civil rights – Page 6

EEOC to Halt Investigations into Disparate Impact Claims

Takeaways

An internal EEOC memo reportedly directs the agency to discharge all disparate impact discrimination claims.
The directive furthers an executive order issued by the president earlier this year.
The policy is a significant departure from the EEOC’s previous enforcement strategies and may have the effect of allowing parties alleging disparate impact claims to bypass the administrative process under federal law.

Federal District Court Rejects North Carolina Redistricting Challenge Seeking to Require Race-Based Districts

On September 30, a federal district court upheld North Carolina’s state Senate redistricting plan under the Voting Rights Act (VRA), rejecting a Section 2 challenge brought by two North Carolina voters who argued the map diluted black voters’ voting strength. The case is Pierce v. North Carolina State Board of Elections.
The plaintiffs argued the state legislature “violated Section 2 of the Voting Rights Act … by not engaging in race-based districting and not creating a majority-black Senate district in northeast North Carolina.” The court noted that “the record demonstrates that when the General Assembly drew the maps and created all the districts … in October 2023 for use in the 2024 elections, the General Assembly did not have racial data in the computer.” Plaintiffs alleged the new map, drawn without racial data, diluted Black voters’ voting strength and Section 2 of the VRA required a majority-Black Senate district be drawn in the northeast region of the state.
The district court concluded the plaintiffs failed to demonstrate a Section 2 violation, stating it would not “use Section 2 to direct the General Assembly to engage in the odious practice of sorting voters by race.” The court determined that the record showed that “communities in northeast North Carolina,” and “communities throughout North Carolina,” are “communities in which minority citizens are able to form coalitions with voters from other racial and ethnic groups, having no need to be a majority within a single district in order to elect candidates of their choice.”
The court’s opinion discussed numerous shortcomings with the plaintiffs’ case. The court discounted the plaintiffs’ expert witnesses and analyses as not credible and rejected evidence of historical discrimination in the state as not relevant to current circumstances. The court also noted the results of North Carolina’s 2024 election and the success of minority candidates recently elected under the challenged plan.
Most fatal issue to the plaintiffs’ case, however, was the U.S. Supreme Court’s 2017 decision in Cooper v. Harris, which found that racially polarized voting did not exist in North Carolina. Racially polarized voting is an essential element to establish a Section 2 “vote dilution” violation under Thornburg v. Gingles, and without that element, the courts cannot require the drawing of a majority-minority district. In Gingles, the Supreme Court established a framework for determining when a majority-minority district is required to be drawn under Section 2 of the VRA, and that framework has been the subject of nearly constant litigation ever since.
The district court’s decision previews the focus of upcoming arguments in the Supreme Court in Louisiana v. Callais. The Court heard Callais* last term but, after failing to produce a decision, ordered the case be reargued so that it could further consider whether the Court’s nearly 40-year project of requiring specially drawn majority-minority districts under Section 2 of the Voting Rights Act is consistent with the U.S. Constitution. The Justices will hear the case on October 15, with the central question being whether Louisiana’s intentional creation of a majority-minority congressional district to satisfy a district court’s demands under Section 2 of the VRA violates the 14th and 15th Amendments.
* Holtzman Vogel represented the state at the trial court in Callais and filed an amicus brief for Governor Landry at the Supreme Court in the Callais matter.

Navigating the DOT’s Interim Final Rule on DBE Certification Standards – and Preparing for the (Bumpy) Road Ahead

Last week, as a result of the federal government shutdown, news outlets reported on a pause in processing project reimbursements for the massive bi-state Hudson Tunnel Gateway Program and New York City’s Second Avenue Subway line. Beyond the political finger-pointing and investigation into the pause’s impact (the billions of dollars already appropriated remain untouched) is the federal Department of Transportation’s publication, also last week, of its interim final rule (“IFR”) Docket No. DOT–OST–2025–0897. Effective October 3, 2025, this IFR removes from its regulations at 49 C.F.R. Parts 23 and 26 race and gender-based presumptions of social and economic disadvantage from DOT’s regulations governing its Disadvantaged Business Enterprise (DBE) and Airport Concession Disadvantaged Business Enterprise (ACDBE) programs. In doing so, it replaces terms like “race-neutral/race-conscious” with “DBE-neutral/DBE-conscious” frameworks, and adds new sections (§§ 23.81 and 26.111) that require each Unified Certification Program (UCP), i.e., each state’s agency that sets the criteria for firms seeking DBE/ACDBE certification, to reevaluate any currently certified DBE, to recertify any DBE that meets the new certification standards, and to decertify any DBE that does not meet the new certification standards or fails to provide additional information required for submission under the new certification standards.
There have been strong reactions to not just the substance of DOT’s rule, but to the agency’s issuance of a rule without first seeking public comment. Although the federal Administrative Procedure Act does generally require agencies to provide the public with notice of proposed rulemaking and an opportunity to comment prior to publication of a substantive rule, it contains exceptions. For example, 5 U.S.C. § 553(b)(B) authorizes agencies to publish a final rule without first seeking public comment on a proposed rule “when the agency for good cause finds (and incorporates the finding and a brief statement of reasons therefor in the rules issued) that notice and public procedure thereon are impracticable, unnecessary, or contrary to the public interest.”
In its IFR, DOT explains that it was constrained to determine that race- and sex-based presumptions of the DBE and ACDBE programs violate the U.S. Constitution in light of:

