• 2021 Housing Legislation Overview: Major Bills Signed, More on Governor’s Desk

    While the 2020-2021 California Legislative Session was dominated by the ongoing COVID-19 health crisis and the ultimately unsuccessful Gubernatorial recall election, there were significant efforts made to change statewide housing policy. Last week, the Governor began signing some of those new housing bills into law—including the widely discussed SB 9, which is regarded as the end to California single-family zoning law.

    The Legislative Session included over a dozen housing bills, building on legislative efforts in recent years to tackle California’s housing crisis. Notably, Senate leadership focused on its 2021 Housing Production Package, referred to as “Building Opportunities for All,” which included eleven Senate bills aimed at increasing housing supply. Nine of the eleven bills successfully passed both houses and were sent to the Governor for signature, as summarized below. Two additional bills failed to move forward: SB 5 (Affordable Housing Bond Act, which would have placed a $6.5 billion bond on the November 2022 ballot to fund affordable housing) and SB 6 (authorizing residential development on existing qualifying office and retail sites). The state Assembly also sponsored a number of important housing bills.

    Key housing-related bills that have been signed or are on the Governor’s desk for signature include the following. The Governor has until October 10 to either sign or veto the remaining bills. Going forward, we will follow up with more in-depth coverage on the potential impacts of legislation signed by the Governor on housing production and regulation.

    Signed Legislation

    SB 7 (Atkins) [CEQA Streamlining Extension for Environmental Leadership Projects] – Senate Bill 7, signed by the Governor on May 20, 2021, extended California Environmental Quality Act (CEQA) streamlining for qualifying environmental leadership development projects approved through 2025, thereby reinstating and expanding the former AB 900 streamlining process—albeit with new substantive requirements. Read our prior coverage of SB 7 here.

    SB 8 (Skinner) [SB 330 Housing Crisis Act Extension] – Senate Bill 8 extends the provisions of SB 330, the Housing Crisis Act of 2019, from 2025 until 2030. It allows applicants who submit qualifying preliminary applications for housing developments prior to January 1, 2030 to utilize the protections of the Housing Crisis Act through January 1, 2034, with those applications subject only to the ordinances and policies in effect when the preliminary application is deemed complete, with limited exceptions. Among other changes, SB 8 clarifies that for purposes of the Housing Crisis Act, a “housing development project” may involve discretionary and/or ministerial approvals, or construction of a single dwelling unit, and adds demolition, relocation and return rights.

    SB 9 (Atkins) [Duplex and Lot Split Zoning] – Senate Bill 9, referred to as the duplex zoning law, would require, for qualifying parcels, ministerial approval of two-unit housing developments in single-family zoning districts, and would allow single-family parcels to be subdivided into two lots. Taken together, these provisions could allow for development of up to four housing units on lots where only one unit is permitted today. SB 9 requires applicants for lot splits under this law to confirm that they intend to occupy one of the housing units as their principal residence for a minimum of three years, unless the applicant is a community land trust or qualified nonprofit corporation. Under SB 9, a local agency retains discretion to deny a proposed housing project if it finds that the project would have an adverse health and safety or environmental impact that cannot be feasibly mitigated or avoided. Local agencies are also required to prohibit use of the units for short-term rentals of 30 days or less. Read our prior related coverage of SB 9 here, which highlighted national, state and local efforts to shift away from traditional single-family zoning.

    SB 10 (Wiener) [CEQA Streamlining for Upzoning] – Under current state law, local agencies must conduct environmental review under CEQA prior to adopting zoning changes that could have the potential to cause a direct or indirect impact on the environment, with limited exceptions. SB 10 allows, but does not require, local agencies to avoid this CEQA review when upzoning parcels to allow up to 10 units per parcel, at a height specified by local ordinance, if the parcel is located in a qualifying transit-rich area or an urban infill site. SB 10 does not provide new CEQA exemptions or streamlining for the projects that would be constructed on these upzoned parcels but, under existing law, certain CEQA exemptions or streamlining may be available on a case-by-case basis depending on project size, site conditions and other factors. However, for larger residential or mixed-use projects with more than 10 units developed on one or more parcels upzoned pursuant to SB 10, the bill prohibits those projects from being approved ministerially or by right, or from being exempt from CEQA, with limited exceptions. Taken together, SB 10 could be a useful tool for encouraging development of smaller residential projects of 10 or less units in jurisdictions who choose to take advantage of the CEQA streamlining provided. However, projects larger than 10 units proposed in an SB 10 zoning district, such projects that utilize the state density bonus or include multiple parcels, may face a more challenging entitlement process given the limitations on CEQA exemptions and use of any ministerial approval process. If a local agency chooses to adopt an upzoning ordinance under SB 10, it must do so by January 1, 2029. Read our prior related coverage of SB 10 here.

    Bills Pending Governor’s Signature

    SB 290 (Skinner) [Density Bonus Law Amendments] – Senate Bill 290 amends the state Density Bonus Law to clarify certain provisions and extend incentives to student housing projects. The bill allows one incentive or concession for projects that include at least 20% of the total units for certain “lower-income students” (as defined in SB 290) in a student housing development. Existing Density Bonus Law provides that a local agency cannot require a parking ratio above 0.5 spaces per unit if the development provides at least 20% low income units or 11% very low income units and is located within one-half mile of a major transit stop; this bill’s amendments would extend the parking ratio limit to developments with at least 40% moderate income units.

    SB 478 (Wiener) [Minimum FAR Restrictions] – Senate Bill 478 is designed to spur the creation of “missing middle” housing, by prohibiting local governments from establishing a floor area ratio (“FAR”) that is less than 1.0 for projects of three to seven units, or less than 1.25 for projects consisting of eight to ten units. Those local governments also cannot deny a qualifying project solely based on the fact that the lot area does not satisfy the minimum lot size requirement. This applies to projects that are either entirely residential, mixed-use with at least two-thirds of the square footage designated for residential use, or transitional or supportive housing. Eligible projects must (1) provide at least 3 and up to 10 units and (2) be located in either a multi-family residential zone or mixed-use zone. This bill does not prohibit a local government from imposing other zoning or design standards, such as height and setback limits, except for a lot coverage requirement that would physically preclude a qualifying project from achieving the permitted FAR. This bill also limits private restrictions (e.g., from a homeowners’ association) that effectively prohibit or unreasonably restrict an eligible project from achieving the permitted FAR. The California Department of Housing and Community Development (“HCD”) is tasked with identifying violations and may notify the State’s Attorney General, which can bring a suit to enforce the law.

    AB 215 (Chiu) [Expanded HCD Enforcement Authority] – Assembly Bill 215 provides HCD with additional enforcement authority for local agency violations of specified housing laws, and increases public review for housing elements, a required component of long-range General Plans. For example, AB 215 requires HCD to notify the Attorney General of violations of housing element law, including SB 35 (streamlined ministerial approval for specified housing projects). This bill also expands the Attorney General’s authority to initiate an enforcement action against a local jurisdiction for housing element noncompliance by eliminating requirements that HCD first provide two consultations and written findings to a noncompliant jurisdiction.

    SB 477 (Wiener) [HCD Annual Progress Reports] – Senate Bill 447 establishes additional information and data that cities and counties must report annually to HCD and the Office of Planning and Research. Under existing law, the annual progress report (“APR”) must include information such as the total number of housing units approved, the number of SB 35 applications approved, and the number of density bonus applications submitted and approved. Beginning January 1, 2024, cities and counties must also include, among other requirements, the following information for each project in their APR: (1) whether the project was submitted pursuant to state and/or local ADU laws, (2) whether the project requested any bonus, concession, or waiver under Density Bonus Law and whether the request was approved, (3) whether the project was submitted pursuant to SB 35, (4) whether the project was submitted pursuant to Project Roomkey, (5) whether the project received streamlining or an exemption from CEQA, and (6) whether the project submitted a preliminary application pursuant to SB 330 and instances in which a preliminary application expired.

