By Lauren M. Drabic*
As a latest example of its shift in enforcement priorities, according to an internal memo obtained by Bloomberg Law, the Equal Employment Opportunity Commission (“EEOC”) has directed its investigators to close all pending charges alleging disparate impact discrimination by September 30, 2025. This directive comes in response to President Trump’s April 23, 2025, Executive Order entitled “Restoring Equality of Opportunity and Meritocracy,” which directed all federal agencies to “deprioritize enforcement of all statutes and regulations to the extent they include disparate-impact liability.”
Unlike claims of disparate treatment, which involve allegations that an employer intentionally discriminated against an employee because of his or her race, sex, age, national origin, disability, or other protected characteristic, intent is irrelevant disparate impact claims. Instead, disparate impact claims challenge employment practices that appear neutral on their face, but that nonetheless adversely impact - i.e., disproportionately harm - individuals in a protected class. Under this theory, employers may be liable for discrimination if a facially neutral practice causes a significant, adverse effect on a protected group, unless the policy or practice is job-related and essential to business operations. Historically, employees have successfully challenged practices including pre-employment testing, height and weight requirements, physical strength tests, criminal background checks, and educational requirements when those practices did not relate to the requirements of the job and had no business necessity.
The current administration has targeted disparate impact liability as a hindrance on the ability of employers to make hiring and other employment decisions based on merit. As a result, of the EEOC’s directive, the agency will close out all charges of disparate impact discrimination by September 30, 2025. However, this will not fully extinguish these claims. Instead, individuals who have filed charges alleging only disparate impact discrimination will receive a Notice of Right to Sue letter, which will allow them to pursue their claims in court within a specified timeframe. This could lead to a short-term influx of disparate impact claims in federal court. For charges alleging both disparate impact and disparate treatment, the EEOC will proceed with its investigation but focus exclusively on the disparate treatment claims.
The EEOC’s memo marks the latest example of the current administration’s shift in priorities and the ever-changing landscape of Title VII (Z&R has highlighted other recent examples here and here). However, it does not change the state of the law. Disparate impact discrimination remains unlawful under both Title VII and Ohio’s anti-discrimination statutes. Z&R will continue to monitor developments and stands ready to assist employers with strategic guidance on all matters related to Title VII.
*Lauren M. Drabic is an OSBA-certified specialist in labor and employment law and has extensive experience representing employers in discrimination, harassment, and other workplace enforcement matters. If you have questions about the changes occurring under Title VII, contact Lauren M. Drabic (lmd@zrlaw.com) by email or at 216.696.4441.
Monday, September 29, 2025
Monday, September 15, 2025
Patch Now; New Cybersecurity Compliance Deadlines Are About to Take Effect for Ohio’s Political Subdivisions
By Ami J. Patel and Dylan C. Brown*
On June 30, 2025, Ohio Governor Mike DeWine signed House Bill 96, a wide-ranging measure that touches multiple areas of state law. One part of that bill—codified at Ohio Rev. Code § 9.64—creates multiple cybersecurity mandates for Ohio’s political subdivisions. For purposes of the new requirements, a political subdivision includes any county, township, municipal corporation, or other local government entity smaller than the state itself.
Taking primary effect on September 30, 2025, Section 9.64 imposes three major obligations on every political subdivision: (1) mandatory incident notifications; (2) restrictions on ransomware payments, and; (3) the adoption of a cybersecurity program. This alert highlights those requirements and what they mean for political subdivisions. If preparation has not yet begun, political subdivisions should act quickly—the deadlines are firm, and the obligations are substantial.
Beginning September 30, 2025, Section 9.64 requires the reporting of any “cyber security incident,” defined to include: (a) a substantial loss of confidentiality, integrity, or availability of a political subdivision’s information system or network; (b) a serious impact on the safety and resiliency of operational systems and processes; (c) a disruption of the ability to conduct operations or deliver services; or (d) unauthorized access to systems or non public information caused by a compromise of a cloud/managed service or a supply-chain compromise. On discovery of a cybersecurity incident, a political subdivision must notify Ohio Homeland Security’s Executive Director through the Ohio Cyber Integration Center (OCIC) as soon as possible but no later than seven (7) days, and must notify the Auditor of State as soon as possible but no later than thirty (30) days.
While OCIC’s online intake is evolving, the Auditor of State now provides a Cyber security Reporting Form that requests, at minimum:
A link to the Ohio Auditor’s form can be found here. The OCIC will likely upload its report forms once developed here. The OCIC can be reached regarding cyber security-incident reporting at 614-387-1089 or OCIC@dps.ohio.gov, and the Auditor of State can be reached at 866-FRAUD-OH or cyber@ohioauditor.gov.
Ransomware attacks continue to grow more common and costly. While Ohio officials have generally discouraged ransom payments, the statute now sets specific rules for how political subdivisions may respond. Starting September 30, 2025, a political subdivision experiencing a ransomware incident shall not pay or otherwise comply with a ransom demand unless the subdivision’s legislative authority formally approves the payment or compliance in a resolution or ordinance that specifically states why doing so is in the subdivision’s best interest.
A ransomware incident is defined by the statute as a malicious cybersecurity incident in which a person or entity introduces software that gains unauthorized access to or encrypts, modifies, or otherwise renders unavailable a political subdivision's information technology systems or data and thereafter the person or entity demands a ransom to prevent the publication of the data, restore access to the data, or otherwise remediate the impact of the software.
These situations often necessitate rapid decisions because critical systems—such as payroll, emergency communications, or utility services—can be locked down without warning, leaving officials with limited time to weigh operational, financial, and security consequences. In such cases, R.C. § 121.22(F) permits an emergency meeting with less than twenty-four hours’ notice while still complying with Ohio’s Open Meetings Act.
The statute’s most demanding requirement is the adoption of a formal cybersecurity program. While it allows the longest timeline for compliance—January 1, 2026 for counties and cities, and July 1, 2026 for all other political subdivisions—subdivisions cannot wait to begin preparing. Building a compliant program will take time, resources, and coordination.
