LEARNING FROM PEPSI CO. & KRONOS: WHAT TO DO WHEN YOUR TIMEKEEPING SYSTEM IS HACKED
Earlier this year, Pepsi Co. was the subject of a class action lawsuit regarding their timekeeping system for employees. In the class action suit, employees alleged that after the hacking of the Kronos electronic timekeeping system, Pepsi Co. based their pay on their work schedules or on the wages they received prior to the hack, rather than properly accounting for the time worked by employees. The lawsuit claimed that Pepsi Co.’s inexact methods for calculating wages owed to employees violated wage and hour laws. It also claimed Pepsi Co. failed its duty to properly pay employees all wages owed because the company could have used a manual method of tracking hours after the hacking of the timekeeping system which would have resulted in accurate pay for hours worked.
After a lengthy legal battle, Pepsi Co. chose to settle the class action lawsuit, agreeing to pay over $12 million to more than 70,000 affected workers. This case serves as a significant lesson for employers.
The first crucial takeaway from this case is that employers cannot place full reliance on external companies to fulfill their legal obligations. Even if they contract with a payroll service, employers should be prepared to step in when issues arise with the service. This is what Pepsi Co. failed to do upon finding out the Kronos system was being hacked. They should have implemented alternative timekeeping methods, such as using old time clocks, timesheets, or other manual tracking systems during the hacking incident. This could have potentially prevented the costly lawsuit.
Employers also need to be aware of the expense and difficulty in defending against wage and hour claims. State and federal agencies are readily available to assist employees with filing claims for unpaid wages and if employers do not have comprehensive records of hours worked by employees as well as amounts paid to employees, it can be difficult if not impossible to defend against these claims.
Both state law and federal law contain specific requirements as to how non-exempt (hourly) employees should be paid. These laws define hours worked as well as requiring overtime when an employee exceeds a certain numbers of hours in a work day or a work week. Employers also need to make sure that they are correctly classifying workers as either exempt or non-exempt. Any employer classifying a position as exempt needs to go through a thorough analysis of the employee’s job duties and responsibilities and annual wages to ensure that the classification is accurate.
Prior to engaging any contracted service, including payroll providers, employers must thoroughly vet all companies the employer is considering contracting with to ensure the selected vendors are up to date on all compliance issues, including cybersecurity. It is essential to review the contractual agreement to understand how it addresses liability issues, indemnification, and other protective measures in case of problems during the contractual relationship with the vendor. Additionally, employers should require that vendors provide regular reporting and access to necessary information to protect themselves against any claims resulting from the contracted services.
In conclusion, the Pepsi Co. class action lawsuit offers valuable insights for employers. By incorporating these lessons and being proactive, employers can reduce the risks of legal disputes and safeguard their reputation.
Join Our Mailing List
Sign up here to receive monthly email updates on the latest NAE news, HR issues, special events, training dates and more!