    SB 791 (Cortese) [New Surplus Land Unit Within HCD] – Senate Bill 791 creates the California Surplus Land Unit within HCD to facilitate the development of housing on local qualifying surplus land. Under the existing Surplus Land Act, when local agencies seek to dispose of “surplus” public land, they first must send notice to various public agencies and qualified nonprofit groups to offer the land for affordable housing, parks and open space, school facilities, and infill opportunity zones or transit village plans, among other requirements. Under SB 791, the newly created Surplus Land Unit would facilitate agreements between housing developers and local agencies that are looking to dispose of surplus public property and collaborate with state financing agencies to assist with obtaining financing for housing projects. Creation of the Surplus Land Unit would require funding appropriation of approximately $2.5 million by the Legislature.

    AB 1487 (Gabriel) [Homelessness Prevention Fund] – Assembly Bill 1487 establishes a Homeless Prevention Fund to be administered by the Legal Services Trust Fund Commission, under the State Bar of California, to fund eviction defense programs. The Commission would distribute the funds in the form of grants to legal aid organizations for eligible services. Such services are generally limited to households with incomes less than 80% of the area median income.

    The Coblentz Real Estate team continues to track changes in state and local legislation impacting housing production. Please contact us for additional information and any questions related to the impact of these new bills on land use and real estate development.

  • San Francisco Board of Supervisors Adopts Further Commercial Tenant Relief in Response to COVID-19 Pandemic

    The COVID-19 pandemic continues to affect the commercial real estate market, and the San Francisco Board of Supervisors is pursuing relief for certain categories of commercial tenants, including adoption of an ordinance creating a rebuttable presumption that a commercial tenant’s legally required shutdown excuses rent owed for the shutdown period.

    We previously reported on San Francisco’s eviction protection for “Covered Commercial Tenants,” which are tenants (1) registered to do business in San Francisco, and (2) with combined worldwide gross receipts for tax year 2019 equal to or below $25 million. Covered Commercial Tenants do not include for-profit entities occupying space in property zoned or approved for Office Use, nor entities leasing property from the City and County of San Francisco.

    Covered Commercial Tenants are currently protected from evictions for COVID-19 related missed rent payments that came due between March 16, 2020 and September 30, 2021. After September 30, 2021, unless the Governor further extends his executive order allowing for local jurisdictions to protect commercial tenants from eviction, Covered Commercial Tenants with 50 or more full time equivalent (“FTE”) employees will be required to immediately pay any unpaid rent owed to their landlords, while smaller Covered Commercial Tenants will be entitled to a forbearance period after September 30, 2021 ranging from 12 to 24 months.

    On July 20, the Board of Supervisors took further action that would effectively forgive some past due rent from certain Covered Commercial Tenants, even after their applicable forbearance period expires. The Board of Supervisors unanimously passed an ordinance (Board File No. 210603) establishing a rebuttable presumption, for a Covered Commercial Tenant legally required to shut down due to COVID-19, that the shutdown frustrated the purpose of the lease, and that payment of rent for the shutdown period is excused. Importantly, the rebuttable presumption only applies where a generally applicable health order legally obligated a tenant to shut down, not where a tenant closed operations because of a COVID-19 outbreak or due to COVID-19 economic impacts. It does not apply if there is a contract provision or other agreement between the landlord and Covered Commercial Tenant demonstrating that the shutdown did not frustrate the purpose of the lease. Where applicable, a Covered Commercial Tenant can avail itself of this rebuttable presumption without terminating its lease.

    Recognizing that many commercial landlords and tenants negotiated site-specific agreements regarding their existing leases in response to COVID-19, and seeking to encourage such agreements, the ordinance specifically states that the presumption also does not apply where a landlord and tenant executed a valid, written agreement in response to COVID-19 to reduce, waive, or extend a deadline to pay rent.

    While the above-described contract provisions and agreements between a landlord and tenant render this presumption inapplicable, the factual circumstances that could rebut the presumption are less certain. For example, a landlord could attempt to rebut the presumption if the tenant could have operated at the premises during a shutdown in a different, legally permitted manner, such as a restaurant that was forced to close onsite dining, but still prepared or could have prepared food for pick-up or delivery from its premises without violating health orders.

    Another more incremental, but nevertheless important potential change to San Francisco’s commercial tenant relief program has been introduced, and is pending Board of Supervisors action. Supervisor Safai has introduced legislation (Board File No. 210762) to allow a 6 month forbearance period for Covered Commercial Tenants with between 50 and 99 FTE employees, who as discussed above are currently entitled to no forbearance. On July 15, Board President Walton waived the 30-day hold for this legislation and transferred it to the Budget & Finance Committee. We will provide further updates when they are available.

    Contact Real Estate attorneys Dan Gershwin at dgershwin@coblentzlaw.com and Caitlin Connell at cconnell@coblentzlaw.com for additional information.

  • As California Opens for Business, Public Hearings Allowed To Continue Remotely Through At Least September 30, 2021

    In March 2020, in response to the COVID-19 public health crisis, Governor Newsom issued Executive Order N-29-20, suspending open public meeting requirements under the Brown Act and Bagley-Keene Act thereby allowing state and local public agencies – including Boards of Supervisors, City Councils and Planning Commissions – to meet by teleconference without requiring a physical meeting place for members of the public to convene. Since that time, Zoom-based public meetings have become ubiquitous.

    Executive Order N-29-20 was set to expire last month on June 15, 2021 – the same date that the state of California marked its official re-opening as the Governor lifted a number of prior COVID-related public health orders and restrictions. However, in a letter to the Governor, an association of cities and other public agencies expressed concern that returning to conducting public hearings in person would require additional time and revamped logistics to ensure continued public health and safety.

    To that end, the Governor’s office announced in a June 2, 2021 response letter that public agencies would be permitted to continue holding public meetings virtually, with no expiration date set at that time. The Governor’s office also committed to providing advance notice ahead of any termination of Executive Order N-29-20 to give state and local agencies sufficient time to transition and comply with applicable open meeting legal requirements.

    On June 11, 2021, the Governor formalized this guidance through issuance of Executive Order N-08-21, extending the public meeting exceptions through September 30, 2021. Until that time, or as otherwise extended, public agencies may continue to convene remotely and, if they do so, must allow members of the public to observe and participate in meetings telephonically or electronically through that date.

    Some local public agencies across the Bay Area are anticipated to hold off on returning to in-person hearings until the expiration of the public meeting exceptions, although others are exploring earlier returns in summer 2021. As public agencies begin to navigate their own re-openings, it is likely, but not yet certain, that some jurisdictions will offer hybrid opportunities for public participation in addition to in-person attendance, including continued use of teleconference and/or online video platforms such as Zoom.

    The Coblentz Real Estate team continues to track ongoing updates related to the project approval landscape across the Bay Area in light of the ongoing COVID-19 public health crisis. Please reach out to a member of our team for assistance navigating state and local COVID regulations related to land use and development.

  • SB 7 Breathes New Life into CEQA Streamlining Process

    AB 900, a law that provided for speedy resolution of California Environmental Quality Act (CEQA) litigation, was allowed to “sunset” at the end of the 2020 legislative session, without an anticipated legislative extension. On May 20, 2021, Governor Newsom signed SB 7, the Jobs and Economic Improvement Through Environmental Leadership Act of 2021, to reinstate and expand the former AB 900 streamlining process for certain environmental leadership development projects (ELDPs).

    SB 7 allows new ELDPs to be certified through 2023 and approved through 2024, and makes a new class of smaller residential projects eligible for certification for the first time. The new law provides clear benefits to projects that were previously certified as ELDPs under AB 900, but that did not receive project approvals by the prior deadline of January 1, 2021. For many new projects seeking the legislation’s CEQA streamlining benefits, the feasibility to achieve ELDP status is uncertain, given onerous new requirements prioritizing on-site and local direct greenhouse gas emissions reductions over offsets, and imposing new geographic requirements for any offsets that remain necessary.