The statute requires each political subdivision to adopt a program that safeguards its data, information technology, and technology resources to ensure availability, confidentiality, and integrity. The program must align with generally accepted best practices, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Center for Internet Security (CIS) Controls. A well-designed program should:
The statute also makes clear that annual cybersecurity training provided by the state—including the free Ohio Persistent Cyber Improvement (O-PCI) program delivered through the Ohio Cyber Range Institute—satisfies this requirement. This program offers tailored online, hybrid, and in-person training to equip employees with the skills needed to defend against cyberattacks.
Exactly what a compliant program looks like will vary depending on the size, resources, and existing safeguards of any political subdivision. The Auditor of State previously reviewed select cybersecurity practices in audits, but Section 9.64 now expands and transforms those expectations into binding law. Now is the time for subdivisions to evaluate what they have in place and identify the gaps.
Information technology evolves quickly, while the law often lags behind. Federal statutes like Health Insurance Portability and Accountability Act (HIPAA), the Gramm–Leach–Bliley Act (GLBA), and the Federal Trade Commission Act impose security duties in certain sectors, but most entities have faced only a patchwork of state requirements. Ohio has now added to the patchwork.
If preparation has not yet begun, political subdivisions should act quickly. Section 9.64 represents a significant shift in Ohio law, moving cybersecurity expectations from best practices into binding obligations. Compliance will not be as simple as adopting a single policy or filling out a form. Subdivisions may need to designate a coordinator for incident reporting, map and evaluate their current information technology infrastructure, identify critical systems and risks, and implement new training requirements for staff. For some entities this will mean building entirely new programs; for others, it will mean reshaping existing practices to align with statutory standards. Either way, the process will take time, resources, and careful coordination across departments, elected officials, and outside vendors.
At Zashin & Rich, we understand that these new requirements can feel daunting. The deadlines are firm, the technical issues are complex, and the risks of missteps are real. We can help you break this down into manageable steps. Our team can advise on what the statute requires, draft internal policies and ransomware protocols, prepare ordinances or resolutions for Council approval, and connect you with our trusted cybersecurity partner to conduct assessments and implement a compliant program. Now is the time to get on the road to compliance, and we can be your driver.
*Ami J. Patel Z&R’s Practice Leader for Trade Secrets/Non-competes. She has years of experience representing clients in matters heavily influenced by information technology. Dylan C. Brown represents public and private employers in all facets of labor and employment law. For more information on House Bill 96, Ohio Rev. Code § 9.64, and its impact on political subdivisions, contact Ami J. Patel (ajp@zrlaw.com) or Dylan C. Brown (dcb@zrlaw.com) by email or at 216.696.4441.
On June 30, 2025, Ohio Governor Mike DeWine signed House Bill 96, a wide-ranging measure that touches multiple areas of state law. One part of that bill—codified at Ohio Rev. Code § 9.64—creates multiple cybersecurity mandates for Ohio’s political subdivisions. For purposes of the new requirements, a political subdivision includes any county, township, municipal corporation, or other local government entity smaller than the state itself.
Taking primary effect on September 30, 2025, Section 9.64 imposes three major obligations on every political subdivision: (1) mandatory incident notifications; (2) restrictions on ransomware payments, and; (3) the adoption of a cybersecurity program. This alert highlights those requirements and what they mean for political subdivisions. If preparation has not yet begun, political subdivisions should act quickly—the deadlines are firm, and the obligations are substantial.
Incident Reporting – Effective September 30, 2025
Beginning September 30, 2025, Section 9.64 requires the reporting of any “cyber security incident,” defined to include: (a) a substantial loss of confidentiality, integrity, or availability of a political subdivision’s information system or network; (b) a serious impact on the safety and resiliency of operational systems and processes; (c) a disruption of the ability to conduct operations or deliver services; or (d) unauthorized access to systems or non public information caused by a compromise of a cloud/managed service or a supply-chain compromise. On discovery of a cybersecurity incident, a political subdivision must notify Ohio Homeland Security’s Executive Director through the Ohio Cyber Integration Center (OCIC) as soon as possible but no later than seven (7) days, and must notify the Auditor of State as soon as possible but no later than thirty (30) days.
While OCIC’s online intake is evolving, the Auditor of State now provides a Cyber security Reporting Form that requests, at minimum:
- Point of contact (name, title, email, phone)
- Government entity type
- Date and time of the incident and the type of incident
- Whether any data was compromised
- Whether funds were lost, and the amount
- Whether a ransom was demanded, and whether it was paid
- If a ransom was paid, the ordinance or resolution approving payment
- Whether policies and procedures were in place at the time of the event
A link to the Ohio Auditor’s form can be found here. The OCIC will likely upload its report forms once developed here. The OCIC can be reached regarding cyber security-incident reporting at 614-387-1089 or OCIC@dps.ohio.gov, and the Auditor of State can be reached at 866-FRAUD-OH or cyber@ohioauditor.gov.
Ransomware Payments – Effective September 30, 2025
Ransomware attacks continue to grow more common and costly. While Ohio officials have generally discouraged ransom payments, the statute now sets specific rules for how political subdivisions may respond. Starting September 30, 2025, a political subdivision experiencing a ransomware incident shall not pay or otherwise comply with a ransom demand unless the subdivision’s legislative authority formally approves the payment or compliance in a resolution or ordinance that specifically states why doing so is in the subdivision’s best interest.
A ransomware incident is defined by the statute as a malicious cybersecurity incident in which a person or entity introduces software that gains unauthorized access to or encrypts, modifies, or otherwise renders unavailable a political subdivision's information technology systems or data and thereafter the person or entity demands a ransom to prevent the publication of the data, restore access to the data, or otherwise remediate the impact of the software.