The September 23, 2024, decision of the U.S. District Court for the Eastern District of Kentucky (Mid-America Milling Co., LLC v. U.S. Department of Transportation, et al., No. 3:23-cv-72-GFVT) determining that the DBE program’s statutory race- and sex-based presumptions likely do not comply with the Constitution’s promise of equal protection under the law, and issuing a preliminary injunction that prohibits DOT from mandating the use of presumptions with respect to its contracts;
The President’s three Executive Orders: Executive Order 14151, Ending Radical and Wasteful Government DEI Programs and Preferencing, January 20, 2025; Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity, January 21, 2025; and Executive Order 14219, Ensuring Lawful Governance and Implementing the President’s “Department of Government Efficiency” Deregulatory Initiative, February 19, 2025; and
The U.S. Attorney General’s March 21, 2025, memorandum directing all Federal agencies to implement these Executive Orders.

Without this IFR, DOT explained, its own regulations would continue to require funding recipients to apply those very same presumptions, thus rendering “impracticable and contrary to the public interest a confusing and contradictory situation to continue during a notice-and-comment process.” Further, DOT added, notice-and-comment is unnecessary where a regulatory action is required as a matter of law to ensure consistency with rulings of the United States Supreme Court, which in this instance include Students for Fair Admissions, Inc. v. Harvard, 600 U.S. 181 (2023) (previously discussed).
As for eliminating the presumption that individuals from certain racial or gender groups are “socially disadvantaged,” DOT explained that its small business initiatives were always “intended to level the playing field for businesses seeking to participate in federally assisted contracts and in airport concessions,” and yet:
Although the Programs aim to assist small businesses owned and controlled by “socially and economically disadvantaged individuals,” Congress has mandated by statute that DOT treat certain individuals—women and members of certain racial and ethnic groups—as “presumed” to be disadvantaged. Other individuals do not benefit from that statutory presumption. This means that two similarly situated small business owners may face different standards for entering the program, based solely on their race, ethnicity, or sex.
* * *
[T]here is not a strong basis in evidence that the race- and sex-based presumptions used by the DBE and ACDBE programs are necessary to support a compelling governmental interest, and the presumptions are not narrowly tailored (both of which are necessary to comply with the Constitution). The government has no compelling justification for engaging in overt race or sex discrimination in the awarding of contracts in the absence of clear and individualized evidence that the award is needed to redress the economic effects of actual previous discrimination suffered by the awardee.
Thus, through the IFR, DOT is implementing amendments that “center the DBE program’s purpose of leveling the playing field for businesses owned and controlled by socially and economically disadvantaged individuals while providing excellent service to the American people.”
DOT’s new standard for qualifying as a DBE or ACDBE will be determined on a case-by-case basis: in addition to the already-required personal net worth statement, applicants (and existing certified firms) must now submit a Personal Narrative (PN) that details specific instances of hardship, systemic barriers, or denied opportunities, and explain how those impediments caused economic harm relative to similarly situated non-disadvantaged individuals. The states’ UCPs shall use this standard in reevaluating all currently certified DBE/ACDBE firms and must suspend goals and “counting” DBE/ACDBE participation toward overall goals until re-certification is complete.
There are number of practical consequences not addressed by the IFR. In the midst of the frenzy of currently qualifying firms assembling supporting evidence to accompany their PNs, states’ UCPs will need, first, an objective set of criteria by which to determine “socially and economically disadvantaged,” and second, the staffing to sort through the submissions in what will necessarily be a more rigorous review. Government agencies using DOT funds may be halted in their public procurement pending their establishment of new goals and certification of qualifying firms. General contractors completing projects using DOT funds and dependent on currently qualifying subcontractors to meet their DBE/ACDBE goals may be unable to close out that portion of their compliance, slowing down payment. And it is almost a foregone conclusion that the pending uncertainty will engender a wave of bid protests and appeals regarding DOT-funded projects that, it seems, presently cannot be resolved.
The IFR does acknowledge that “[s]everal provisions may lead to increased or decreased burdens for applicants, certifying agencies, and recipients related to transitional documentation requirements, the degree of technical rigor in disparity studies, and changes in program reporting.” It does not deny that there will be quantified costs as well, projected to be $95 million, although noting they will be “transitional and one-time, … with recurring annualized burdens of about $1.8 million.”
The UCPs, directly affected firms, and prospective new applicants will likely need DOT to offer guidance, training, and resources for administering the new rules and attainment of the new evidentiary standard. This is a big ask even in times where there is no government shutdown. In the meantime, small firms should consider specific historic, personal examples of disadvantageous environments and perceived deprivation of opportunities when formulating their PNs. The burden of proof may not ultimately be that high, especially where there are UCPs inclined to award certifications. Plus, there may be more open doors to newly qualifying firms, creating more options for general contractors in their bidding and project progression, perhaps lowering overall bids, with reverberating benefits to the general public.