    AB 900 Background

    Under AB 900, the Jobs and Economic Improvement Through Environmental Leadership Act of 2011, three types of major development projects were eligible for ELDP certification: (1) clean renewable energy projects that generate electricity exclusively through wind or solar; (2) clean energy manufacturing projects; or (3) “residential, retail, commercial, sports, cultural, entertainment, or recreational use projects” on infill sites that would achieve LEED Gold certification and improved transportation efficiency. All ELDPs were required to cause no net additional emissions of greenhouse gases (GHGs) as determined by the California Air Resources Board (CARB), adhere to specific prevailing wage and project labor requirements, and result in at least a $100 million investment in the state, among other requirements.

    Once certified by the Governor, ELDPs were entitled to significant litigation streamlining benefits in exchange for their environmental and economic commitments—namely, that all judicial challenges to an EIR certification or related project approvals, including “any potential appeals,” must be resolved, to the extent feasible, within 270 days. Absent such streamlining, CEQA litigation frequently lasts for two years or more with appeals. To facilitate speedy resolution, the schedule for preparation of the administrative record was shortened, running concurrently with the entitlement process, and the lead agency must certify the record within 5 days of its approval of the project (rather than 60 days after filing a petition under the normal CEQA process). However, despite certain news reports that the legislation was intended to speed up environmental review, it in fact only accelerated the timeline for litigation following completion of environmental review.

    Reviving AB 900 Certifications

    Approximately 20 ELDPs were certified by the Governor between 2012 and the statutory deadline of January 1, 2020, including the 3333 California Street Project in San Francisco and the Inglewood Basketball and Entertainment Center (which proceeded under project-specific legislation). However, under the former act, projects that were certified before January 1, 2020, but not approved by a lead agency before January 1, 2021, were left with expired certifications.

    SB 995, an earlier bill aimed at lengthening the runway for certified projects, passed both the California Senate and Assembly but failed to be finalized in the hectic final hours of the last legislative session. SB 7 picks up where SB 995 left off. Under SB 7, previously certified ELDPs are entitled to the same benefits and subject to the same requirements prescribed in the former act, but now have until January 1, 2022 to obtain final approval by a lead agency. The legislation was enacted with an urgency clause, meaning that it is effective immediately.

    Expanding Eligibility for Certification

    For new projects interested in securing CEQA streamlining, SB 7 offers some good news: ELDPs now may be certified by the Governor before January 1, 2024, and approved by a lead agency before January 1, 2025. Additionally, SB 7 makes a new class of projects eligible for certification—residential infill projects that result in an investment of between $15 million and $100 million, with at least 15% of units affordable to lower income households.

    SB 7 also authorizes the Governor, before a lead agency’s approval of an ELDP, to certify a project alternative if the alternative also complies with AB 900’s statutory conditions at the time of the Governor’s original certification. This clarification is intended to ensure that certification remains valid if the lead agency ultimately selects a project alternative under CEQA.

    Raising the Bar for GHG Neutrality

    At the same time, SB 7 raises the bar for ELDP certification. It adds construction labor requirements to the existing prevailing wage/project labor agreement requirements, requiring eligible projects to use a “skilled and trained” workforce for all construction work, and requires applicants to pay the costs of the trial court (not only the Court of Appeal), in hearing and deciding any case challenging the ELDP’s CEQA certification or project approvals.

    Most notably, SB 7 imposes material new barriers to demonstrating that a project will have no net additional GHG emissions, which typically requires use of GHG “offsets” to reduce emissions beyond what would be possible as part of the project itself. Under AB 900, the determination of GHG neutrality was left up to CARB’s discretion, and there were no geographic restrictions on the location of GHG offset programs, which allowed flexibility in completing or funding cost-effective GHG reduction measures to achieve GHG neutrality. Under SB 7, with the exception of the newly eligible housing development projects described above, projects newly seeking certification must first prioritize direct emissions reductions that also reduce other air emissions within the same air district in which the project is located. If those measures are not sufficient, the project must address any unmitigated GHG impacts through offsets within the same air district as the proposed project, or that otherwise have a “specific, quantifiable, and direct environmental and public health benefit to the region in which the project is located.” The market for offsets is quite constrained, particularly for offset projects located in urban areas in California, and is expected to become even more so in the coming years. Given this change, the feasibility of new ELDPs is uncertain.

    Coblentz has guided clients through certification, approval, and development of several ELDPs and would be happy to discuss the opportunities and challenges of SB 7.

  • Spring 2021 Privacy Law Update: CCPA, CPRA, State Laws and Recent Court Decisions

    By Scott Hall & Mari Clifford

    Download a PDF version of this report here.

    Although we are just a few months in, 2021 has already been another busy year for data privacy developments. From new regulations and legislation to court decisions impacting privacy rights, let’s take a look at a few of the key data privacy developments so far this year.

    New CCPA Regulations

    Just when you thought the CCPA regulations were finalized, on March 15, 2021, the California Attorney General (“AG”) approved additional regulations intended to enhance consumer protections for opt-outs. Most significantly, the regulations ban “dark patterns” that complicate the opt-out process and prohibit businesses from burdening consumers with confusing language or unnecessary steps.

    The revisions implement the following changes:

    • Offline Collection and Notices: Businesses that sell personal information collected offline are now required to inform consumers in an offline method of their right to opt-out. This includes providing instructions on how to submit an opt-out request.
    • Ban on Dark Patterns or Complications to the Opt-Out Process: Opt-out requests must “be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out.” The new regulations prohibit businesses from using any method that is designed to, or has the effect of, preventing a consumer from opting out. Specifically, businesses cannot require consumers to scroll through a privacy policy or listen to reasons why they should not opt-out before confirming their request. Additionally, the opt-out process cannot require more steps than the process to opt-in to the sale of personal information after having previously opted out, or use confusing language.
    • Opt-Out Icon: Businesses may use an opt-out icon in addition to, but not in lieu of, notice of a right to opt-out or a “Do Not Sell My Personal Information” link.
    • Requests from Authorized Agents: A business may require an authorized agent who submits a request to “know” or “delete” to provide proof that the consumer gave the agent signed permission to submit a request.
    • Children’s Information: The regulations added the word “or” to section 999.332. As a result, businesses that sell personal information (“PI”) of children under the age of 13 “and/or” between the ages of 13 and 15 are now required to define in their privacy policies how consumers can make an opt-in to sale requests.

    CPRA Preparation and Compliance

    In November 2020, Californians voted to enact Proposition 24, also known as the California Privacy Rights Act (“CPRA”). The CPRA expands on the California Consumer Privacy Act of 2018 (CCPA), establishes a new privacy regulatory agency called the California Privacy Protection Agency (CPPA), provides new rights for consumers, and imposes new obligations on businesses.

    The CPRA’s enforcement is set to begin on July 1, 2023, but the act has a look-back period to January 1, 2022. This means that data collected from January 1, 2022, is subject to the act, so businesses shouldn’t wait to develop the requisite policies and procedures in response to new requirements. CPRA compliance should be a priority for every covered business. Here are a few key points that businesses need to be thinking about:

    Modification to the Scope of the CCPA

    The CPRA modifies the CCPA’s scope in that it applies to businesses that (1) have annual gross revenue over $25 million in the preceding calendar year; (2) buy, sell, or share personal information of 100,000+ consumers or households; or (3) derive at least 50% of their annual revenue from selling or sharing consumer PI. Notably, the CPRA’s threshold of 100,000 consumers or households doubles the previous threshold under the CCPA of 50,000 consumers, households, or devices, and therefore could significantly reduce the scope of the act and its impact on smaller businesses.

