The guys discuss the effect of the Heartbleed virus on small businesses and then provide guidance on exempt employees.
Full Podcast Transcript
NASIR: Welcome to Legally Sound Smart Business.
This is Nasir Pasha.
MATT: And this is Matt Staub.
NASIR: And this is where we cover business in the news with our legal twist and also answer some of your business legal questions that you, the listener and business owner, can send in to ask@legallysoundsmartbusiness – did we get the dot-com for that?
MATT: Yeah, I think we got everyone – dot-com, dot-net, dot-org, dot-pizza.
NASIR: Have those come out yet? I don’t know if those subdomains or those domains have come out yet but we’re definitely getting legallysoundsmartbusiness.pizza when it comes out – unless one of our listeners takes it from us and extorts us.
MATT: It’s most likely already taken because that would be really popular name that people want to have.
NASIR: Especially for a pizza joint, it’d be perfect for them.
MATT: When the internet was kind of up and coming, everyone was on the internet at this point but people still didn’t understand, there was a very old – not very old but like ten to fifteen years maybe, ten to fifteen years, somewhere in that range – SNL commercial. I’m not going to say what the website they say on the show. You can go look it up because it’s probably not appropriate but it’s pretty funny. It’s basically making fun of the fact that every URL is taken already and this was at least ten years ago so it’s pretty interesting.
NASIR: It’s true. Pretty much every dictionary word is done for dot-coms. Pretty much every dictionary word with another dictionary word seems to be taken. It’s slim pickings now. But that’s why they came up with these other domains. I mean, we have clients that have alternative domain names and we have a lot of startup companies that use alternative domain names – whether it’s dot-co or dot-whatever, you know. And so, it’s becoming more popular and understandable.
MATT: Yeah. Well, enough of that, let’s get into the story we have for today. I assume that everyone had heard of this but I was just talking with people yesterday and not everyone was aware.
NASIR: How could they not? I’ve gotten five or six emails about this Heartbleed vulnerability and I’m surprised people haven’t heard about it yet.
MATT: For those that, I guess, haven’t, there’s this new security flaw that came out. When was this? Last week? At least that’s when we got the emails, I think.
NASIR: Yeah, what’s weird is that I think the internet community found out about it one day and then it just started populating after that and then we also found out that the US government knew about it before it was published or released and so forth. This security flaw is huge. It’s basically that encrypted connection that you have with these websites, yeah, all that information that’s passing by, in theory, I guess, some of these people can get that information – including passwords, credit card information, whatever – and with that goes onto the next level.
MATT: We’re going to kind of approach it from the small business perspective but, essentially, it did infiltrate all these big websites and a lot of private information so it’s all the personal data that might have been stored by these – they mentioned some of the ones that were effected like Dropbox, for example, that’s a pretty big company. I think there was a lot of precautionary things that people were taking. I’m trying to remember which sites sent me emails. Google, they keep saying change your Google password.
NASIR: I didn’t get anything from Google but I got two types of emails – one email was saying change your password and then another email saying, “You don’t have to do anything. We’re not affected.” Because I think everyone was kind of scared about all this so they were just being precautionary.
MATT: Yeah, it sounds like it is more precautionary stuff but we want to talk about how this does affect small businesses.
NASIR: I think there’s a few ways. A lot of the businesses work with private sensitive data. Whether you’re storing it on your servers or someone else is storing it on – for example, Dropbox, right? If you’re storing confidential information on there and you have a fiduciary duty or ethical duty whether you’re an accountant or dealing with medical information or whatever, I think at the least, you have an ethical obligation to change your password. If you don’t do that and then your data is later stolen then you can’t claim that someone else is responsible because you were forewarned beforehand.
MATT: Probably my biggest concern, if you have client data and you have a security breach with your own business, then you’re in a lot of trouble. We just passed tax season but I know that, in the past what people have done is steal personal data from CPA’s tax repairs, et cetera, and then file fake tax returns, get those refunds. And then, when those real people try to go file their tax returns with that social security number, if you send it in, they’ll say, “No, we already have a return for that social security number.”
NASIR: Wow, yeah.
MATT: That’s a problem.
NASIR: That’s a big deal.
Actually, I don’t know if a lot of people know this. I think maybe some of the professionals out there know but, if you do have a security breach, the standard is pretty low. Basically, if you find out or if you have even reason to know that it might be a possibility because someone hacked into your system, you have an obligation legally to inform your customers – usually, in writing – within a certain period of days – it’s state by state – to let them know that there might be a security breach. As consumers, we’ve gotten these before – whether it’s from Adobe or from Target saying, “Our servers have been hacked and your credit card might be stolen or information,” or what-have-you, and they may specify what is available to them but that’s actually a law that was started in California. Now, I don’t know how many states but many other states have adopted it. I know Texas has and I know New York has as well and has pretty much adopted California’s model of what they call security breach notification.
MATT: Yeah, that’s definitely something to keep in mind. Of course, put as many precautions as you can in there to protect what you have because the money and small amount of time spent protecting is going to save a ton of time down the road if there’s any sort of breach – and money too if you don’t have any insurance, I suppose, especially small businesses too because it could be a big hit.