Using Patient Photos in Marketing? OCR Settlement Highlights HIPAA Compliance Requirements

Businesses across many industries naturally want to showcase their satisfied customers. Whether it’s a university featuring successful graduates, a retailer highlighting happy shoppers, or a healthcare facility showcasing thriving patients, these real-world testimonials can be powerful marketing tools. However, when it comes to healthcare providers subject to HIPAA, using patient images and information for promotional purposes requires careful navigation of both federal privacy rules and state law requirements.
In a recent case, the failure to comply with these requirements resulted in a $182,000 fine and a two year compliance program for a Delaware nursing home, according to the resolution agreement.
The Office for Civil Rights (OCR), which enforces the HIPAA Privacy and Security Rules, recently announced an enforcement action that serves as an important reminder of these obligations. The case involved a nursing home that posted photographs of approximately 150 facility residents over a period of time to its social media page. These postings were part of a campaign to highlight the success residents were achieving at the nursing home. When a resident complained to OCR, the agency investigated and found the covered entity had not obtained the required HIPAA authorizations or complied with breach notification requirements. The enforcement actions that followed underscore that even seemingly benign marketing practices can trigger significant compliance issues under HIPAA.
Understanding HIPAA’s Authorization Requirements
Under HIPAA, covered entities may generally use and disclose protected health information (PHI) for treatment, payment, and healthcare operations, and certain other purposes, without patient authorization. Marketing activities, however, fall outside these permissible uses. In the OCR investigation, the covered entity didn’t simply share photographs—it also disclosed information about residents’ care to tell “success stories” of patients at their facilities. This combination of visual identification and health information, according to the OCR, constituted a use of PHI requiring express patient authorization under HIPAA.
The authorization requirement isn’t merely a technicality. HIPAA authorizations must meet specific regulatory standards, such as a clear description of the information to be disclosed, the purpose of the disclosure, and a date or event after which the authorization will cease to be valid. A patient’s informal agreement or willingness to participate doesn’t satisfy these requirements.
The Breach Notification Complication
The OCR investigation revealed another compliance failure: not providing the required breach notification. Under HIPAA’s Breach Notification Rule, a disclosure not permitted under the Privacy Rule can constitute a reportable breach requiring notification to affected individuals and potentially to OCR and the media. This means that a marketing misstep can go beyond just failing to get an authorization.
Lessons from Social Media Cases
This isn’t an isolated concern. Similar issues have arisen when healthcare providers, such as dentists and other practitioners, responded to patient complaints on platforms like Google and Yelp. Well-intentioned responses that acknowledge treating a patient or try to resolve the patient’s concerns can violate HIPAA. These cases make clear that covered entities must think carefully about any use or disclosure of patient information outside the core functions of treatment, payment, and healthcare operations, even when the patient may have disclosed the same information already.
State Law Adds Another Layer, Including for Regulation of AI and Biometrics
HIPAA compliance alone may not be sufficient, particularly when potentially more stringent protections exist at state law. Many states have laws and common law obligations requiring consent before using a person’s image or likeness for commercial purposes, as well as specifics concerning what that consent should look like. Covered entities must ensure they’re meeting both HIPAA authorization requirements and any applicable state law consent requirements. They also should be sure to understand the technologies they are using, including whether they are inadvertently collecting biometric data.
Looking ahead, covered entities should be aware that several states have begun enacting or amending laws addressing how businesses can use digital replicas of individuals, particularly in the AI context. As healthcare organizations increasingly adopt AI technologies, questions about using patient images or data to create or train AI systems, will require careful analysis under both existing HIPAA rules and these emerging state laws.
The Bottom Line
The message for HIPAA covered entities is clear: think before you post, promote, or publicize to good work you do for your patients. Even when patients are willing participants in marketing efforts, formal HIPAA authorizations and state law consents may be required. The cost of non-compliance—including financial settlements, required corrective action plans, and reputational harm—far exceeds the investment in proper authorization processes. When in doubt about whether patient information can be used for a particular purpose, covered entities should consult with privacy counsel to ensure full compliance with both federal and state requirements.