    Cross-Context Behavioral Advertising

    The CPRA introduces the concept of data “sharing,” which is defined as “sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.” (Emphasis added.) The CPRA explicitly requires businesses to provide notice to consumers about data sharing practices and extends consumer opt-out rights to the sharing of personal information by a business to a third party.

    Data Minimization

    The CPRA introduces data minimization principles similar to those in the GDPR by prohibiting businesses from collecting more personal information than “reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed . . .”[1]  The CPRA also requires that businesses not retain personal information for longer than is reasonably necessary for the purpose for which it was collected, as well as to identify retention periods of data in the privacy notice to consumers.[2] Thus, all businesses should focus on making changes to limit data collection and processing of personal information to only what is reasonably necessary for the business.

    Creation of California Privacy Protection Agency (CPPA)

    The CPRA establishes a new enforcement agency, the CPPA. As the first agency of its kind in the United States, the CPPA will have the authority to investigate potential breaches and violations, draft enforcement regulations, and issue fines. This transfers the current CCPA and CPRA responsibilities from the Office of the Attorney General to the CPPA. Importantly, the CPRA cancels the grace period of 30 days that businesses have after being notified of an alleged breach or violation and raises the maximum on fines for violations.

    Expanded Consumer Rights

    Expansion of the Private Right of Action

    The CPRA has expanded the scope of the private right of action by adding a cause of action for the unauthorized access and exfiltration, theft, or disclosure of an email address in combination with a password or security question and answer that could permit access to content. The act also clarifies that the implementation and maintenance of reasonable security procedures and practices following the breach do not constitute a cure.

    New Consumer Rights Under the CPRA

    • Right to correct: California residents have the right to correct inaccurate personal information the business holds about them. This mirrors the right to correction under the GDPR.
    • Right to know about and opt-out of automated decision making: California residents can request access to and knowledge about how automated decision technologies work and what their outcomes are, and have a right to opt-out of the use of their PI for automated decision making.
    • Right to opt-out of data “sharing”: In addition to being able to opt-out of data “selling,” consumers will be able to opt-out of data “sharing” for cross-context behavioral advertising purposes.
    • Right to limit use of sensitive personal information: The CPRA introduces a new category of personal information called “sensitive personal information.” This includes precise geolocation data, race, religion, sexual orientation, social security numbers, and certain health information outside the context of HIPAA. Consumers may limit the use and disclosure of sensitive personal information by businesses. Businesses may also need to add another link to their website homepage to allow consumers to exercise their rights to limit the use of their sensitive information.

    Next Steps For Businesses

    Update Website Links

    Covered businesses will need to (1) update their “Do Not Sell My Personal Information” links to read “Do Not Sell or Share My Personal Information,” and (2) include a separate link titled “Limit the Use of My Sensitive Personal Information” where such information is collected. The CPRA encourages businesses to make “a single, clearly-labeled link” that allows a consumer to swiftly and simultaneously opt-out of sale or sharing of PI and limit the use or disclosure of the consumer’s sensitive PI. If a business complies with automated opt-out signals sent from browsers or other extensions then a business will not need to provide such links.

    Update Contracts

    Businesses will need to impose expanded duties on their service providers and contractors to protect information, comply with audit requests, and assist businesses in responding to consumer requests or other obligations. The CPRA requires all sales, sharing, and disclosures of personal information for a business purpose to be made pursuant to a contract. Even disclosures of deidentified information to any recipient will require a contract setting out clear restrictions on attempts at reidentification. To comply with these new CPRA provisions, businesses will need to (1) develop the necessary contracting materials in preparation for a contracting exercise; (2) assess all transfers of personal information to identify which provisions are required for which recipients; and (3) begin the process of updating and negotiating the required agreements.

    Conduct Additional Data Mapping

    Businesses will need to identify any information that is shared, not just sold. To meet the CPRA’s data minimization requirements, businesses will need to establish and comply with document retention periods. Additionally, businesses need to understand what algorithms or automated decision-making processes are being performed on personal information collected and maintained by the business.

    Adjust Responses to Data Subject Access Requests

    The CPRA now requires businesses to use commercially reasonable efforts to correct inaccurate personal information in response to a verifiable consumer request. As a result, businesses must be prepared to adjust their response procedures or be ready to explain why they cannot meet a consumer request because “doing so proves impossible or would involve a disproportionate effort.”

    Businesses should also start preparing processes for how they will respond to California consumers who exercise their new privacy rights which include “do not share” requests, correction requests, and requests to limit the use of sensitive data. Finally, with more state privacy laws looming, many businesses will need to consider whether a “California versus everyone else” approach still makes sense for their business.

    Assess High-Risk Activities

    Per the CPRA, the California AG will at some point issue regulations requiring businesses whose processing poses “significant” risks to consumer privacy and security. These “high-risk” businesses will then need to perform annual security audits and submit regular risk assessments to the new CPPA. Companies that collect large volumes of sensitive data should start designing internal audit procedures in anticipation of this requirement. More details on this to come.

    Update Do-Not-Track and Advertising Models

    Businesses will need to anticipate and prepare their models for what advertising looks like with fewer cookies, tags, and pixels. They will also need to start reacting to Do-Not-Track signals and may need to adopt new opt-in marketing strategies. Given the volume of work this may entail, businesses should commence this earlier rather than later so as not to run into compliance issues when enforcement of the CPRA begins.

    More State Legislation Regarding Data Privacy

    The landscape of privacy law and compliance issues is changing rapidly as many states beyond California are enacting or contemplating new, more comprehensive privacy legislation similar to the CCPA/CPRA.

    Virginia Privacy Law

    Virginia became the second state to pass comprehensive data privacy legislation when it enacted the VCDPA on March 2, 2021. The VCDPA applies to entities that conduct business in Virginia or produce products or services that are targeted to Virginia residents and either (1) control or process the personal data of at least 100,000 consumers during a calendar year, or (2) control or process the personal data of at least 25,000 consumers and derive at least 50% of gross revenue from the sale of personal data. The VCDPA provides consumers rights of access, correction, deletion, data portability, appeal, and exclusion. Because the Act does not provide for any exceptions to these rights, businesses are expected to comply regardless of the hardship posed or the impractical nature of the request.

    To best prepare for these eventualities, businesses will need to update their policies that address the new obligations imposed upon them under the VCDPA including data minimization, purpose limitations, security controls, express consent requirements, and data protection assessments. Given that the VCDPA goes into effect in two years, businesses are strongly advised to start evaluating their current data processing activities and begin developing a compliance program that meets the requirements of the VCDPA.

    Other States Introducing Privacy Laws

    As the internet and new technologies continue to raise questions about privacy and use of PI, state lawmakers are trying to keep up by addressing novel privacy issues through legislation.

    California’s and Virginia’s legislatures are not the only ones paying attention to these shifting tides in the privacy law landscape. Several states, including Washington, Oklahoma, Connecticut, Florida, Illinois, and New Jersey currently have active bills awaiting committee hearings or votes. Other states such as Alabama, Arizona, Colorado, Kentucky, Maryland, Massachusetts, Minnesota, New York, Rhode Island, South Carolina, Texas, Utah, Vermont, and West Virginia recently introduced comprehensive privacy acts to state legislatures. Progress on these laws should be monitored closely over the next few months.

    Status of a Federal Privacy Law

    And, of course, no update would be complete without monitoring federal privacy legislation. Congresswoman Suzan DelBene (WA) introduced the Information Transparency and Personal Data Control Act on March 10, 2021, which would create a national data privacy standard for the protection of personal information, including information related to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, social security numbers, and religious beliefs, as well as information about minors.

    Given the potential patchwork of state laws mentioned above, many businesses would welcome a uniform standard, but the timing of when a comprehensive federal law will actually be enacted remains unclear.  For now, businesses must closely monitor the various state laws being passed and determine what laws they may need to comply with.

    Recent Court Decisions Regarding Privacy

    Data privacy litigation remains active, and recent court decisions have provided some clarity and guidance regarding the scope of certain privacy laws.

