Will The FPPA Be Florida’s First Comprehensive Privacy Law?

 

This blog post will summarize Senate Bill 1864, released on Friday, which is the first “comprehensive” privacy bill to be released in advance of the 2022 Florida legislative session. This is a long post, so I begin with a “too long, didn’t read” section that I’ve found helpful in articles I’ve read. I then describe the FPPA in detail, but by pulling various pieces of the 34-page law together by subject matter. I close with some personal opinions about this bill and what we can expect in the upcoming legislative session.

 

TL;DR

The Florida Senate has released the first privacy bill of the 2022 legislative session. The Florida Privacy Protection Act (FPPA), drafted by Sen. Jennifer Bradley, is a combination of the CCPA and VCDPA, but does not contain a private right of action. It is similar to the bill Sen. Bradley authored last year but with a few tweaks and one significant change – it would create a dedicated Consumer Data Privacy Unit in the Florida Attorney General’s Office.

I expect to see several more privacy bills released soon, including Rep. Fiona McFarland’s bill, which I anticipate will have some form of a private right of action and perhaps more aggressive and broader requirements.  I also think we will see a few other privacy/cybersecurity bills this legislative session including one that updates the Florida Information Protection Act (Florida’s data breach notification law) in ways that most will not expect.

We can anticipate that, like last year, the big fight will be over whether the law includes a private right of action. If, like last year, the House insists on including an incredibly broad private right of action, I believe it is unlikely to become law, because the political composition in the Florida legislature has not changed significantly since last year.  That said, whether a bill ultimately becomes law depends less on the desire of the legislators as a whole, and more on the “horse trading” that ultimately takes place in the final hours of the legislative session.

The FPPA’s Scope and Key Definitions

The Florida Senate was first out of the gate in the 2022 Florida privacy race, releasing SB 1864, a bill authored by Senator Jennifer Bradley (the leader on all things data privacy in the Florida Senate).  The proposed law (the Florida Privacy Protection Act) is similar to the privacy bill the Senate passed at the end of the last legislative session – which contained many consumer rights but no private right of action. The FPPA draws from the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the Virginia Consumer Data Protection Act (VCDPA). (Author’s Note – I think it was smart of the Senate to release this bill quickly and, whether intentional or not, it helps the Senate appear proactive on privacy and set the narrative.)

To whom does the FPPA apply? Like the GDPR (and the VCDPA), the FPPA applies to “controllers” and “processors.” A controller is a for-profit entity that does business in Florida and determines the purposes/means of processing. Also, similar to the VCDPA, a controller must either: (a) control the processing of personal information of 100,000 or more Florida residents (“consumers”); or (b) control or process the personal information of at least 25,000 consumers and derive 50% or more of its revenue from selling personal information.

A “processor” processes personal information on behalf of, and at the direction of, a controller. Whether an entity is a controller or processor is a fact-based determination that depends upon the context in which the personal information is processed.

What is personal information? Personal information is defined broadly as “information that identifies or is linked or reasonably linkable to an identified or identifiable consumer.” It does not include consumer information available in governmental records, information that is publicly available, or information that is de-identified or aggregate consumer information. Additionally, the FPPA’s consumer rights do not apply to pseudonymous information as long as all information necessary to identify the consumer is kept separate and is subject to effective technical and organizational controls that prevent the accessing/combining of such information.

What is a “sale” of personal information? A core part of the FPPA governs the sale of personal information, but the term “sale” is not limited to a monetary exchange. A sale occurs where a controller makes a consumer’s personal information available to a third party in exchange for monetary “or other valuable consideration, including nonmonetary transactions and agreements for other valuable consideration between a controller and a third party for the benefit of a controller.”

A sale does NOT include:

(a) disclosing personal information to a processor;

(b) disclosing personal information to a third party to provide a product/service requested by the consumer;

(c) disclosing personal information to an affiliate;

(d) disclosing personal information for nontargeted advertising;

(e) transferring personal information as an asset that is part of a merger, acquisition, bankruptcy, or other transaction where a third party assumes control of the controller’s assets; or,

(f) disclosing personal information to law enforcement or emergency services for the purpose of providing assistance to the consumer.

What Are A Controller’s Obligations Under The FPPA?

Notice of collection/processing.  A controller must inform consumers of the purposes for which personal information is collecteor used and whether that information is sold. It must do this at or before the point of collection. These notice requirements do not apply if the controller does not control the collection of personal information. In an instance where the controller collects personal information about (but not directly from) consumers, the controller may provide the required information on its Internet home page or in its online privacy policy.