These situations often necessitate rapid decisions because critical systems—such as payroll, emergency communications, or utility services—can be locked down without warning, leaving officials with limited time to weigh operational, financial, and security consequences. In such cases, R.C. § 121.22(F) permits an emergency meeting with less than twenty-four hours’ notice while still complying with Ohio’s Open Meetings Act.
Cybersecurity Program Requirement – Effective January 1, 2026 (Counties and Cities) / July 1, 2026 (All Other Subdivisions)
The statute’s most demanding requirement is the adoption of a formal cybersecurity program. While it allows the longest timeline for compliance—January 1, 2026 for counties and cities, and July 1, 2026 for all other political subdivisions—subdivisions cannot wait to begin preparing. Building a compliant program will take time, resources, and coordination.
The statute requires each political subdivision to adopt a program that safeguards its data, information technology, and technology resources to ensure availability, confidentiality, and integrity. The program must align with generally accepted best practices, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Center for Internet Security (CIS) Controls. A well-designed program should:
- Identify and address the critical functions and cybersecurity risks of the political subdivision.
- Identify the potential impacts of a cybersecurity breach.
- Specify mechanisms to detect potential threats and cybersecurity events.
- Specify procedures for the political subdivision to establish communication channels, analyze incidents, and take actions to contain cybersecurity incidents.
- Establish procedures for the repair of infrastructure impacted by a cybersecurity incident, and the maintenance of security after the incident.
- Establish cybersecurity training requirements for all employees of the political subdivision; the frequency, duration, and detail of which shall correspond to the duties of each employee.
The statute also makes clear that annual cybersecurity training provided by the state—including the free Ohio Persistent Cyber Improvement (O-PCI) program delivered through the Ohio Cyber Range Institute—satisfies this requirement. This program offers tailored online, hybrid, and in-person training to equip employees with the skills needed to defend against cyberattacks.
Exactly what a compliant program looks like will vary depending on the size, resources, and existing safeguards of any political subdivision. The Auditor of State previously reviewed select cybersecurity practices in audits, but Section 9.64 now expands and transforms those expectations into binding law. Now is the time for subdivisions to evaluate what they have in place and identify the gaps.
The Road to Compliance
Information technology evolves quickly, while the law often lags behind. Federal statutes like Health Insurance Portability and Accountability Act (HIPAA), the Gramm–Leach–Bliley Act (GLBA), and the Federal Trade Commission Act impose security duties in certain sectors, but most entities have faced only a patchwork of state requirements. Ohio has now added to the patchwork.
If preparation has not yet begun, political subdivisions should act quickly. Section 9.64 represents a significant shift in Ohio law, moving cybersecurity expectations from best practices into binding obligations. Compliance will not be as simple as adopting a single policy or filling out a form. Subdivisions may need to designate a coordinator for incident reporting, map and evaluate their current information technology infrastructure, identify critical systems and risks, and implement new training requirements for staff. For some entities this will mean building entirely new programs; for others, it will mean reshaping existing practices to align with statutory standards. Either way, the process will take time, resources, and careful coordination across departments, elected officials, and outside vendors.
At Zashin & Rich, we understand that these new requirements can feel daunting. The deadlines are firm, the technical issues are complex, and the risks of missteps are real. We can help you break this down into manageable steps. Our team can advise on what the statute requires, draft internal policies and ransomware protocols, prepare ordinances or resolutions for Council approval, and connect you with our trusted cybersecurity partner to conduct assessments and implement a compliant program. Now is the time to get on the road to compliance, and we can be your driver.
*Ami J. Patel Z&R’s Practice Leader for Trade Secrets/Non-competes. She has years of experience representing clients in matters heavily influenced by information technology. Dylan C. Brown represents public and private employers in all facets of labor and employment law. For more information on House Bill 96, Ohio Rev. Code § 9.64, and its impact on political subdivisions, contact Ami J. Patel (ajp@zrlaw.com) or Dylan C. Brown (dcb@zrlaw.com) by email or at 216.696.4441.
Monday, September 8, 2025
Non-Competes Are Alive and Well: FTC Abandons Appeals of Non-Compete Ban Rule
By Ami J. Patel and Stephen S. Zashin*
The legal battle over the FTC’s nationwide non-compete ban has reached a decisive turning point. On September 5, 2025, the FTC dismissed its appeals of two federal court decisions that struck down the FTC’s purported Non-Compete Rule (“Rule”) and announced that it will instead pursue case-by-case enforcement actions.
As mentioned in our previous Alerts, the Federal Trade Commission adopted a rule in April 2024 banning most non-compete agreements. The Rule faced immediate challenges. On August 14, 2024, the U.S. District Court for the Middle District of Florida issued a preliminary injunction in Properties of the Villages Inc. v. FTC, blocking enforcement against a single employer. Days later, on August 20, 2024, the U.S. District Court for the Northern District of Texas went further in Ryan LLC v. FTC, holding that the FTC lacked statutory authority and setting aside the Rule nationwide. The FTC appealed both rulings to the Eleventh Circuit and Fifth Circuit.
In January 2025, Andrew Ferguson was appointed as FTC Chairman, shifting the agency’s posture toward the Rule. On March 7, 2025, the FTC asked the Fifth and Eleventh Circuits to hold its appeals in abeyance for 120 days. Ferguson, who dissented when the FTC first adopted the Rule in April 2024, reiterated that the Rule was unlawful.
The FTC’s shift is now seemingly finalized, as on September 5,2025, the FTC voluntarily dismissed its appeals in Ryan LLC v. FTC and Properties of the Villages Inc. v. FTC, abandoning its defense of the nationwide non-compete ban. Chairman Andrew Ferguson confirmed that the FTC would not continue “tilting at windmills” and instead will target non-competes through case-by-case enforcement. The agency pointed to its recent settlement with Gateway Services Inc., which barred enforcement of non-competes against 1,800 workers, and launched a request for public input to identify additional practices for investigation. Democratic Commissioner Rebecca Kelly Slaughter dissented, criticizing the majority for discarding a rule supported by more than 25,000 public comments.