    Scope of CCPA’s Private Right of Action

    Certain recent court rulings have limited the scope of the CCPA’s private right of action.  For example, in Gardiner v. Walmart Inc. et al, No. 4:20-cv04618 (N.D. Cal.), defendants secured a ruling rendering a narrow interpretation of the CCPA. In Gardiner, a Walmart customer sued the retail company under the CCPA for failing to implement and maintain reasonable and appropriate security procedures and practices to protect information he gave to Walmart to create an account on the company’s website. Gardiner claimed that his personal information had been subject to unauthorized exfiltration on Walmart’s website and sold on the dark web, exposing him to purportedly ongoing risk of financial fraud and identity theft. On March 5, 2021, the District Court for the Northern District of California dismissed Gardiner’s claim for damages under the CCPA on two grounds. First, the court could not determine whether the alleged breach occurred before or after the effective date of the CCPA because the complaint did not specifically allege a date when the purported breach occurred. Second, the court held that in order to state a viable CCPA claim, a plaintiff must allege specific, unauthorized disclosure of “personal information.” This could indicate that courts will strictly interpret the CCPA to apply only where the specific categories of personal information listed in the law are actually exposed in a data breach. However, it is important to note that the court granted the Plaintiff leave to amend, allowing the Plaintiff to potentially cure the complaint’s shortcomings and perhaps get a second shot at litigating his claims.

    In McCoy v. Alphabet, Inc. et al., No. 5:20-cv-05427 (N.D. Cal.), the court held that there is no general private right of action under CCPA. Plaintiff Robert McCoy had filed a class action complaint against defendants Alphabet Inc. and Google LLC for monitoring and collecting the sensitive personal data of Android Smartphone users when they interact with non-Google applications on their smartphones, without first obtaining users’ consent. In its February 2, 2021 order denying in part and granting in part the Defendants’ motion to dismiss, the court emphasized that the Plaintiff had not pled a data security incident and had conceded during arguments that the CCPA claims should be dismissed because no data breach occurred. The order states that the CCPA, “confers a private right of action for violations of section [Cal. Civ. Code § 1798.150](a), which is related to personal information security breaches. Further, it explicitly states that ‘[n]othing in this title shall be interpreted to serve as the basis for a private right of action under any other law.’ Cal. Civ. Code § 1798.150(c).” Whether this reasoning is adopted in other cases remains to be seen.

    Standing in Data Privacy Cases

    At the Circuit Court level, there is currently ongoing dialogue regarding whether data breach victims can establish a right to sue merely by showing that they are at increased risk of identity theft.

    The Second Circuit Court of Appeals recently issued a decision in McMorris v. Carlos Lopez & Assocs., 2021 U.S. App. LEXIS 12328 (2d Cir. Apr. 27, 2021) clarifying that the risk of identity theft after a data breach may be grounds to sue. The latter notwithstanding, the court affirmed the dismissal of a proposed class action against a veteran’s health services company over an accidentally sent email that contained workers’ social security numbers. In the summer of 2018, Defendant’s employee accidentally sent an email to 65 others at the company. Attached to the email was a spreadsheet containing sensitive personally identifiable information of approximately 130 current and former employees. Three plaintiffs whose information had been disclosed filed suit. They asserted claims for negligence, negligence per se, consumer protection, and other state law claims on behalf of California, Florida, Texas, Maine, New Jersey, and New York classes. Upon the Defendant’s motion, the District Court dismissed the case for lack of subject matter jurisdiction. An appeal to the Second Circuit followed.

    On appeal, the Second Circuit noted that it has been “suggested” that there is a circuit split on standing in the data breach context concerning whether a plaintiff may establish standing based on a risk of future identity theft or fraud stemming from the unauthorized disclosure of that plaintiff’s data. However, the court found that “requiring plaintiffs to allege that they have already suffered identity theft or fraud as the result of a data breach would seem to run afoul of the Supreme Court’s recognition that ‘[a]n allegation of future injury may suffice’ to establish Article III standing ‘if the threatened injury is certainly impending, or there is a substantial risk that the harm will occur.’” The Second Circuit then went on to hold that in the abstract, “plaintiffs may establish standing based on an increased risk of identity theft or fraud following the unauthorized disclosure of their data.”

    The Second Circuit’s decision contrasts somewhat with the Eleventh Circuit’s recent opinion in Tsao v. Captiva MVP Restaurant Partners, LLC, 986 F.3d 1332, 1339 (11th Cir. 2021) holding that a plaintiff alleging a threat of future identity theft or other harm lacks Article III standing unless the hypothetical harm alleged is either certainly impending or there is a substantial risk of such harm taking place. (Emphasis added) The Tsao case arose out of a security breach at PDQ, a group of American restaurants owned by Captiva MVP Restaurant Partners. Within two weeks, PDQ posted a notice notifying its customers that its systems had been a victim of a cyber-attack. Tsao filed suit to recover damages stemming from the breach. The dispute in the class-action lawsuit was based on two questions. First, whether Tsao and the class of patrons of the restaurant had standing to sue because they were exposed to the future risk of identity theft, despite not suffering any misuse of their information. Second, whether Tsao’s efforts to mitigate the risk of future identity theft presented a concrete injury sufficient to establish standing. The Eleventh Circuit answered no to both issues.

    Conclusion

    In sum, we’re off to a fast and furious start to 2021, but more is coming. This ever-changing area of the law requires businesses to take proactive measures now to prepare themselves for the compliance obligations coming their way. Stay tuned for further developments. If your company needs assistance with any privacy issues, Coblentz Cybersecurity and Data Privacy attorneys can help. Please contact Scott Hall at shall@coblentzlaw.com for further information or assistance.

    Download a PDF version of this report here.

     

    [1] CPRA, Section 1798.100(c).

    [2] CPRA, Section 1798.100(a)(3).

  • UPDATE – Status of Eviction Moratoriums Protecting Residential and Commercial Tenants in Response to COVID-19 Pandemic

    Since we last reported on this topic, many of the residential and commercial eviction moratoriums that were enacted in response to the COVID-19 pandemic have been amended, replaced and/or extended. These moratoriums are generally set to expire on June 30, 2021. Depending on how COVID vaccination and the broader economic recovery play out in the coming months, these moratoriums may be further extended.

    Residential Evictions

    At the state level, the COVID-19 Tenant Relief Act (“CTRA”), which protects residential tenants from eviction for non-payment of rent due to COVID-19, is comprised of two statewide laws, AB 3088 and SB 91. Together, these laws have imposed a statewide eviction moratorium on evictions from March 1, 2020 through June 30, 2021 (the “State Moratorium Period”), and have replaced most of the local residential eviction moratoriums that were enacted at the start of the pandemic.

    Under the CTRA, a residential tenant that owes rent during the State Moratorium Period cannot be evicted for failure to pay rent so long as they provide the landlord with a signed declaration claiming financial hardship related to COVID-19 within the required timeframe, and, on or before June 30, 2021, the tenant pays 25% of the rent owed to the landlord during the period from September 1, 2020 through June 30, 2021. Tenants remain responsible for paying any unpaid rent to landlords, but those unpaid amounts are not a permitted basis for eviction or late fees. Landlords may begin to recover unpaid rent on or after August 1, 2021 in small claims court (even if the amount of unpaid rent exceeds $5,000).

    Commercial Evictions

    Although the CTRA only applies to residential tenants, Governor Newsom’s Executive Order N-80-20 (“EO N-80-20”) grants local governments the authority to enact protections for commercial tenants. Many local governments that have enacted commercial eviction moratoriums have tied the effectiveness of the protections to EO N-80-20, which is currently set to expire on June 30, 2021. Key provisions of some of the most important Bay Area commercial eviction moratoriums include:

    City and County of San Francisco:

    On November 25, 2020, the San Francisco Board of Supervisors adopted an Ordinance (the “SF Ordinance”) to address commercial evictions (which replaced the March 18, 2020 Mayor’s Order that is no longer in effect). Under the SF Ordinance, if a “covered commercial tenant” misses rent payments from March 16, 2020 through June 30, 2021 (the “SF Moratorium Period”) because of financial impacts resulting from the COVID-19 crisis, the landlord may not evict the covered commercial tenant.

