carefully vet your chosen partners.

Fully reviewing the existing agreements you have with service providers each year can go a long way in ensuring all of your patients’ data is being handled in a compliant manner.

GDPR

The EU’s General Data Protection Regulation (GDPR) sets forth specific rules regarding the use of consumers’ personal data by third parties.

This regulatory body of legal guidelines applies specifically to individuals located in the European Economic Area (EEA), as well as any organizations or individuals who process such individuals’ information.

Even if your company operates outside of the EEA, in dealing with people who reside there, the rules laid out by the GDPR still apply. Such rules deal chiefly with technical details regarding the use, access and storage of personal data, specifying what can and cannot be saved with or without explicit consent.

Six lawful grounds for accessing user data are defined in this regulation:

  • Contractual
  • Consenting
  • Public Task-Related
  • Of Vital Interest
  • Of Legitimate Interest
  • Legally Required

National laws in other nations and territories have mirrored the GDPR, including the California Consumer Privacy Act (CCPA). However, the CCPA only applies to businesses with either gross revenues of more than $25M, more than 50 thousand customers or more than half of all revenue derived from selling customers’ personal information.

To abide by the rules of the GDPR when managing a remote workforce, companies are advised to adopt the following best practices:

Establishing a Remote Access Policy

remote access policy prevents issues related to security and connectivity from arising among remote employees.

Such a policy clearly defines limitations and rules for the ways employees can access or interact with company data, wherever it is stored. As an integral part of a wider network security policy, the remote access policy clarifies all conditions surrounding data access, including where employees can safely access data from, how much data they can access and how they can store it for use on the job.

Employers are further encouraged to adjust this policy at regular intervals. This helps in ensuring that it remains up to date with developments in the interpretation of all applicable laws.

Encryption and Remote Data Wiping

Dealing with sensitive data being transmitted to remote workers may call for the use of sophisticated encryption technology. Encrypting data from confidential conversations regarding private consumer information is a must and can be incorporated into most remote workflows.

It may also be necessary for employee devices to be wiped of all sensitive data remotely in the event that they are stolen or lost. Using specialized software to provide this kind of failsafe option can dramatically improve the security of your remote operations.

OSHA

The Occupational Safety and Health Administration (brought into existence by the OSH Act) covers all employees in the U.S. except those who are self-employed or family members of farm employers.

For on-site workers, the standards put forth by the OSH Act are relatively clear, requiring that employers keep their workplace environment suitably safe for all employees. This applies to training and general business practices as well.

In the case of remote workers, equipment and materials used to complete work are the primary focus.

Providing Safe Equipment for Remote Work

OSHA does not hold employers liable for their employees’ home workspaces and does not inspect these workspaces for unsafe conditions of any sort unless complaints are received. However, employers are explicitly held accountable for all materials, equipment and work processes that employees are required to make use of in their own homes.

Hazards created by processes or equipment employees are forced to use to complete their work are considered to be their employer’s responsibility entirely. This can lead to legal issues in the event of an unexpected accident or breach caused by an employee’s personal devices malfunctioning while being used for work purposes.

To offset risks, it is best for employers to provide the equipment their employees will need at home directly. This allows quality levels to be standardized across an organization’s remote workforce. Employers should set expectations and requirements with a signed telework agreement covering safety issues such as fire safety, electrical safety and ergonomics.

Educating Workers on Their Rights

Remote workers are subject to the same privileges and responsibilities as in-person personnel in most cases. As per federal guidelines, employees must be made aware of such rights in writing before they can begin working.

There are a number of important federal notices in the U.S. that must be supplied to staff members by their employers. These posters, forms and fact sheets change and evolve over time, making replacements necessary for employers to keep up with. Formats for delivery vary and notifying individuals via email or direct mail is allowed, but remote workers must always receive such notices directly from the companies they work for. These include the following:

Families First Coronavirus Response Act Notice

The FFCRA states that employers must make an official notice describing employee pandemic-related rights to sick leave readily available.