The Watchdogs Go to Sleep; How the Government Shutdown Affects Labor Agencies

As has been widely publicized in the general and social media, on October 1, 2025, the U.S. federal government officially entered a shutdown of the 2026 fiscal year due to Congress’ failure to authorize continuing appropriations. Even in a funding gap shutdown, some essential governmental activities — especially those related to health and safety matters — continue, albeit in a more limited fashion. Here is a summary of how the shutdown has affected the agencies that most directly impact employment-related matters.
Department of Labor (DOL):
Wage and Hour Division (WHD): Most regulatory and enforcement activities have ceased, except for those involving health and safety (e.g., child labor violations). Only 10 out of a pre-shutdown total of 1,270 employees remain active. Standard investigations, compliance audits, and technical assistance are paused.
Occupational Safety and Health Administration (OSHA): Operations are limited to critical functions, such as: inspections of imminent danger situations; investigations of workplace fatalities and catastrophes; enforcement actions needed to meet statutory deadlines for citations; and follow-up inspections of serious violations. OSHA’s adjudicatory body, the Occupational Safety and Health Review Commission (OSHRC), is closed, delaying hearings and settlements.
Foreign Labor Certification: The Foreign Labor Application Gateway (FLAG) system is offline, halting Labor Condition Applications (LCAs) and PERM processing, which are necessary to process certain work-related visas.
Other DOL Agencies: The Bureau of Labor Statistics, Office of Federal Contract Compliance Programs, and other sub-agencies are completely shut down, affecting data collection and regulatory reviews. The DOL will continue to provide support for the payment of benefits for which funding has not lapsed, including the Black Lung Benefits Act, the Federal Employees’ Compensation Act, the Energy Employees Occupational Illness Compensation Program Act, the Longshore and Harbor Workers’ Compensation Act, the War Hazards Compensation Act, and the Trade Adjustment Assistance (TAA) Program.
Equal Employment Opportunity Commission (EEOC):
Approximately 1,686 of 1,814 employees have been furloughed. There will be no new investigations, mediations, or hearings, no processing of Freedom of Information Act (FOIA) requests, and public outreach and trainings are halted. Limited functions that remain active include docketing new charges where filing deadlines are imminent and continuing court litigation where continuances haven’t been granted.
National Labor Relations Board (NLRB):
There will be no processing of new representation petitions, all union elections and administrative hearings are postponed, and all case handling, investigations, and public outreach are halted. All filing deadlines are tolled, meaning they are paused and will resume once the shutdown ends. The NLRB website is effectively inoperative.
Federal Courts:
The federal courts remain open and are functioning normally (at least through October 17, 2025), as they are able to use reserve funds and court filing fees to remain operational. The Case Management/Electronic Case Files (CM/ECF) system continues to operate, allowing electronic filings and access to court documents. Nevertheless, some courts and particular judges have granted stays in civil cases, especially those where the federal government is a party. The website for the applicable district or appellate court as well as each judge’s webpage should be consulted, especially after October 17.
Should the shutdown continue on beyond this week, even some of the ongoing activities described here may be scaled back, so be sure to consult our future editions. If/when the government reopens each agency, we will provide updates on when postponed matters will be handled.

Beyond the Clinical Setting: OCR’s Settlement with Cadia Further Demonstrates OCR’s Focus on HIPAA Compliance in the Digital World