    A “covered commercial tenant” is a tenant that (1) is registered to do business in San Francisco, and (2) has combined worldwide gross receipts for tax year 2019 equal to or below $25 million. However, the moratorium does not apply to for-profit entities occupying space in property zoned or approved for use as Office Use (as defined in Section 102 of the Planning Code), or to entities leasing property from the City and County of San Francisco.

    The landlord is not permitted to assess interest or other charges based on unpaid rents that were due during the SF Moratorium Period. Additionally, the landlord must provide smaller (fewer than 50 full-time employees) covered commercial tenants a forbearance period after the moratorium ends to repay the missed rent before it can evict a covered commercial tenant for non-payment. The forbearance period is tied to the number of full-time employees employed by the covered commercial tenant, and ranges from 12 to 24 months after the end of the SF Moratorium Period. The SF Ordinance will expire upon expiration of EO N-80-20 or any extensions of the order (currently set to expire on June 30, 2021). If EO N-80-20 is further extended, the SF Ordinance will automatically be extended by its terms.

    The SF Ordinance provides additional protection to small business owners with 10 or fewer full-time employees (“Tier 1 Tenants”). A Tier 1 Tenant that is unable to pay rent due to financial impacts related to COVID-19 has the option, despite any terms in the lease to the contrary, to terminate its lease if it fails to reach a mutually satisfactory agreement for repayment with the landlord.

    More detailed information on the SF Ordinance can be found here.

    City of Oakland:

    Under the City of Oakland’s commercial eviction moratorium, landlords are not permitted to evict small businesses (generally independently owned and operated businesses, which together with their affiliates have 100 or fewer employees, and average annual gross receipts of $15 million or less over the previous three years – more particularly defined in Government Code Section 14837(d)(1)(A)), and nonprofit organizations for failure to pay rent if such failure is due to a substantial decrease of income caused by the COVID-19 pandemic or by any governmental response to COVID-19, and is documented. This does not relieve commercial tenants of the obligation to pay back rent in the future. The City of Oakland’s commercial eviction moratorium will expire upon expiration of EO N-80-20 or any extensions of the order (currently set to expire on June 30, 2021). If EO N-80-20 is further extended, the City of Oakland’s commercial eviction moratorium will automatically be extended by its terms.

    Contra Costa County:

    On February 2, 2021, the Contra Costa County Board of Supervisors unanimously passed Urgency Ordinance No. 2021-04, which extended the temporary commercial eviction moratorium for commercial tenants through June 30, 2021. Under Urgency Ordinance No. 2021-04, landlords cannot evict a commercial tenant for failure to pay rent if the tenant demonstrates that failure to pay is directly related to a loss of income associated with the COVID-19 pandemic or any local, state or federal government response to the pandemic. In order to qualify, a tenant must document the loss of income. Landlords cannot charge or collect late fees on any unpaid rent from a commercial tenant who demonstrated loss of income. Commercial tenants have a grace period ending August 31, 2021 (unless the landlord agrees to a longer repayment period), to pay past due rent for the period from March 16, 2020 to June 30, 2021.

    Santa Clara County:

    On November 3, 2020, the Santa Clara County Board of Supervisors enacted Ordinance No. NS-9.293, which extended Santa Clara County’s eviction moratorium for small business tenants until the earlier of the expiration of EO N-80-20 or April 30, 2021. Unlike the other local eviction moratoriums described above, Santa Clara County’s eviction moratorium is currently set to expire on April 30, 2021. Small business tenants (defined in the U.S. Small Business Administration’s table of size standards by industry, codified in the Code of Federal Regulations at 13 C.F.R. Section 121.201) have 6 months after the moratorium expires or terminates to repay at least 50% of the past-due rent, and up to 12 months after the moratorium expires or terminates to repay in full the past-due rent. Landlords cannot charge late fees on unpaid rent due so long as the rent is repaid according to the above timeline. Santa Clara County’s commercial eviction moratorium does not prevent a landlord from pursuing lawful or “at-fault” evictions for reasons other than non-payment of rent.

    We will continue to monitor developments to the state eviction moratorium and local eviction moratoriums across the Bay Area. Contact Real Estate attorneys Tamara Lam-Plattes at tlam-plattes@coblentzlaw.com or Leah Collins at lcollins@coblentzlaw.com for additional information.

  • AB 1561 Extends Housing Entitlements by 18 Months

    The state has granted an 18-month extension to certain housing development entitlements that were otherwise due to expire before the end of 2021. AB 1561 (Garcia) was enacted last year to support continued housing production in light of the ongoing economic and administrative challenges created by the COVID-19 pandemic. Its provisions apply to approvals, permits, and entitlements for housing development projects issued by a state or local agency that were in effect on or before March 4, 2020 and that would otherwise expire before December 31, 2021. Under AB 1561, these housing entitlements are extended for 18 months from their original expiration date.

    This 18-month permit extension applies to entitlements for housing development projects and mixed use projects in which at least two-thirds of the square footage is residential, including the following:

    A. State Permits: A legislative, adjudicative, administrative, or any other kind of approval, permit, or other entitlement necessary for, or pertaining to, a housing development project issued by a state agency;
    B. Local Permits: An approval, permit, or other entitlement issued by a local agency for a housing development project that is subject to the California Permit Streamlining Act (Gov. Code § 65920 et seq., which includes a broad range of discretionary development approvals);
    C. Ministerial Permits: A ministerial approval, permit, or entitlement by a local agency required as a prerequisite to the issuance of a building permit for a housing development project;
    D. Application Submittal Deadlines: A requirement to submit an application for a building permit within a specified period of time after the effective date of a housing entitlement described in subparagraph (B) or (C); and
    E. Vested Rights: A vested right associated with an approval, permit, or other entitlement described in (A)-(D), above.

    Some limited exceptions apply; for example, the legislation does not extend the life of development agreements or projects approved pursuant to the SB 35 ministerial streamlining process. Additionally, the protections of AB 1561 do not apply to housing entitlements that were previously extended by at least 18 months by a local agency on or after March 4, 2020 and before September 28, 2020 (the effective date of AB 1561). However, the protections otherwise support a broad range of housing-related approvals, reflecting the legislature’s intent to provide developers with a longer runway to support the construction of housing development projects in the context of a state-wide undersupply of housing intensified by the pandemic-induced recession.

    Extensions for San Francisco Projects

    On March 16, 2021, San Francisco’s Zoning Administrator issued a Letter of Determination indicating that the City’s typical approval condition, which provides extensions for delays caused by a public agency, an appeal, or legal challenge, is deemed trigged for the recognized delay period of March 17, 2020 through March 16, 2021. For example, if a project’s required performance period is July 17, 2017 to July 17, 2020 (otherwise expiring 4 months after the beginning of the recognized delay period), the performance period is extended for 4 months (the duration of the overlap between the performance period and the recognized delay period in this example). Any such extension granted by the City of San Francisco runs concurrently with the 18-month extension granted by AB 1561.

    No additional action is needed by state or local agencies to apply the 18-month extension to covered housing entitlements. However, interpretation and implementation may vary by individual agency, so it is advisable to consult with counsel on a project-specific basis about the analysis and how best to memorialize the extension.

  • Are You Prepared to Submit Your Employee Pay Data to the DFEH?

    By Fred Alvarez

    On September 30, 2020, the California legislature passed SB 973, California’s pay equity data law. The law, codified under Government Code section 12999, requires certain employers with California employees to file an annual Employer Information Report that includes employee data on pay, hours, and demographics (“pay data”). Pay data is due to the DFEH (California Department of Fair Employment and Housing) on March 31, 2021.