Employers should not view the dismissal of these appeals as the complete end of FTC scrutiny—but close. The Commission has made clear that it will continue to challenge non-compete agreements on a case-by-case basis. At the same time, some state-level restrictions continue to expand. Employers should take this moment to review their restrictive covenants, confirm they are narrowly tailored to protect legitimate business interests, and ensure they remain defensible under state law. Zashin & Rich stands ready to help employers evaluate and strengthen their agreements in this evolving legal landscape.
*Ami J. Patel is Z&R’s Practice Leader for Trade Secrets/Non-competes. She works extensively in trade secret and restrictive covenant litigation. Stephen Zashin is Z&R’s Managing Partner and also has worked extensively representing clients in trade secret and restrictive covenant litigation. For more information on matters concerning the FTC Rule or non-compete agreements generally, contact Ami J. Patel (ajp@zrlaw.com) or Stephen S. Zashin (ssz@zrlaw.com) via email or by phone at 216.696.4441.
The legal battle over the FTC’s nationwide non-compete ban has reached a decisive turning point. On September 5, 2025, the FTC dismissed its appeals of two federal court decisions that struck down the FTC’s purported Non-Compete Rule (“Rule”) and announced that it will instead pursue case-by-case enforcement actions.
As mentioned in our previous Alerts, the Federal Trade Commission adopted a rule in April 2024 banning most non-compete agreements. The Rule faced immediate challenges. On August 14, 2024, the U.S. District Court for the Middle District of Florida issued a preliminary injunction in Properties of the Villages Inc. v. FTC, blocking enforcement against a single employer. Days later, on August 20, 2024, the U.S. District Court for the Northern District of Texas went further in Ryan LLC v. FTC, holding that the FTC lacked statutory authority and setting aside the Rule nationwide. The FTC appealed both rulings to the Eleventh Circuit and Fifth Circuit.
In January 2025, Andrew Ferguson was appointed as FTC Chairman, shifting the agency’s posture toward the Rule. On March 7, 2025, the FTC asked the Fifth and Eleventh Circuits to hold its appeals in abeyance for 120 days. Ferguson, who dissented when the FTC first adopted the Rule in April 2024, reiterated that the Rule was unlawful.
The FTC’s shift is now seemingly finalized, as on September 5,2025, the FTC voluntarily dismissed its appeals in Ryan LLC v. FTC and Properties of the Villages Inc. v. FTC, abandoning its defense of the nationwide non-compete ban. Chairman Andrew Ferguson confirmed that the FTC would not continue “tilting at windmills” and instead will target non-competes through case-by-case enforcement. The agency pointed to its recent settlement with Gateway Services Inc., which barred enforcement of non-competes against 1,800 workers, and launched a request for public input to identify additional practices for investigation. Democratic Commissioner Rebecca Kelly Slaughter dissented, criticizing the majority for discarding a rule supported by more than 25,000 public comments.
Employers should not view the dismissal of these appeals as the complete end of FTC scrutiny—but close. The Commission has made clear that it will continue to challenge non-compete agreements on a case-by-case basis. At the same time, some state-level restrictions continue to expand. Employers should take this moment to review their restrictive covenants, confirm they are narrowly tailored to protect legitimate business interests, and ensure they remain defensible under state law. Zashin & Rich stands ready to help employers evaluate and strengthen their agreements in this evolving legal landscape.
*Ami J. Patel is Z&R’s Practice Leader for Trade Secrets/Non-competes. She works extensively in trade secret and restrictive covenant litigation. Stephen Zashin is Z&R’s Managing Partner and also has worked extensively representing clients in trade secret and restrictive covenant litigation. For more information on matters concerning the FTC Rule or non-compete agreements generally, contact Ami J. Patel (ajp@zrlaw.com) or Stephen S. Zashin (ssz@zrlaw.com) via email or by phone at 216.696.4441.
Wednesday, August 27, 2025
Sixth Circuit Breaks from Other Courts: Intent Required for Employer Liability in Third-Party Harassment Cases
By Lauren M. Drabic and Stephen S. Zashin*
Since the United States Supreme Court’s recent shift away from deference to agency interpretations, the U.S. Court of Appeals for the Sixth Circuit has wasted no time charting its own course. On August 8, 2025, it upended its evaluation of claims of harassment by customers, vendors, and other non-employees under Title VII. In Bivens v. Zep, Inc., the Sixth Circuit Court of Appeals rejected the negligence-based standard provided for under EEOC Guidelines and that most other federal circuits follow, and instead required proof that the employer intended the harassment to occur. This shift makes it more difficult for an employee to establish a claim against an employer for third-party harassment in Kentucky, Michigan, Ohio, and Tennessee.
Dorothy Bivens worked as a sales representative for Zep, Inc., visiting customers in the Detroit area. A few months into the job, she met with a motel client whose manager locked the office door and asked her to date him. When she refused and asked to leave, the manager unlocked the door. Bivens reported the incident to her supervisor, who reassigned the account so she would not interact with the client again. Weeks later, Zep included her in a company-wide reduction in force. Bivens sued, claiming the client’s conduct created a hostile work environment under Title VII and Michigan law, and alleging retaliation and race discrimination.
In its decision, the Sixth Circuit found “no legal bridge between the client’s intent and Zep’s responsibility” because the customer was not an agent of the company. Without an agency relationship, the court concluded that the only path to liability was direct liability for Zep’s own actions—which required intent. Citing to Staub v. Proctor Hosp., the Sixth Circuit stated that intent exists when an employer “either ‘desire[d] to cause’ [the] harassment or was ‘substantially certain’ that it would ‘result from’ its actions.”