On September 30th, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Cadia Healthcare Facilities for potential violations of the HIPAA Privacy and Breach Notification Rules. The Cadia Healthcare Facilities (Cadia) that are the subject of this settlement include five providers located in Delaware that specialize in rehabilitation, skilled nursing, and long-term care services. This settlement follows an OCR investigation of Cadia in which Cadia posted a “success story” of a patient to its public website without first receiving a valid HIPAA authorization from the patient. The success story post included PHI such as the patient’s name, their photograph, and information regarding their condition, treatment, and recovery. OCR’s investigation further revealed that, through their “success story” program, Cadia compromised the PHI of 150 total patients.
Because Cadia did not receive written HIPAA authorization from these patients before posting their success stories online, OCR’s investigation determined that it breached several of its obligations under HIPAA, including: (i) impermissible disclosure of PHI, (ii) failure to have appropriate safeguards in place to protect PHI, and (iii) failure to notify the affected individuals. Under the Resolution Agreement, Cadia agreed to pay $182,000 to OCR and implement a two-year Corrective Action Plan under OCR’s monitoring. Cadia agreed to take further remedial steps, including reviewing its existing HIPAA compliance policies, providing appropriate training to its entire workforce, and notifying each individual whose PHI was compromised. Additionally, as part of its ongoing implementation reports to OCR, Cadia must ensure that PHI is not included in any of its “websites, affiliated web domains, and social media websites” as well as all “written marketing and promotional materials, whether in paper, electronic or digital format, including any photographs and videos.”
Cadia is not the first healthcare provider that OCR has penalized for disclosing PHI via online marketing. On numerous occasions, OCR has investigated and entered into settlement agreements with providers for engaging in similar online PHI disclosure. For instance, in February 2016, OCR settled with physical therapy provider Complete P.T. for posting patient testimonials with full names and photos on its website without obtaining prior HIPAA-compliant authorizations. Complete P.T. was required to pay OCR a fine of $25,000, implement a Corrective Action Plan, and report its compliance efforts to OCR for one year.
Key Takeaways

HIPAA Compliance Extends Beyond Clinical Care: OCR continues to enforce HIPAA rules in non-clinical contexts, including marketing and public communications, as demonstrated by Cadia’s use of patient “success stories” online without proper authorization.
Marketing and Social Media Personnel Should Be Aware of HIPAA Requirements: OCR has previously penalized providers like Complete P.T. for similar online disclosures, reinforcing that marketing and social media staff of regulation entities must be trained on HIPAA’s Privacy and Breach Notification Rules.
Public-Facing Platforms are High Risk: Websites and social media pages are high-risk platforms for PHI exposure. In the past, OCR has also investigated health care entities for impermissibly disclosing PHI through other kinds of public websites, such as social review platform Yelp. On public platforms especially, it is crucial that any information related to patients is carefully reviewed for compliance before it is posted.

Cases like Cadia and Complete P.T. further demonstrate the importance of HIPAA compliance beyond the scope of the clinical setting. Covered entities and business associates should ensure staff, regardless of role, are well-versed in these Privacy and Breach Notification Rule as they relate to social media and marketing.

Beyond Maternity Leave: How Employment Law is Catching Up with Women’s Health Priorities

Not long ago, paid maternity leave was a cutting-edge benefit for women in the workforce. Today, the conversation is expanding beyond just maternity leave as state legislatures and employers consider new workplace protections for women’s broader health needs — ranging from fertility treatments to reproductive loss and menopause.
Across the country, employment laws are beginning to address the unique challenges women and caregivers face across the spectrum of their careers. While many employers already offer benefits to support employes during critical life stages, some state legislatures are now taking a more active role by formally requiring certain protections rather than leaving them up to employer discretion. These changes not only give women the support they need but also help employers foster a workplace culture that promotes engagement, satisfaction, and long-term retention.
Key Areas of Emerging Legislation
Pregnancy & Prenatal Care
States are recognizing that supporting women’s health begins well before childbirth, with policies designed to cover prenatal care and medical appointments during pregnancy. For example, New York implemented a Paid Prenatal Leave law to assist employees during pregnancy. Since January 1, 2025, all private-sector employers in New York must provide 20 hours of paid leave annually, in addition to existing sick leave, for pregnancy-related medical appointments, including check-ups, medical procedures, and consultations with healthcare providers.
Pregnancy Loss & Fertility Treatment
States are also beginning to address the significant impact of pregnancy loss and fertility treatment on employees.
California has enacted laws protecting employees from discrimination based on reproductive health decisions and has expanded its bereavement provisions to provide leave for pregnancy and other reproductive losses. For example, the following two laws took effect on January 1, 2024:

Contraceptive Equity Act of 2022 (Senate Bill 523): This law prohibits discrimination, harassment, and retaliation based on an employee’s reproductive health decision making. The law ensures that employees can make choices about contraception, fertility treatment, and other reproductive care without fear of workplace repercussions.
Leave For Reproductive Loss (Senate Bill 848): This law requires covered employers to provide eligible employees up to 5 days of protected leave following a failed adoption, failed surrogacy, miscarriage, stillbirth, or an unsuccessful assisted reproduction.