Notice of sale.  A controller that sells personal information must provide notice that the information may be sold and that consumers have the right to opt out. Additionally, the controller must provide a link on its home page titled “Do Not Sell My Personal Information” that enables a consumer to opt out of the sale of the consumer’s personal information. The controller may not require a consumer to create an account in order to direct the controller not to sell the consumer’s information.

Website privacy policy. Where a controller collects personal information through its website or an online service, the controller must provide a notice that includes:

(a) the categories of personal information the controller collects through the site or online service and the categories of third parties to whom the controller may disclose such personal information;

(b) a description of the process for a consumer who uses or visits the site or online service to review and request changes to any of his/her personal information collected from the consumer through the site or online service;

(c) the process by which the controller notifies consumers of material changes to the privacy policy;

(d) whether a third party may collect personal information about a consumer’s online activities over time and across different sites or online services when the consumer uses the controller’s site or online service; and,

(e) the effective date of the notice.

Minimum necessary. A controller’s collection, use, and retention of personal information must be reasonably necessary to achieve the purposes for which the personal information was collected or processed. This remains the case for any onward transfer of personal information. If a controller wants to do otherwise, it must obtain the consumer’s consent.

Reasonable security or practices. A controller must implement reasonable security procedures and practices, appropriate to the nature of the personal information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.

Agreement with processor. If a controller discloses personal information to a processor, it must enter into an agreement that requires the processor to comply with the controller’s obligations under the FPPA and prohibits downstream recipients from selling the personal information or disclosing, retaining, or using it. (Author’s Note – this appears to be an error in the bill; the downstream recipients must retain and use the information, so I assume what the bill means is that the downstream recipients cannot retain or use the personal information outside the scope of why it is being shared with them.) If a processor shares the information with a third party for a “business purpose,” the processor must notify the controller and restrict the downstream recipients from selling the personal information or retaining, using, or disclosing it (again, I’m assuming retention/use is permitted, but only to the extent necessary to complete the transaction).

Consent for processing sensitive data. A controller must obtain the consumer’s consent before processing sensitive data concerning that consumer.  Sensitive data means information like racial or ethnic origin, religious beliefs, health diagnosis, sexual orientation, citizenship/immigration status, biometric information, personal information collected from a known child, and precise geolocation data. Additionally, if a controller wants to process sensitive data obtained from a known child (i.e., younger than 13), the processing must be limited to delivery of a product or service requested by the child’s parent and must be in accordance with the Children’s Online Privacy Protection Act (COPPA).

Establish a request process. A controller must establish a designated address through which a consumer may submit a request to exercise his or her FPPA rights. If the request is pursuant to the “right to know” (below) then the controller must disclose any personal information about the consumer it has collected, directly or indirectly, since January 1, 2023, including information it obtained through a processor. (Author’s Note – so this means a comprehensive data inventory may not be necessary, but a process for identifying and recording the collection of this data will be crucial.) The controller has 45 days to respond to a right to know/delete/repair request. This time period can be extended by 45 days if the controller determines that such an extension is reasonable necessary, but the controller must notify the consumer of the necessity of the extension.  If a processor receives a right to know/delete/repair request, it must notify the controller of the request within 10 days. The processor must help the controller respond to the request by, at minimum, providing the consumer’s personal information in the processor’s possession. Where directed by the controller, a processor must correct inaccurate personal information or delete personal information, or enable the controller to do the same.

Employee training.  A controller must ensure that all individuals who handle consumer inquiries about the controller’s privacy practices or the controller’s compliance with the opt-in and opt-out requirements are informed of the requirements and how to direct consumers to exercise their rights.

What Are A Consumer’s Rights Under The FPPA?

Opt out of sale.  A consumer can opt out of the sale of his/her personal information at any time. Once a controller receives an opt-out request, or if a controller does not obtain consent to sell “a minor’s” personal information, the controller is not allowed to sell that information without a subsequent express authorization from the consumer. (Author’s Note – the bill is confusing in its use of “minor” and “child”, which each have different meanings under Florida law). The controller has only 10 days to comply with the consumer’s request to opt out.  (Author’s Note – for larger companies that collect personal information in many different ways, this timeline will be challenging.)

Opt out of advertising.  A consumer can opt out of the processing of his/her personal information for targeted advertising or profiling at any time. To that end, a controller must provide a link on its home page titled “Do not Advertise To Me” that enables a consumer to opt out of targeted advertising or profiling. Even if the consumer opts out, however, a controller may still: (a) offer a different price, rate, level, quality, or selection of goods/services to the consumer; and (b) offer a loyalty, reward, premium feature, discount, or club card program. Additionally, a controller may charge a different price, rate, level, quality, or selection of goods/services to a consumer who has opted out of advertising as long as the charge is not unjust, unreasonable, coercive, or usurious.