Applying that standard, the Sixth Circuit concluded that “[n]one of this would allow a jury to conclude that Zep ‘desired’ such an interaction to occur or was ‘substantially certain’ that it would,” where the incident happened only once and Zep reassigned the account immediately after learning of it. The Court rejected the EEOC’s guidelines as nonbinding and “unpersuasive,” and emphasized that the Supreme Court’s 2024 decision in Loper Bright required courts “to independently interpret the statute.”
Within the confines of the Sixth Circuit, this decision raises the bar for plaintiffs and gives employers more protection from third-party harassment cases. For multi-state employers, it adds complexity because most other circuits still apply negligence-based liability. The Sixth Circuit’s reliance on Loper Bright to move away from EEOC interpretations signals a willingness to re-examine agency-driven standards more broadly—leaving open the question of what other long-standing guidance the Sixth Circuit might reject next. That uncertainty makes it even more important for employers to set policies that meet the most demanding standard, apply them consistently, and respond immediately and decisively to any report of customer or vendor misconduct.
In light of Bivens, we can review your harassment-prevention policies, train managers on handling third-party misconduct under differing standards, and ensure your complaint-handling process can withstand scrutiny in any jurisdiction. Reach out to us with your questions—we can help you prepare, respond, and stay ahead of the evolving law.
*Lauren M.Drabic has years of experience representing employers in all areas of employment and labor law. She regularly defends and advises employers against claims of harassment, discrimination, and retaliation in federal and state court and before administrative agencies. Stephen Zashin is Z&R’s Managing Partner and also has worked extensively representing clients in harassment, discrimination, and retaliation claims. For more information on matters involving harassment prevention, third-party misconduct, and compliance with evolving federal and state law, contact Lauren M. Drabic (lmd@zrlaw.com) or Stephen S. Zashin (ssz@zrlaw.com) by email or at 216.696.4441.
Since the United States Supreme Court’s recent shift away from deference to agency interpretations, the U.S. Court of Appeals for the Sixth Circuit has wasted no time charting its own course. On August 8, 2025, it upended its evaluation of claims of harassment by customers, vendors, and other non-employees under Title VII. In Bivens v. Zep, Inc., the Sixth Circuit Court of Appeals rejected the negligence-based standard provided for under EEOC Guidelines and that most other federal circuits follow, and instead required proof that the employer intended the harassment to occur. This shift makes it more difficult for an employee to establish a claim against an employer for third-party harassment in Kentucky, Michigan, Ohio, and Tennessee.
Bivens Background and the Court’s Analysis
Dorothy Bivens worked as a sales representative for Zep, Inc., visiting customers in the Detroit area. A few months into the job, she met with a motel client whose manager locked the office door and asked her to date him. When she refused and asked to leave, the manager unlocked the door. Bivens reported the incident to her supervisor, who reassigned the account so she would not interact with the client again. Weeks later, Zep included her in a company-wide reduction in force. Bivens sued, claiming the client’s conduct created a hostile work environment under Title VII and Michigan law, and alleging retaliation and race discrimination.
In its decision, the Sixth Circuit found “no legal bridge between the client’s intent and Zep’s responsibility” because the customer was not an agent of the company. Without an agency relationship, the court concluded that the only path to liability was direct liability for Zep’s own actions—which required intent. Citing to Staub v. Proctor Hosp., the Sixth Circuit stated that intent exists when an employer “either ‘desire[d] to cause’ [the] harassment or was ‘substantially certain’ that it would ‘result from’ its actions.”
Applying that standard, the Sixth Circuit concluded that “[n]one of this would allow a jury to conclude that Zep ‘desired’ such an interaction to occur or was ‘substantially certain’ that it would,” where the incident happened only once and Zep reassigned the account immediately after learning of it. The Court rejected the EEOC’s guidelines as nonbinding and “unpersuasive,” and emphasized that the Supreme Court’s 2024 decision in Loper Bright required courts “to independently interpret the statute.”
What This Means Now for Employers
Within the confines of the Sixth Circuit, this decision raises the bar for plaintiffs and gives employers more protection from third-party harassment cases. For multi-state employers, it adds complexity because most other circuits still apply negligence-based liability. The Sixth Circuit’s reliance on Loper Bright to move away from EEOC interpretations signals a willingness to re-examine agency-driven standards more broadly—leaving open the question of what other long-standing guidance the Sixth Circuit might reject next. That uncertainty makes it even more important for employers to set policies that meet the most demanding standard, apply them consistently, and respond immediately and decisively to any report of customer or vendor misconduct.
In light of Bivens, we can review your harassment-prevention policies, train managers on handling third-party misconduct under differing standards, and ensure your complaint-handling process can withstand scrutiny in any jurisdiction. Reach out to us with your questions—we can help you prepare, respond, and stay ahead of the evolving law.
*Lauren M.Drabic has years of experience representing employers in all areas of employment and labor law. She regularly defends and advises employers against claims of harassment, discrimination, and retaliation in federal and state court and before administrative agencies. Stephen Zashin is Z&R’s Managing Partner and also has worked extensively representing clients in harassment, discrimination, and retaliation claims. For more information on matters involving harassment prevention, third-party misconduct, and compliance with evolving federal and state law, contact Lauren M. Drabic (lmd@zrlaw.com) or Stephen S. Zashin (ssz@zrlaw.com) by email or at 216.696.4441.
Thursday, June 5, 2025
Supreme Court Erases Sixth Circuit’s Extra Burden on Majority-Group Plaintiffs
By David P. Frantz and Stephen S. Zashin*
Today, in another significant shift for Title VII of the Civil Rights Act of 1964, the United States Supreme Court has unanimously vacated the Sixth Circuit’s decision in Ames v. Ohio Department of Youth Services, rejecting the Sixth Circuit’s long-standing “background circumstances” requirement.