Massachusetts has also expanded its Earned Sick Time Law (M.G.L. c. 149, sec. 148C) to cover reproductive loss events. As of November 21, 2024, employees may use earned sick time to care for themselves or their spouse in the event of pregnancy loss or failed assisted reproduction, adoption, or surrogacy.
Menstrual Health & Menopause
As workplace wellness evolves, state legislatures are also addressing menstrual health and menopause, recognizing that these natural life stages can significantly affect employee well-being and productivity.
Rhode Island became the first state to enact a law (House Bill No. 6161) requiring workplace accommodations for employees experiencing menopause. Effective June 24, 2025, the law amends the Rhode Island Fair Employment Practices Act to mandate that employers provide reasonable accommodations (such as modified schedules or additional breaks) for employees experiencing menopause and related medical conditions, unless doing so would cause undue hardship. Employers must also post notices informing employees of their rights and provide this information to new hires.
Following Rhode Island’s lead, New York introduced SB S3908 on January 30, 2025, which would amend the Workers’ Compensation Law to recognize menstrual complications and menopause as qualifying conditions. Menstrual complications are defined to encompass endometriosis and polycystic ovary syndrome. The legislation would extend existing leave entitlements, allowing employees to take time off to manage menstrual health issues and menopausal symptoms while maintaining their employment.
Practical Considerations for Employers
As laws around women’s health continue to evolve, employers should consider the following to ensure their workplace policies and practices remain compliant with applicable laws and support a wellness-forward culture:

Track emerging state and local requirements to ensure company policies remain compliant with new regulations.
Review and update leave, accommodation, and benefits policies as needed to reflect legislation covering pregnancy loss, fertility treatments, and menopause.
Provide clear guidance and training regarding the implementation of these policies.
For those workplaces who have such groups: involve employee resource groups, including women’s and LGBTQ+ networks, when developing programs to address workforce needs.
Integrate these updates in ways that promote compliance, support a positive workplace culture, and help attract and retain talent.

EEOC Realigned: Panuccio Confirmation Ushers in New Era

On October 3, 2025, the U.S. Senate confirmed Brittany Bull Panuccio by a 51–46 vote to serve as a commissioner of the U.S. Equal Employment Opportunity Commission for a term expiring in 2029. This confirmation provides Republicans with a majority on the Commission and positions the agency to realign its enforcement and policy priorities with President Donald Trump’s America First agenda.

Quick Hits

The U.S. Senate confirmed Brittany Bull Panuccio as EEOC commissioner, giving Republicans a majority and the ability to realign the agency’s enforcement and policy priorities.
The new Commission is expected to shift focus by scrutinizing diversity, equity, and inclusion (DEI) initiatives, religious liberty, and discrimination, narrowing disparate impact enforcement, revisiting LGBTQ+ guidance, and scaling back algorithmic bias initiatives.
Employers may want to prepare for increased attention to claims of majority and religious discrimination, review DEI and accommodation policies, and monitor for changes in federal guidance and enforcement.

The confirmation of Panuccio to the EEOC for a term ending in 2029 establishes a Republican majority that is expected to steer the Commission’s direction for the next several years. Commissioner Panuccio’s background includes service as an assistant U.S. attorney in the U.S. Department of Justice’s Appellate Division, clerkships on the U.S. Courts of Appeals for the Fifth and D.C. Circuits, prior work at the U.S. Department of Education involving Title IX of the Education Amendments of 1972 guidance, and an undergraduate and law degree from Northwestern University.
With this confirmation, the Commission’s current composition includes Acting Chair Andrea Lucas, whose second term was confirmed in August and runs to 2030, and Commissioner Kalpana Kotagal, now the sole remaining Democrat following the January 2025 dismissal of former chair Charlotte Burrows and former vice chair Jocelyn Samuels. Former vice chair Samuels has challenged her removal in the U.S. District Court for the District of Columbia, and one Commission seat remains vacant. The January 2025 removals temporarily left the agency without a quorum, constraining rulemaking and certain litigation until confirmations restored functionality.
The Commission is poised to prioritize investigations of diversity, equity, and inclusion (DEI) practices alleged to result in unlawful race- or sex-based decision-making, with an emphasis on individual merit and equal opportunity principles. Disparate impact enforcement will likely be curtailed or narrowed, with a corresponding pivot toward intentional discrimination theories and job-related justifications. Prior EEOC guidance addressing LGBTQ+ protections is likely to be revisited, with anticipated emphasis on biological sex distinctions, single-sex facilities, and changes to intake formal markers and honorifics despite holdings from the Supreme Court of the United States inBostock v. Clayton County, Georgia and Muldrow v. City of St. Louis.
The agency may devote greater attention to perceived majority discrimination, including national origin matters framed as favoring foreign nationals, and recalibrate the Pregnant Workers Fairness Act (PWFA) rule, including interpretations related to abortion-related leave. Earlier algorithmic bias initiatives may be scaled back, with less reliance on disparate impact theories in artificial intelligence (AI) matters and greater scrutiny on intentional discrimination and validation of tools. We expect to see enforcement relating to anti-Christian bias and religious liberty in the workplace. Time will tell if the EEOC will revise the current strategic enforcement plan. Of course, amid the current federal government shutdown, only four staff members will remain to support the work of the Commissioners. This could impact the speed at which the new Republican majority is able to implement its regulatory and enforcement agenda.
Next Steps
As the newly configured Commission advances the president’s America First agenda, employers may wish to reevaluate DEI programming to ensure initiatives are grounded in individualized, job-related criteria; review policies that address gender identity, facilities access, and pronouns that comport with current federal, state and local law; reassess selection procedures, testing, and AI tools for validation and defensibility; and audit accommodation and leave policies for alignment with potential PWFA revisions. Employers may also want to prepare for increased attention to claims alleging religious discrimination, majority discrimination or national origin discrimination, and ensure that documentation and training support nondiscriminatory decision-making.