    Who Must Report?

    All private employers with “100 or more U.S. employees and who [are] required to file an annual Employer Information Report (EEO-1) pursuant to federal law,” and at least one California employee must file an annual Employer Information Report.

    An employer has the requisite number of employees if the employer either employed 100 or more employees in the Snapshot Period chosen by the employer or regularly employed 100 or more employees during the Reporting Year. The Snapshot Period is a single pay period between October 1 and December 31 of the Reporting Year, which is “the prior calendar year.” For this year, then, the Reporting Year is January to December 2020, while the Snapshot Period is any pay period between October 1 and December 31, 2020.

    What Must Employers Report?

    Employers must report data similar to what was required in the federal EEO-1, Component 2 form. The EEOC has since discontinued the use of the Component 2 form, but is studying the data it has collected from employers so far. In enacting SB 973, the California legislature has decided to pick up where the EEOC left off.

    DFEH has now provided a data report template for both Excel and CSV files here.

    As seen in the template reports, employers must provide the following data:

    • For each establishment, during the Snapshot Period, the number of employees by race, ethnicity, and sex in ten different job categories.
    • The number of employees—by race, ethnicity, and sex—whose annual earnings fall within each of twelve pay bands ranging from $19,239 and under to $208,000 and over.
    • The total number of hours each employee worked during the entire Reporting Year, plus any paid time off hours.
    • The Reporting Year and the Snapshot Period the employer selected.
    • Additional employer information, including contact information, NAICS codes, total number of employees, and total number of establishments.
    • Any clarifying remarks.
    • A certification that the information contained in the pay data report is accurate and prepared in accordance with the law.

    Employers must submit their pay data reports to DFEH’s pay data submission portal here. DFEH has also provided answers to common questions here.

    How Will The Pay Data Be Used?

    The California Legislature enacted this bill to encourage employers to self-assess potential pay disparities among their employees across race, gender, or ethnicity lines, and to promote compliance with equal pay and anti-discrimination laws.

    It is important to note that the law now empowers DFEH to “receive, investigate, conciliate, mediate, and prosecute” complaints alleging unlawful practices in violation of the Equal Pay Act. The law also provides the Division of Labor Standards Enforcement access to this data, an authority already empowered to enforce labor laws.

    These pay data reports are supposed to be a tool for self-compliance by employers and a tool for California agencies to enforce equal pay and anti-discrimination laws. As explored further below, however, challenges may arise when analyzing the pay data. For example, the reported job categories easily encompass employees with a variety of educational and professional backgrounds, roles, and responsibilities. In fact, the EEOC recently announced a contract with the National Academies of Sciences, Engineering, and Medicine’s Committee on National Statistics to independently assess the “quality and utility” of the equivalent federal pay data. The analysis is expected to conclude in 2021, but may shed significant light on employer concerns about the usefulness and validity of combining so many different jobs into the broad EEO-1 categories.

    The California pay data is confidential under the law, and not subject to the California Public Records Act. It will not, however, be kept confidential for “administrative enforcement or through the normal rules of the discovery in a civil action.” DFEH is also empowered to publish aggregated data from multiple employers.

    What Issues Should I Be Aware of When Gathering and Submitting Pay Data?

    Identifying Employees

    The definition of employee under Government Code section 12999(m)(1) is, “an individual on an employer’s payroll, including a part-time individual, whom the employer is required to include in an EEO-1 Report and for whom the employer is required to withhold federal social security taxes from that individual’s wages.” This definition raises a number of considerations when categorizing and counting employees.

    Some issues to watch out for when identifying employees and tallying up your total number of employees include:

    • Making sure that you count both full-time and part-time workers;
    • Determining whether any temporary workers provided by a staffing agency or independent contractors still meet this definition of “employee;” and
    • Identifying employees located both inside and outside of California, and correctly categorizing teleworking employees (for example, all employees assigned to California establishments must be reported whether or not they are teleworking).

    Multiple Establishment Companies & Multiple Entities

    Both single-establishment and multiple-establishment employers should submit single pay data reports. Multiple-establishment employers should report on all of their establishments.

    Additionally, if your company is a parent company or a subsidiary, you should consider how to collectively submit pay data. Parent companies may submit a pay data report for themselves and their subsidiaries if the companies constitute a single legal entity. Alternatively, parent companies and their subsidiaries may each submit their own pay data reports.

    Gathering and Submitting Pay Data

    There are a number of challenges embedded in the pay data reporting framework.

    Employee Demographic Data

    First, employers must report on employees race, ethnicity, and sex. While employee self-identification is the preferred method of identifying an employee’s race, ethnicity, and/or sex, employers must still report the demographic data of employees who decline to provide this information. That means employers should use current employment records, other reliable records or information, or, as a last resort, observer perception. Employers should be particularly sensitive regarding the use of observer perception to categorize and report on an employee’s demographic data. In fact, the DFEH has indicated that observer perception should not be used to identify employees’ sex, but rather information such as the employees’ preferred pronouns.

    Moreover, the available demographic categories are themselves limited. Employers should report employees’ sex by the three genders recognized in California: female, male, and non-binary. Employers should report race and ethnicity according to the following seven categories:

    • Hispanic/Latino
    • Non-Hispanic/Latino White
    • Non-Hispanic/Latino Black or African American
    • Non-Hispanic/Latino Native Hawaiian or Other Pacific Islander
    • Non-Hispanic/Latino Asian
    • Non-Hispanic/Latino American Indian or Alaskan Native
    • Non-Hispanic/Latino Two or More Races

    But not all employees will easily fit into one of these categories. For example, a male trans employee may self-identify as either male or non-binary. Similarly, an employee with both Hispanic/Latino heritage and Non-Hispanic/Latino heritage may not self-identify with any of the race/ethnicity categories above.

    Employee Job Category Data

    Second, employers must categorize employees as fitting into one of ten broad EEO-1 job categories used by the EEOC:

    • Executive or senior level officials and managers;
    • First or mid-level officials and managers;
    • Professionals;
    • Technicians;
    • Sales workers;
    • Administrative support workers;
    • Craft workers;
    • Operatives;
    • Laborers and helpers; and
    • Service workers.

    Each of these categories is extremely broad both in terms of the types of job it encompasses, and the educational or experiential backgrounds of individual employees in that category. For example, the “Professionals” category includes both architects and dentists—and it includes architects and dentists with both thirty years’ experience and with five years’ experience. Further guidance on these categories is available on the EEOC.gov website.

    Employee Salary Data

    Employers must provide employee salary data into one of 12 pay bands increasing from $19,239 and under to $208,000 and over. These pay bands are thus particularly limited for highly-paid employees. For example, if all of a company’s employees in the job category “executive or senior level officials and managers” are paid $250,000 or more, the pay bands would not track differences in that high level of compensation among employees of different races, ethnicities, or sexes.

    Putting It All Together

    Given the analytical limitations of combining numerous, distinctive jobs into one of ten broad job categories, and then inserting them into 12 arbitrary pay bands, and the likelihood that the data will be (1) used in an enforcement action by a California state agency, or (2) uncovered via civil discovery methods, employers should consider providing “clarifying remarks” when submitting pay data. Clarifying remarks provide employers the opportunity to note the problems inherent in the pay data categories, and to preemptively note that any apparent pay disparities do not reflect comparisons of comparable jobs, employee roles, educational backgrounds, or seniority associated with jobs included and aggregated for reporting purposes only.

    What Should I Do If I Have Additional Questions?

    If you have specific questions or want to discuss how the Pay Equity Data Law may affect your business, please contact Fred Alvarez at falvarez@coblentzlaw.com or any attorneys from the Labor and Employment team here at Coblentz Patch Duffy & Bass LLP.