The Sixth Circuit, whose jurisdiction includes Ohio, has long required majority-group Title VII plaintiffs to clear an extra hurdle before proceeding under the familiar McDonnell Douglas framework (the burden-shifting test courts apply when discrimination is alleged only via circumstantial evidence). This “background circumstances” rule—also followed in the Seventh, Eighth, Tenth, and D.C. Circuits—required white, male, heterosexual, or other majority-group employees to show additional evidence, such as statistics indicating a pattern of bias against majority employees or proof that a minority decisionmaker made the challenged employment decision, before a court would infer discrimination. Writing the lead opinion for the Court, Justice Jackson observed that Congress “establish[ed] the same protections for every ‘individual’—without regard to that individual’s membership in a minority or majority group,” leaving “no room for courts to impose special requirements on majority-group plaintiffs.” The Court remanded for application of the ordinary prima-facie standard.
The most intriguing part of the opinion perhaps stems from the concurrence by Justices Thomas and Gorsuch. They question whether McDonnell Douglas remains a useful framework. Such a dialogue signals that the Supreme Court could pursue even more far-reaching changes to Title VII down the road.
Today’s decision removes an evidentiary hurdle that existed only within the above-named Circuits and aligns majority- and minority-plaintiff claims under the same threshold test. Employers in Ohio and elsewhere should expect courts to assess termination, promotion, demotion, and hiring disputes involving majority employees without the now-defunct background circumstances prerequisite.
Ames arrives as Title VII doctrine continues to evolve rapidly. As covered in our recent alerts, a Texas federal court has just vacated key portions of the EEOC’s harassment guidance, and the Trump Administration continues to curtail DEI programs through executive orders and agency memoranda. With Title VII’s rules and enforcement in flux, employers should revisit every corner of their compliance program—policies, job postings, promotion and discipline files, RIF plans, complaint procedures, and training materials—to ensure they withstand the next challenge. Zashin & Rich can conduct a top-to-bottom review, fortify weak spots, and guide decision-makers before a new lawsuit or EEOC charge.
*David P. Frantz (an Ohio State Bar Association Certified Specialist in Labor and Employment Law) and Stephen S. Zashin (Z&R’s Managing Partner) have extensive experience representing employers in discrimination, harassment, and other workplace enforcement matters. If you have questions about the changes occurring under Title VII, please contact David P. Frantz (dpf@zrlaw.com) or Stephen S. Zashin at (ssz@zrlaw.com) via email or by phone at 216.696.4441.
Today, in another significant shift for Title VII of the Civil Rights Act of 1964, the United States Supreme Court has unanimously vacated the Sixth Circuit’s decision in Ames v. Ohio Department of Youth Services, rejecting the Sixth Circuit’s long-standing “background circumstances” requirement.
The Sixth Circuit, whose jurisdiction includes Ohio, has long required majority-group Title VII plaintiffs to clear an extra hurdle before proceeding under the familiar McDonnell Douglas framework (the burden-shifting test courts apply when discrimination is alleged only via circumstantial evidence). This “background circumstances” rule—also followed in the Seventh, Eighth, Tenth, and D.C. Circuits—required white, male, heterosexual, or other majority-group employees to show additional evidence, such as statistics indicating a pattern of bias against majority employees or proof that a minority decisionmaker made the challenged employment decision, before a court would infer discrimination. Writing the lead opinion for the Court, Justice Jackson observed that Congress “establish[ed] the same protections for every ‘individual’—without regard to that individual’s membership in a minority or majority group,” leaving “no room for courts to impose special requirements on majority-group plaintiffs.” The Court remanded for application of the ordinary prima-facie standard.
The most intriguing part of the opinion perhaps stems from the concurrence by Justices Thomas and Gorsuch. They question whether McDonnell Douglas remains a useful framework. Such a dialogue signals that the Supreme Court could pursue even more far-reaching changes to Title VII down the road.
Today’s decision removes an evidentiary hurdle that existed only within the above-named Circuits and aligns majority- and minority-plaintiff claims under the same threshold test. Employers in Ohio and elsewhere should expect courts to assess termination, promotion, demotion, and hiring disputes involving majority employees without the now-defunct background circumstances prerequisite.
Ames arrives as Title VII doctrine continues to evolve rapidly. As covered in our recent alerts, a Texas federal court has just vacated key portions of the EEOC’s harassment guidance, and the Trump Administration continues to curtail DEI programs through executive orders and agency memoranda. With Title VII’s rules and enforcement in flux, employers should revisit every corner of their compliance program—policies, job postings, promotion and discipline files, RIF plans, complaint procedures, and training materials—to ensure they withstand the next challenge. Zashin & Rich can conduct a top-to-bottom review, fortify weak spots, and guide decision-makers before a new lawsuit or EEOC charge.
*David P. Frantz (an Ohio State Bar Association Certified Specialist in Labor and Employment Law) and Stephen S. Zashin (Z&R’s Managing Partner) have extensive experience representing employers in discrimination, harassment, and other workplace enforcement matters. If you have questions about the changes occurring under Title VII, please contact David P. Frantz (dpf@zrlaw.com) or Stephen S. Zashin at (ssz@zrlaw.com) via email or by phone at 216.696.4441.
Wednesday, May 21, 2025
Texas Court Clears Path for Rollback of EEOC Gender Identity Guidance
By Ami J. Patel and Stephen S. Zashin*
On May 15, 2025, the U.S. District Court for the Northern District of Texas vacated portions of the EEOC’s Enforcement Guidance on Harassment in the Workplace, holding that the agency exceeded its statutory authority by interpreting Title VII’s prohibition on sex discrimination to include harassment based on gender identity. The court found that the EEOC's guidance was contrary to Title VII’s plain text by expanding the definition of “sex” to include “sexual orientation and gender identity” which is according to the court, “beyond the biological binary: male and female.” Next, the court found that the EEOC guidance “contravenes Title VII by defining discriminatory‘ harassment’ to include transgender bathroom, pronouns, and dress preferences. ”Therefore, the court found that the EEOC’s guidance went beyond summarizing existing law and instead “fundamentally expands Title VII to include harassment based on gender identity,” specifically by treating the denial of access to bathrooms aligned with a person’s gender identity, enforcement of dress codes inconsistent with gender identity, and the intentional use of names or pronouns inconsistent with a person’s gender identity as unlawful harassment. The court described the EEOC’s Guidance’s reliance and interpretation of Bostock v. Clayton County as a “misreading of Bostock.” (Note: Bostock is the case which held that terminating an employee for being homosexual or transgender violates Title VII’s prohibition on sex discrimination).