Senate Bill 303: California Sets Forth Protections for Bias Training

On October 1, 2025, California’s Governor signed Senate Bill (SB) 303, which states that an employee’s assessment, testing, admission, or acknowledgment of their own personal bias, when made in good faith and solicited or required as part of a bias mitigation training, does not, by itself, constitute unlawful discrimination. This law amends the California Fair Employment and Housing Act (FEHA), which requires employers to prevent workplace discrimination, including providing specified harassment prevention training.
The stated purpose of the law is to encourage employers to conduct bias mitigation training and to affirm that conducting such training does not, by itself, constitute unlawful discrimination.
This law will take effect on January 1, 2026.

Ministerial Exception Barred Employee’s Discrimination Claims

McMahon v. World Vision, Inc., 147 F.4th 959 (9th Cir. 2025)
World Vision, a religious organization, revoked a job offer it had made to Aubry McMahon to be a remote customer service representative after learning that McMahon was married to a same-sex partner. McMahon sued for discrimination based on sex, sexual orientation and marital status under Title VII and Washington state law. The district court initially granted summary judgment to World Vision based on the church autonomy doctrine before reversing itself and granting summary judgment in favor of McMahon. In this appeal, the Ninth Circuit reversed the district court, holding that the ministerial exception bars McMahon’s employment discrimination claims because World Vision’s customer service representatives perform key religious functions central to World Vision’s mission, including engaging with donors in prayer. Accordingly, the Ninth Circuit ordered the district court to grant World Vision’s motion for summary judgment. See also Petersen v. Snohomish Reg’l Fire & Rescue, 2025 WL 2503128 (9th Cir. 2025) (employer could not reasonably accommodate firefighters’ COVID-19 vaccine exemption requests without undue hardship).

City of Las Vegas Did Not Discriminate Against Employee Based on Her Race/Gender

Lister v. City of Las Vegas, 148 F.4th 690 (9th Cir. 2025)
Latonia Lister sued the City of Las Vegas for sex- and/or race-based employment discrimination under Title VII. Lister was the city’s first African American female firefighter who had worked for the city in that capacity for almost 30 years. Lister alleged that while she was on duty and under the supervision of Captain Michael Brenneman (a white male), she walked into the room at dinnertime and observed Brenneman, who was feeding a dog pieces of steak, say, “Here, girl. Here, Latonia,” while smacking his lips to make kissing noises. After deliberating for nearly two hours, the jury concluded that the incident was “severe or pervasive” and “objectively and subjectively offensive to a reasonable person,” but that it was not retaliatory and was not motivated by gender-based and/or race-based discrimination; nevertheless, the jury awarded Lister $150,000 for pain and suffering damages. Because the jury found no liability on the part of the city, the district court set aside the damages award and entered judgment for the city. The Ninth Circuit affirmed the judgment.

California’s New AI Laws: What Just Changed for Your Business

California just passed comprehensive AI safety legislation, enacting 18 new laws that affect everything from deepfakes to data privacy to hiring practices. If you do business in California — or use AI tools — here’s what you need to know now.
The State That Wouldn’t Wait
While Washington debates federal AI regulation, California has already written the rulebook. This week, Governor Gavin Newsom signed a sweeping package of 18 AI laws into effect, making California the first US state to establish comprehensive governance over artificial intelligence.
The timing matters. With recent federal efforts to preempt state-level AI regulation now stalled, California’s move sets a precedent that other states are already racing to follow. As with their early efforts in the privacy space (through the California Consumer Privacy Act of 2018), California’s AI rules are quickly becoming everyone’s AI rules.
The Flagship: California’s AI Safety Law
The centerpiece of this legislative package is the Transparency in Frontier Artificial Intelligence Act (TFAIA), formerly Senate Bill 53. This landmark law targets the developers of the most powerful AI systems and establishes California as the first state to directly regulate AI safety. It also builds on the recommendations from the Joint California Policy Working Group on AI Frontier Models.
What TFAIA Requires
Developers of “frontier” AI models must now:

Publish their safety plans: Companies must disclose how they’re incorporating national and international safety standards into their development processes.
Report critical incidents: Both companies and the public can now report serious safety events to the California Office of Emergency Services.
Protect whistleblowers: Employees who raise concerns about health and safety risks from AI systems gain legal protection.
Support public AI research: Through a new consortium called CalCompute, California is building a public computing cluster for developing “safe, ethical, equitable, and sustainable” AI.