Verifying the opt-out request. A controller is only required to comply with opt-out requests it is reasonably able to authenticate. However, the controller cannot require the consumer to declare his/her privacy preferences every time he/she visits the controller’s website or uses the controller’s online services.

Limited use of opt-out request. A controller cannot use any personal information collected in connection with the submission of an opt-out request for any reason other than for complying with the opt-out request.

Right to be left alone for one year. The controller must wait one year before asking any consumer who opted out of the sale of his/her data to re-authorize the sale of that consumer’s personal information.

Sale of a minor’s information (“right to opt in”). A controller may not sell personal information collected from consumers that are known to be 16 or younger, unless: (a) for children who are 13 to 16 years-old, the child has authorized the sale; or (b) for children who are younger than 13, the parent/guardian has authorized the sale. If parental consent is obtained in compliance with COPPA, then such consent meets the parental consent requirements of the FPPA.

Right to know. Where requested by the consumer, a controller must provide: (a) the categories of sources from which the consumer’s personal information was collected; (b) the specific items of personal information it has collected about the consumer; and (c) the categories of any third parties to whom the personal information was sold.

Right to delete. Consumers have the right to request that personal information that has been collected from the consumer be deleted. A controller can deny this request for any of the following seven reasons:

(a) to complete the transaction for which the personal information was collected, fulfill the terms of a warranty or recall, provide a good/services requested by the consumer, or perform a contract between the business and the consumer;

(b) to help ensure security and integrity;

(c) to identify and repair errors that impair existing intended functionality;

(d) to exercise free speech or another legal right;

(e) to engage in public or peer-reviewed scientific, historical, or statistical research; or,

(f) to comply with a legal obligation.

Right to correction. Consumers have the right to submit a verified request for correction of their personal information held by a controller if that information is inaccurate, “taking into account the nature of the personal information and the purpose for processing the consumer’s personal information.” (Author’s Notes – (1) I’m not sure what the quoted language means or how it would be implemented; and (2) this unrestricted right would conceivably give the consumer the ability to “correct” their information with something that is knowingly false in order to “game the system” in some way (e.g., take advantage of discounts, rewards, etc.).

What Are The Controller’s Rights Under The FPPA?

Right to refuse requests. If a consumer’s request is manifestly unfounded or excessive (e.g., repetitive), a controller may either charge a reasonable fee or refuse to act on it (in which case the controller must notify the consumer of the reason for refusing the request).

Safe harbor for other controller/processor violations. A controller is not liable for a processor’s violation of the FPPA if at the time the controller disclosed the personal information to the processor the controller did not have actual knowledge or a reason to believe the processor intended to commit such a violation. Similarly, a processor is not liable for the obligations of a controller. Likewise, a controller or processor that discloses personal information to a third-party controller or processor is not in violation of the FPPA for the third party’s violations if the controller/processor did not have knowledge at the time of disclosing the information that the recipient intended to commit a violation. Conversely, a third-party controller or processor receiving personal information from a controller or processor in compliance with the FPPA is not in violation of the FPPA for the controller’s/processor’s noncompliance.

When Does The FPPA Not Apply?

The FPPA includes a significant number of exceptions and exclusions.  For example, the FPPA would not apply where it would restrict a controller’s or processor’s ability to do any of the following 15 activities:

(a) comply with legal obligations;

(b) comply with an investigation, subpoena, or summons;

(c) cooperate with law enforcement;

(d) exercise, prepare for, or defend legal claims;

(e) conduct internal research to develop, improve, or repair products, services, or technology;

(f) effectuate a product recall or provide a warranty for products or services;

(g) identify or repair technical errors that impair existing or intended functionality;

(h) perform internal operations that are aligned with the consumer’s expectations or compatible with processing data in furtherance of the provision or a product or service requested by the consumer;

(i) provide a product/service (or perform a contract) specifically requested by a consumer; perform a contract to which the consumer or parent is a party;

(j) take steps to protect an interest that is essential for life or physical safety of the consumer or another person;

(k) prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity, and prosecute those responsible;

(l) preserve the integrity or security of information technology systems;

(m) investigate, report, or prosecute those responsible for any illegal, malicious, harmful, deceptive, or otherwise harmful activities;

(n) engage in certain public or peer-reviewed scientific or statistical research in the public interest; and,

(o) assist another controller, processor, or third party with any of the above obligations.