Following the court’s May 15, 2025 ruling, the EEOC announced that it could not rescind or revise the Guidance due to the Commission’s lack of quorum—a procedural issue that has persisted since the start of the new administration. In the meantime, the EEOC has labeled and shaded the vacated provisions on its website and is currently reviewing other materials for consistency with the court’s decision.
Employers should take note that while the vacated provisions no longer carry legal weight, the underlying issues remain active and contested. EEOC investigators and plaintiffs may continue to explore similar theories under other frameworks, and state or local laws may impose independent obligations related to sexual orientation or gender identity. While the exact contours of Title VII continue to grow hazy, Employers should continue to handle complaints involving gender identity thoughtfully, with an emphasis on consistency, documentation, and awareness of jurisdiction-specific requirements. Zashin & Rich will continue to monitor developments in Title VII enforcement and is available to assist with any questions regarding compliance or policy updates.
*Ami J. Patel (Z&R’s Practice Leader for Trade Secrets/Non-competes) and Stephen S. Zashin (Z&R’s Managing Partner) have extensive experience representing employers in discrimination, harassment, and other workplace enforcement matters. If you have questions about the changes occurring under Title VII, please contact Ami J. Patel (ajp@zrlaw.com) or Stephen S. Zashin at (ssz@zrlaw.com) via email or by phone at 216.696.4441.
On May 15, 2025, the U.S. District Court for the Northern District of Texas vacated portions of the EEOC’s Enforcement Guidance on Harassment in the Workplace, holding that the agency exceeded its statutory authority by interpreting Title VII’s prohibition on sex discrimination to include harassment based on gender identity. The court found that the EEOC's guidance was contrary to Title VII’s plain text by expanding the definition of “sex” to include “sexual orientation and gender identity” which is according to the court, “beyond the biological binary: male and female.” Next, the court found that the EEOC guidance “contravenes Title VII by defining discriminatory‘ harassment’ to include transgender bathroom, pronouns, and dress preferences. ”Therefore, the court found that the EEOC’s guidance went beyond summarizing existing law and instead “fundamentally expands Title VII to include harassment based on gender identity,” specifically by treating the denial of access to bathrooms aligned with a person’s gender identity, enforcement of dress codes inconsistent with gender identity, and the intentional use of names or pronouns inconsistent with a person’s gender identity as unlawful harassment. The court described the EEOC’s Guidance’s reliance and interpretation of Bostock v. Clayton County as a “misreading of Bostock.” (Note: Bostock is the case which held that terminating an employee for being homosexual or transgender violates Title VII’s prohibition on sex discrimination).
Following the court’s May 15, 2025 ruling, the EEOC announced that it could not rescind or revise the Guidance due to the Commission’s lack of quorum—a procedural issue that has persisted since the start of the new administration. In the meantime, the EEOC has labeled and shaded the vacated provisions on its website and is currently reviewing other materials for consistency with the court’s decision.
Employers should take note that while the vacated provisions no longer carry legal weight, the underlying issues remain active and contested. EEOC investigators and plaintiffs may continue to explore similar theories under other frameworks, and state or local laws may impose independent obligations related to sexual orientation or gender identity. While the exact contours of Title VII continue to grow hazy, Employers should continue to handle complaints involving gender identity thoughtfully, with an emphasis on consistency, documentation, and awareness of jurisdiction-specific requirements. Zashin & Rich will continue to monitor developments in Title VII enforcement and is available to assist with any questions regarding compliance or policy updates.
*Ami J. Patel (Z&R’s Practice Leader for Trade Secrets/Non-competes) and Stephen S. Zashin (Z&R’s Managing Partner) have extensive experience representing employers in discrimination, harassment, and other workplace enforcement matters. If you have questions about the changes occurring under Title VII, please contact Ami J. Patel (ajp@zrlaw.com) or Stephen S. Zashin at (ssz@zrlaw.com) via email or by phone at 216.696.4441.
Wednesday, April 30, 2025
Leveling the “Paying” Field: Cleveland Mandates Salary-Range Transparency and Bans Salary-History Inquiries
By Dylan C. Brown and Rose A. Hayden*
Employers with Cleveland-based staff should take note: the City of Cleveland (City) is joining Columbus, Cincinnati, and a growing roster of jurisdictions in imposing pay-transparency requirements. On April 28, 2025, the Cleveland City Council adopted Ordinance No. 104-2025, which adds Chapter 669, “Unlawful Discriminatory Salary Practices,” to the Cleveland Codified Ordinances. Mayor Justin Bibb signed the measure as an emergency ordinance, with hopes it will assist in closing the gender pay gap, and it will take effect in 180 days (October 25, 2025).
The new ordinance applies to any private employer—whether organized for profit or not—who employs fifteen (15) or more people in the City. While the ordinance excludes any unit of local, state, or federal government, the City of Cleveland itself is not excluded. Those meeting the broad definition of employer must:
Questions about salary history do not cover objective productivity metrics—revenue, sales, or similar production data. Employers may still discuss an applicant’s compensation expectations, including unvested equity or deferred pay the applicant would forfeit, but they must not request, screen on, or rely solely upon the applicant’s salary history when hiring or setting pay.