The Industry Pushback — and What Got Weakened
The tech industry lobbied hard, and it shows. The final version of TFAIA is considerably softer than earlier drafts:
Incident Reporting Narrowed: Companies are only required to report events that result in physical harm. Financial damage, privacy breaches, or other non-physical harms? These aren’t covered under mandatory reporting.
Penalties Slashed: The maximum fine for a first-time violation — even one causing $1 billion in damage or contributing to 50+ deaths — dropped from $10 million to just $1 million. Critics note that this creates a troubling cost-benefit calculation for large tech companies, which has arguably played out in other areas.
The message? For billion-dollar corporations, safety violations may be just another line item in the budget.
The Broader Package: 18 Laws Reshaping AI Use
Beyond TFAIA, California’s new laws create compliance obligations across multiple industries, many of which took effect in January 2025. For instance:
1) Deepfakes and Election Integrity
California is taking direct aim at AI-generated deception:

Criminal penalties for deepfake pornography: Creating or distributing non-consensual intimate images using AI is now a crime (SB 926).
Election protections: Laws like AB 2655 and AB 2355 require platforms to label or block “materially deceptive” election content, particularly AI-generated videos or audio that could damage candidates or mislead voters.

Real-world impact: Political campaigns and content platforms must now implement detection and labeling systems before the 2026 election cycle.
2) Your AI Data Is Now Personal Information
Here’s a change that affects everyone: AI-generated data about you is now officially “personal information” under California’s Consumer Privacy Act (AB 1008).
What does this mean practically?

AI systems that create profiles, predictions, or inferences about you must now treat that output data with the same protections as traditional personal information.
You gain new rights to access, delete, and control AI-generated data about yourself.
Neural data — information about your brain activity — gets even stronger protection as “sensitive personal information” (SB 1223).

3) The Workplace: No More AI Autopilot
New regulations from California’s Civil Rights Department, effective October 1, 2025, fundamentally change how AI can be used in employment:
The Core Rule: Employers can’t use automated decision systems (ADS) that discriminate based on protected categories under the Fair Employment and Housing Act.
The Requirement: Companies should conduct bias audits of their AI tools used for hiring, promotion, and evaluation.
The Shift: This moves liability away from proving intent to discriminate and toward demonstrating impact. If your AI tool produces discriminatory outcomes — even unintentionally — you’re exposed to legal risk. This is not dissimilar to recent shifts in the children’s privacy law landscape that impose specific constructive knowledge standards.
Practical example: That resume-screening AI you’re using? You need documentation showing you’ve tested it for bias against protected groups. No audit? You’re rolling the dice.
4) Healthcare: Keeping Humans in the Loop
California’s new healthcare AI laws establish a critical principle: algorithms can’t make final medical decisions.
Under SB 1120, AI systems are prohibited from independently determining medical necessity in insurance utilization reviews. A physician must make the final call.
Why this matters: This protects patients from algorithmic denials while still allowing AI to assist with analysis and recommendations. It’s a model other states are already adopting.
What This Means for Your Business
If You’re a Tech Company
Immediate action items:

Review your AI systems against the new compliance requirements.
Document your safety practices and bias testing procedures.
Establish whistleblower protection policies.
Prepare for increased scrutiny from California regulators.

Strategic consideration: California’s strictest-in-the-nation rules often become de facto national standards. Building for California compliance now may save costly adjustments later.
If You Use AI Tools
Questions to ask your vendors:

Have you conducted bias audits on this system?
What happens if your AI produces a discriminatory outcome?
Do your contracts shift all liability to us?
How do you handle California’s new data privacy requirements?

Red flag: Vendors that can’t answer these questions clearly, or whose contracts dump all AI-related liability onto you, pose significant risk.
If You’re in Healthcare
Priority actions:

Review all AI-assisted utilization review processes to ensure physician oversight.
Train staff on new disclosure requirements for AI in patient interactions.
Document human review procedures for all AI-driven medical decisions.

This analysis is current as of September 30, 2025.