NASIR: One thing that I noticed is that, even though this seems like a huge security flaw, it seems like it was a pretty quick easy fix. I mean, I got emails saying that they fixed it within 24 hours. I even talked to one of my clients this week; they’re an IT consulting firm and so they handle some of the servers and so forth. They didn’t have to deal with any really security breaches; they just had to apply a patch and that’s it pretty much and everything seemed to be fixed and no longer vulnerable. I guess that’s computers for you – that computer stuff.
MATT: Yes, that’s computers for you.
NASIR: All right, let’s get to our question of the day.
MATT: “How do I know whether my employee is exempt or not?”
This comes from someone in Roseville, California.
NASIR: I don’t know. Listen to our previous fifty episodes about this subject.
See, I lump this in with independent contractor versus employee stuff. Maybe this is a little different, I suppose.
MATT: Yeah, I’m not sure we’ve really… we’ve definitely talked about this topic before but not maybe in depth. So, first of all, we don’t need to discuss the employee versus independent contractor thing. We get that, hopefully.
NASIR: No, we don’t.
MATT: We’re talking about employees here and they can be classified as exempt or non-exempt and the big thing is whether they’re exempt from essentially overtime pay. That’s a big concern with that.
NASIR: That’s a good distinction to make because, when people say exempt versus non-exempt, what they’re referring to is exempt to certain labor laws. By the way, if you’re an exempt employee, you may not be exempt to everything – just certain things. But I think the main thing is overtime is the main focus when it comes to this kind of classification.
So, what’s the answer here? How do you determine and what’s the difference?
MATT: I guess you’ve got to look at a few things.
You’ve got to look at, first things first, I guess, title. I wouldn’t be so concerned with what your title is. Or I guess we’re talking from the employer’s perspective – the titles that you give your employees because titles can be anything. Me, personally, I’m not very big on titles of any job position – unless it’s CEO because I know what that is. You know, you look at what they’re doing. We’re talking administrative work, executive work, other professional employees, outside sales people, computer employees too can be classified. That’s one kind of step in the right direction of trying to determine whether they’re exempt or not.
NASIR: Well, let’s take a step back. If you look conceptual, it kind of goes to the same independent contractor employee discussion. If you have a lot of control over your employee and more control over the personnel, they’re more likely to be an employee. But the same way if you have more control over your employee, then they’re more likely to be non-exempt versus exempt. The idea is – again, we’ve talked about this in the past – if they’re given a certain amount of independence, then they in theory have the ability to decide on their own when they work and how they work and have more freedom as to these overtime issues, right? That’s the general concept.
But understand that California has pretty rigorous steps and criteria on who is exempt, a little bit more strict than the federal standard. The federal standard is pretty much the concept of having a managerial position and so forth. But California makes a few specific distinctions. There’s one called the executive exemption and administrative exemption which I think are pretty obvious. But then, there’s also even a professional exemption like an attorney or a doctor. But then, there’s all subcategories and Matt mentioned them – the computer professional and outside sales person – and these have specific criteria you have to follow and it’s kind of hard to go into detail at this point but, if you’re thinking about classifying one of your employees in this manner, I would consult an attorney in that regard.
But then, beyond all of this, there is also a salary test. Basically, in California, exempt employees must also meet a certain amount of salary per pay period to be considered exempt. A lot of times, I have seen where someone’s a so-called manager but then they’re being paid minimum wage. That just doesn’t work.
MATT: Yeah, I think you’re alluding to the same sort of thing with employees versus independent contractors. This isn’t something that can be explained in a couple of sentences but we went over the different types of exemptions and the salary requirement, too. Probably about the best that someone can hope for, I suppose, in terms of getting a brief summary of the difference between the two or trying to determine which they are.
NASIR: By the way, the minimum salary requirement is it has to be no less than two times the state minimum wage. California is at $8.00 an hour right now and it’s going up to $9.25 or something this July.
MATT: I think just $9.00 even.
NASIR: $9.00 even, yeah, whatever it will be. So, no less than two times the state minimum wage for that monthly salary for what would be a full-time employment. You take the 40-hour workweek and calculate as follows. I don’t know the exact calculation but it should be around $2,700 per month. It’s not too bad. I think most people in that exempt position would probably fall under that, I mean, in the sense that, if they are truly exempt, they’re probably being paid at least that amount of money. I guess $9.00 an hour, how much is that going to be? I have $3,100 – $3,120 to be exact. That’s what it’s going to go up to and that might affect that because I can see a lot of exempt employees being in that range between $2,700 and $3,100 per month.
MATT: All right. Well, this is a good math podcast.
NASIR: Well, hopefully, that answers that question. It’s kind of a general question – how do you determine between exempt or non-exempt? It’s a tough question. Just like the independent contractor employee question is if you think you’re on the borderline, do not take the chance. It’s the same issue because worst case scenario is that you have a misclassified employee that’s really non-exempt and they’re working overtime, they’re missing lunches, they’re doing this and that, and you’ll end up having to pay back those past wages plus penalties. It’s not a fun process to go through.
MATT: Exactly. I couldn’t have said it better myself – well, I probably could have but…
NASIR: Yeah, with a little practice.
MATT: You did a good job.
NASIR: I appreciate it. Thank you so much.
Well, that’s our episode. We’ll end on a good note with a compliment from Matt saying how perfect I am.
MATT: Ah, yeah. As always, keep it sound and keep it smart.