Equal Employment Opportunity Commission

The EEOC requires that employers post a notice that clarifies job discrimination prohibitions based on factors such as race, sex, country of origin, religion and more.

Family and Medical Leave Act

The FMLA establishes that employers must display a poster that describes the legal complaint-filing process in detail for employees to follow as needed. The poster must also summarize each of the major provisions of the act.

Occupational Safety and Health Act

The OSHA poster requirements clarify that an informative poster describing applicable rights and worker entitlements provided by OSHA must be made conspicuously visible to employees.

Fair Labor Standards Act

The FLSA specifies that a poster detailing all of the provisions put forth in the act as well as the current federal minimum wage must be made explicitly available to all employees.

Uniformed Services Employment and Reemployment Rights Act

USERRA applies to military veterans of all types and, among other provisions, indicates that companies must rehire veterans who have returned from duty at the same level of seniority as they had before leaving for military service.

A poster describing all major USERRA provisions applicable to military veterans in the US is mandated by the act itself. The poster must be made available to all employees in a conspicuous manner.

In addition to the above, certain cities, states and municipalities may have similar requirements.

Insurance Requirements

Company leaders dipping their toes into the deep pool of remote working options will undoubtedly have wondered about insurance requirements that may be applicable to remote workers.

In addition to general liability coverage, the following specific types of insurance are likely to be necessary to cover your remote workforce:

Worker’s Compensation Insurance

Depending on the state your company operates in and the states your employees reside in, you may need to pay for workers’ compensation insurance.

This type of insurance covers injuries sustained by workers on the job, even when they work remotely.

Unemployment Insurance

Insurance of this type typically is paid by the employer to the state the employee resides in as wage-matched taxes. Such taxes are intended to go towards providing unemployment benefits to workers who have lost their jobs.

Disability Insurance

This kind of insurance is also usually withheld from employee wages, to be paid directly to the state in which said employee resides. It is intended to cover brief periods of disability following work-related injuries.

Regulatory Guidelines for Workers to Consider

Remote workers should be aware of the following details surrounding the process of working from home:

Company Policies Still Apply

Conduct policies, meal periods, and other policies still matter for employees working remotely. In the case of the latter, businesses in most jurisdictions are legally obliged to provide enough uninterrupted, paid time for meals even if workers are not in a physical office space. Your employer should set clear expectations regarding performance, time and attendance requirements, data security, home office requirements, and other policies when you’re entering a remote work arrangement.

The Way Wages are Paid Matters

In many states in the U.S., wages can only be paid to workers by direct deposit if said workers voluntarily authorize such payments ahead of time. Workers who cannot accept wages in such a way have the right to fitting alternatives which employers must provide as well.

Employers are also still on the hook for overtime hours, which can pile up unexpectedly with employees working from home. The U.S. Department of Labor issued a bulletin in August 2020 to provide guidance to employers regarding their obligations under the Fair Labor Standards Act, reminding them that they’re required to make a reasonable effort to track hours worked by all non-exempt employees, even those who are working remotely. Record keeping is pivotal for remote worker’s wage history in the case of payment mistakes and other issues and discrepancies.

Worker’s Compensation Laws Cover Remote Workers, Too

Employees who suffer injuries or work-related mishaps are entitled to the same workers’ compensation benefits their on-premises counterparts would be. The compensation workers are entitled to may come from employers directly or as benefits provided by their state of residence.

Zoning Variances and Home Occupation Permits May be Required

Although you are not likely to require a zoning variance to work from your home as an employee, it is sometimes necessary in zones designated for residential use only.

As for home occupation permits, these are more likely to be required for any employee looking to regularly complete their work duties from home. The exact laws and rules governing the issuance of such permits are decided by local county and city governing bodies.

If working from home is likely to impact your neighborhood in some way, then you may need to obtain a proper permit to continue.