For any alleged violation of the above requirements, applicants or employees will be able to file complaints with the City’s newly revived Fair Employment Wage Board (FEWB or Board) within 180 days of the alleged violation. FEWB first attempts conciliation. If an employer does not cure a violation within ninety days, FEWB may impose civil penalties of up to $1,000 for a first offense, $2,500 for a second offense, and $5,000 for each additional offense within a five-year window.The Board adjusts these amounts each year to match the inflation reflected in the consumer price index for all Urban Consumers (CPI-U), which is published by the Department of Labor. Employers may appeal adverse rulings to the City’s Director of Finance and then to the Board of Zoning Appeals.
Cleveland’s Ordinance arrives amid a national surge in pay-transparency laws—already on the books in California, Colorado, Illinois, New York, Washington, Columbus, Cincinnati, Toledo, and other jurisdictions. Council sponsors cited data from Columbus and Cincinnati showing post-enactment wage gains for women and emphasized the ordinance’s role in closing persistent pay gaps. With momentum clearly on the side of transparency, Cleveland employers cannot assume this is a passing trend.
The six-month countdown to October 25, 2025, has started. Cleveland employers must audit every posting for a compliant salary range, strip salary-history inquiries from hiring materials, and train recruiters before applicants—and the City’s revived Fair Employment Wage Board—start watching. Noncompliance risks immediate complaints, escalating fines, and reputational damage. Navigating this patchwork of local and multistate rules can feel daunting, but the Employment & Labor team at Zashin & Rich has guided organizations of every size through similar transitions and stands ready to help you get compliant—and stay ahead of the next wave.
*Dylan C. Brown & Rose A. Hayden represent public and private employers in all facets of labor and employment law. For more information or assistance with Cleveland’s pay-transparency ordinance or other employment-law issues matters, contact Dylan (dcb@zrlaw.com) or Rose (rah@zrlaw.com) via email or by phone at 216.696.4441.
Employers with Cleveland-based staff should take note: the City of Cleveland (City) is joining Columbus, Cincinnati, and a growing roster of jurisdictions in imposing pay-transparency requirements. On April 28, 2025, the Cleveland City Council adopted Ordinance No. 104-2025, which adds Chapter 669, “Unlawful Discriminatory Salary Practices,” to the Cleveland Codified Ordinances. Mayor Justin Bibb signed the measure as an emergency ordinance, with hopes it will assist in closing the gender pay gap, and it will take effect in 180 days (October 25, 2025).
Key Requirements Under Ordinance No. 104-2025
The new ordinance applies to any private employer—whether organized for profit or not—who employs fifteen (15) or more people in the City. While the ordinance excludes any unit of local, state, or federal government, the City of Cleveland itself is not excluded. Those meeting the broad definition of employer must:
- Post a pay range. Every notification,advertisement, or formal posting that offers an opportunity to apply for employment in the City must display a salary range or scale.
- Refrain entirely from asking about prior pay. Employers can no longer inquire about the salary history of any applicant for employment.Employers are likewise barred from refusing to hire, disfavoring, or retaliating against an applicant for refusals to disclose their prior financial compensation.
- Avoid salary-based decisions. Employers cannot screen applicants based on their current or prior salary history, and they cannot rely solely on an applicant’s prior compensation when making hiring or pay determinations.
- Recognize the carve-outs. The ordinance’s requirements and prohibitions do not apply to:
- actions another federal, state, or local law expressly authorizes to rely on salary history;
- applicants seeking an internal transfer or promotion with their current employer;
- voluntary, unprompted disclosures of salary history by an applicant;
- incidental disclosure of salary history uncovered during verification or background checks (however employers may not rely solely on that information to set pay);
- rehires when the employer already possesses the applicant’s prior salary data;
- positions whose compensation is set through collective-bargaining procedures; and,
- federal, state, or local governmental employers—other than the City of Cleveland.
Questions about salary history do not cover objective productivity metrics—revenue, sales, or similar production data. Employers may still discuss an applicant’s compensation expectations, including unvested equity or deferred pay the applicant would forfeit, but they must not request, screen on, or rely solely upon the applicant’s salary history when hiring or setting pay.
Compliance Oversight & Penalties
For any alleged violation of the above requirements, applicants or employees will be able to file complaints with the City’s newly revived Fair Employment Wage Board (FEWB or Board) within 180 days of the alleged violation. FEWB first attempts conciliation. If an employer does not cure a violation within ninety days, FEWB may impose civil penalties of up to $1,000 for a first offense, $2,500 for a second offense, and $5,000 for each additional offense within a five-year window.The Board adjusts these amounts each year to match the inflation reflected in the consumer price index for all Urban Consumers (CPI-U), which is published by the Department of Labor. Employers may appeal adverse rulings to the City’s Director of Finance and then to the Board of Zoning Appeals.
Next Steps for Cleveland Employers
Cleveland’s Ordinance arrives amid a national surge in pay-transparency laws—already on the books in California, Colorado, Illinois, New York, Washington, Columbus, Cincinnati, Toledo, and other jurisdictions. Council sponsors cited data from Columbus and Cincinnati showing post-enactment wage gains for women and emphasized the ordinance’s role in closing persistent pay gaps. With momentum clearly on the side of transparency, Cleveland employers cannot assume this is a passing trend.
The six-month countdown to October 25, 2025, has started. Cleveland employers must audit every posting for a compliant salary range, strip salary-history inquiries from hiring materials, and train recruiters before applicants—and the City’s revived Fair Employment Wage Board—start watching. Noncompliance risks immediate complaints, escalating fines, and reputational damage. Navigating this patchwork of local and multistate rules can feel daunting, but the Employment & Labor team at Zashin & Rich has guided organizations of every size through similar transitions and stands ready to help you get compliant—and stay ahead of the next wave.
*Dylan C. Brown & Rose A. Hayden represent public and private employers in all facets of labor and employment law. For more information or assistance with Cleveland’s pay-transparency ordinance or other employment-law issues matters, contact Dylan (dcb@zrlaw.com) or Rose (rah@zrlaw.com) via email or by phone at 216.696.4441.
Subscribe to:
Comments (Atom)