  • San Francisco Kicking Off General Plan Update Process: Virtual Workshops Coming March 15th

    The San Francisco Planning Department is updating the City’s General Plan, and Department staff will be holding a two-week series of online workshops on the proposed General Plan updates beginning Monday, March 15th. All development projects must be consistent, on balance, with the General Plan’s objectives and policies, so these updates are of high interest for San Francisco developers.

    Key General Plan Elements undergoing significant updates include the Transportation Element, the Community Safety Element, and the Housing Element. These updated elements will include environmental justice policies per the requirements of California Senate Bill 1000, which we blogged on in 2018. According to the Department, this round of General Plan updates will focus on goals and policies addressing racial and social equity, housing, transportation, climate resilience, and environmental justice.

    The two-week workshop series is designed to gather public input via Zoom on the updates to the General Plan and to allow Planning Department staff to provide overviews of the various topics being addressed in the updates. Planning Department staff has indicated that the workshop series will also serve a capacity-building purpose, by encouraging meaningful and ongoing public engagement in the planning process, particularly among those San Franciscans who historically have been underrepresented in the planning process.

    Registration for the online workshops can be accessed at this link. We will keep you posted on the timing and schedule for the General Plan updates as that information becomes available.

  • What 2020 Land Use Cases Taught (Or Reminded) Us About Litigation Basics

    By Skye Langs

    Last year brought the legal profession many things that we never expected, like trials conducted by Zoom and virtual happy hours, just to name a few. But it also brought a handful of new CEQA and land use decisions that, like many of the events of 2020, reminded legal practitioners to focus on the fundamentals. In litigation, that includes document preservation, evidence, and remedies. These details, though often overlooked in writ proceedings, can make or break your case.

    Document Preservation

    Civil litigants who know or reasonably anticipate that litigation is on the horizon have a duty to preserve relevant documents or risk sanctions (including, in extreme cases, terminating sanctions). In Golden Door Properties, LLC v. Superior Court of San Diego County (2020) 53 Cal.App.5th 733, we were reminded that this rule applies with equal force to a public agency conducting CEQA review.

    In 2014, San Diego County began considering an approximately 600-acre residential and commercial development adjacent to the upscale Golden Door spa and resort. Almost immediately, Golden Door raised concerns about the project’s environmental impacts, and informed the County it would oppose the development. Nonetheless, the County took no special precautions to preserve documents or suspend its automatic deletion of emails.

    Four years later, after the publication of the project’s Draft Environmental Impact Report, Golden Door served the County with a Public Records Act request, seeking documents related to the project. In response, the County produced 42 emails. When questioned about the limited production, the County explained that it had a policy of automatically deleting emails after 60 days.

    The Fourth District Court of Appeal held that the County’s automatic deletion policy is unlawful because it destroys official records that the County is required to maintain. Specifically, CEQA provides that a broad range of documents “shall” be part of the record, including all correspondence and written materials relevant to the public agency’s compliance with CEQA or its decision on the project. (Pub. Res. Code § 21167.6.) By automatically deleting emails, the County made it impossible to create the required record.

    Without an adequate record, the County may not be able to demonstrate its compliance with CEQA, adequately inform the public about the project, or demonstrate to the Court that its decisions are supported by substantial evidence. In other words, like any civil litigant, the County risked being penalized in future litigation due to poor document retention policies. But this risk can be avoided. Public agencies (as well as developers who partner with them) can take steps to ensure that all documents relevant to a project’s approval are maintained, and available in the event of future litigation.

    Evidence

    Just as civil litigators know that documents need to be preserved, we also know that at trial, we need to present the evidence that proves our case. This means putting on reliable witnesses who can provide testimony that satisfies the legal standards we are trying to meet. And in Tiburon/Belvedere Residents United to Support the Trails v. Martha Company (2020) 56 Cal.App.5th 461, we learned that it doesn’t matter how many witnesses you put on if they don’t check these boxes.

    Petitioners Tiburon/Belvedere Residents United to Support the Trails (TRUST) sought quiet title to privately owned property north of San Francisco based on an alleged implied dedication that occurred prior to 1972, when a change in law essentially abolished implied dedications. To prove its case, TRUST needed to show that the property at issue was used by the general public, openly and continuously, for a period of more than five years preceding 1972, with full knowledge of the owner, without asking or receiving permission, and without objection.

    TRUST put on 28 witnesses who testified that from 1967 to 1972, they used the property for recreation, without permission from the owner, and without any objections. Despite the overwhelming number of TRUST witnesses, there were two fatal flaws in the evidence presented.

    First, and perhaps as an unavoidable consequence of the passage of time, almost half of its witnesses were minors in 1972. As the court noted, children are “‘born trespassers’ who cannot establish a reasonable belief by the public of its right to use the property.”

    Second, all of TRUST’s witnesses lived in the area at the time. In other words, their testimony did not demonstrate widespread use by the general public, but rather showed limited local use that the property owner may have consented to as a neighborly accommodation, or failed to notice due the low visibility associated with local, as opposed to widespread, use.

    In contrast, the property owner, who had diligently saved photographs showing fences, gates, and no trespassing signs on the property during the relevant time period, presented testimony demonstrating that it attempted to prevent public use. This, combined with the TRUST’s failure of proof, secured judgment in the property owner’s favor.

    The lesson here? Even if – or perhaps especially if – your case relies on events that occurred well in the past, the quality of your evidence matters. As you prepare for trial, make sure you have the witnesses, and the testimony, to prove each element of your claim.

    Remedies

    While we must focus on proving our case, we also can’t overlook the most important part – what we get if we win, and how to minimize our losses if we don’t. But in CEQA cases, it is common for petitioners to simply request that the project approvals be vacated, with little analysis or argument about how to craft that relief. Last year, Sierra Club v. County of Fresno (2020) 57 Cal. App. 5th 979, reminded us that we should take as much care with remedies in writ proceedings as we do with damages, declaratory relief, or other civil remedies.

    Sierra Club is the most recent installment of the Friant Ranch saga, which first began in 2007, when the County of Fresno issued its notice of preparation of a draft Environmental Impact Report (EIR) for a 942-acre master planned community. After the project was approved in 2011, litigation ensued, and the case has been working its way through the courts ever since. In 2018, the California Supreme Court concluded that the EIR’s discussion of the project’s air pollution impacts was inadequate, and remanded the case for further proceedings. (See Sierra Club v. County of Fresno (2018) 6 Cal.5th 502.) On remand, the trial court issued the requested writ of mandate, ordering the County to vacate the Friant Ranch project approvals and prepare a revised EIR.

    The developer argued that this remedy was improper, and that instead of vacating the project approvals in their entirety, the court should have ordered a partial decertification of the EIR. The Court of Appeal for the Fifth District disagreed, holding that the relevant statutory language does not allow for partial certification. CEQA requires that lead agencies “certify the completion” of an EIR, and its compliance with CEQA, in its entirety. (See Pub. Res. Code § 21100; 14 Cal. Code Regs. § 15090.) There is no half measure.

    One provision does, however, opens the door for partial decertification. Public Resources Code section 21168.9 contemplates that a court may issue a writ of mandate voiding a “determination, finding, or decision” of a public agency “in whole or in part.” While that language could support partial decertification of an EIR, the Court of Appeal concluded it was not proper in Sierra Club because the EIR’s air quality analysis was not severable from the other aspects of the project approvals.

    Setting aside the statutory language, and the question of severability, it is apparent that the trial court decertified the EIR in its entirety because this was the remedy sought by the petitioners. At no point prior to the issuance of the writ of mandate did the County or the developer argue that this relief was improper, or present an argument for partial, rather than full, decertification. If they had addressed the remedies before it was too late, and presented a full-throated argument for partial decertification, it is possible that they could have minimized the impacts of this loss.

    2021 and Beyond

    This year will likely bring the legal profession even more surprises. But taking care of the basics such as document preservation, evidence, and remedies can often make the biggest difference in disputes, no matter how large or complex.