Best Practices for Remote Workforce Compliance

Regardless of the regulations and laws applicable to your business, there are several best practices every company should follow to ensure remote workforce compliance and maintain remote workforce performance:

Prioritize Customer Privacy and Security

Companies moving quickly to a remote work arrangement may be forced to compromise initially if all systems aren’t initially set up to support a remote workforce. For instance, in the case of a work from home call center, agents may initially not have access to the company’s CRM until appropriate measures are taken to ensure the security of sensitive customer data.

There can be no compromise when it comes to customer privacy, so in this case, it’s better to make your agents available to reassure customers, even if they don’t initially have access to all the information they need.

To learn more about the best practices for managing remote call center agents, download our white paper, Remote Agents: Managing a WFH Contact Center.

Perform Quality Management

Quality management continues to be a top priority for businesses in all sectors, whether employees are working in a shared office environment or remotely. If your business has a call center or customer support function, analytics-enabled quality management solutions (AQM) can help you identify trends and opportunities to better serve customers and to better support your team during the transition to remote work and beyond.

Leverage Interaction Analytics

Interaction analytics can help you identify the top issues facing your business and your customers. It’s particularly useful for gathering actionable insights while your employees are working remotely. Once issues, challenges, and needs have been identified, work with a cross-functional team to develop solutions. Interaction analytics solutions are also valuable tools for managing risk and compliance, performance management, monitoring customer satisfaction and improving the customer experience.

Learn more about how speech analytics can help you improve customer satisfaction and reduce churn by downloading our white paper, Reduce Churn and Increase Customer Satisfaction with Speech Analytics.

Encourage Employee Feedback

Invite your employees to submit feedback, suggestions, and ideas to improve work processes and better serve your customers during challenging times. Your front-line, customer-facing staff, in particular, will have valuable insights on the most pressing needs your customers are facing and how you can address them.

Establish Guidelines to Support Flexibility

Employee satisfaction is always a key priority, but fostering employee engagement, ensuring safe working practices and safe working environments is more challenging when you’re managing a hybrid or fully remote workforce. During a global crisis like the COVID-19 pandemic, it’s essential to be flexible with employees. Establish exception guidelines for employees who are at risk and ensure that your employees know that they will not be penalized should they need to quarantine. You should also make health information and emotional support available to employees.

Allow for Flexible Scheduling

Companies should not require employees to take public transportation to work, and workforce management practices in general should be modified to accommodate employees’ needs during this time. Managers should adjust schedules as needed to allocate resources to the biggest priorities or the most urgent tasks, and real-time adherence practices should be postponed. When adjusting to working remotely while juggling multiple demands, employees may not be able to adhere to strict schedules.

Maintain Safe Workspaces

If you do require employees to come into the office, follow the CDC guidelines to create a safe work environment and prevent the spread of COVID-19 in the workplace, as well as any state or local restrictions on the number or percent of employees permitted to work in a shared space simultaneously. That may mean adjusting seating arrangements to increase the distance between employees, limiting the use of shared spaces such as conference rooms, requiring employees to wear masks and providing masks to those who need them, and implementing new hygiene, cleaning, and sanitation procedures.

The Way We Work is Changing Fundamentally

With or without a global pandemic to push such progress in working habits, the shift to more remote labor and less centralized office work would likely have continued to develop.

Achieving long-term business goals by leveraging the flexibility and resilience of a remote workforce is not only possible, but perhaps even better for organizations in a wide variety of critical sectors. With the remote working trend likely to continue after the COVID-19 pandemic crisis ends, companies must take prompt action and implement best practices to ensure remote workforce compliance.

Additional Resources on Remote Workforce Compliance

Want to learn more about remote workforce compliance in the modern era? Check out the following resources to learn how companies are adapting to the sudden shift to remote work and best practices for navigating remote workforce management during these trying times:

 

How has your company handled the shift towards remote work while ensuring remote workforce compliance?

Contact Center Operations Risk Management & Compliance Speech & Conversation Analytics