In addition to the above restrictions, the FPPA also would not apply to any of the following 17 circumstances:

(a) personal information collected in the employment context. This means personal information about employees, owners, directors, officers, beneficiaries, job applicants, interns, or volunteers, as long as the controller is collecting/disclosing such information to the extent reasonable and necessary. (Author’s Note – this exclusion will likely require a correction by Sen. Bradley’s office because, as written, it implies that the FPPA would not apply to any controller that engages in this activity, which would be almost every company doing business in Florida).

(b) personal information in business-related communications/transactions;

(c) personal information in job applications and employment benefit documents;

(d) personal information in a contract with an independent contractor;

(e) protected health information (as that term is defined by HIPAA) that contains personal information;

(f) a covered entity or business associate under HIPAA;

(g) information collected for purposes of research;

(h) information created for purposes of the Health Care Quality Improvement Act;

(i) de-identified information under HIPAA or the Federal Policy for the Protection of Human Subjects (FPPHS);

(j) information collected as party of a clinical trial subject to the FPPHS;

(k) information collected, processed, sold, or disclosed pursuant to the Fair Credit Reporting Act;

(l) information and financial institutions regulated by the Gramm-Leach-Bliley Act;

(m) information collected, processed, sold, or disclosed pursuant to the Farm Credit Act;

(n) information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy Protection Act;

(o) education information under the Family Education Rights and Privacy Act;

(p) information and entities governed by the Airline Deregulation Act (where preemption applies); and,

(q) vehicle information or ownership information shared between a new motor vehicle dealer, a distributor, or the vehicle’s manufacturer if the vehicle or ownership information is shared for the purpose of effectuating a vehicle repair covered by a warranty or recall, provided that the entity that receives the information does not sell, share, or use it for any other purpose.

How Will The FPPA Be Enforced?

First, there is no private cause of action established by the FPPA and will be enforced exclusively by the Florida Attorney General. In fact, it explicitly states that evidence of any noncompliance with the FPPA can only be used as the basis to prove a cause of action brought by the Florida Attorney General.

The bill defines two activities as unfair and deceptive trade practices: (a) failing to delete/correct a consumer’s personal information after received a verifiable request to which no exception applies; and (b) continuing to sell a consumer’s personal information after the consumer chooses to opt out, or selling the personal information of a consumer age 16 or younger without obtaining their consent. The Attorney General may give the controller/processor 45 days to cure such violations, but the right to cure is discretionary and whether it is provided depends on the number of violations, the likelihood of public injury, and the safety of persons/property.

On an annual basis, the Attorney General must submit a report to the Senate President and Speaker of the House of Representatives describing any actions taken to enforce the FPPA.

If the Attorney General brings an action, the court may grant actual damages to a consumer and/or injunctive/declaratory relief.

One More Thing . . .

The FPPA would create within the Florida Attorney’ General’s Office a Consumer Data Privacy Unit that must be headed by a director who is fully accountable to the Attorney General. That Unit will be responsible for enforcing the FPPA and, more generally, protecting the personal information of Florida residents.

When Will The FPPA Go Into Effect?

December 31, 2022.

What To Expect Next?

The FPPA is likely the first of at least two or three data privacy bills we can expect to be introduced in the Florida legislature during the 2022 session. Representative McFarland, the leader in data privacy and all things technology in the House of Representatives, is working on a comprehensive bill that will be introduced soon. She has been meeting with many different constituencies as she shapes version 2.0. I anticipate that bill will include broader requirements but (at least initially) keep a private right of action.

I also anticipate we will see a bill that updates Florida’s data breach notification law (the Florida Information Protection Act) by adding more specificity to the definition of “reasonable security.” We may even see a private right of action added to it.

What is the chance that any of these bills will become law? If you forced me to choose a side, I think a privacy bill will be passed during this legislative session, but I do not think it will include a private right of action. A comprehensive privacy bill almost passed last year and this year is an important election year in Florida for the Governor and members of both chambers, so passing a pro-populist privacy law will be important for political leaders who want to claim the mantle of “fighting back against big tech” even if the legislation goes far beyond that objective.

That said, there are many businesses who have not needed to comply with the CCPA or prepare for Virginia’s or Colorado’s privacy laws. For those companies, the FPPA will present a significant financial burden even without a private right of action. The truth is that whether we see a privacy law passed by the legislature will likely come down to how these bills are prioritized by leadership in both chambers during the “horse trading” process at the end of the legislative session. So strap yourself in for another three-month roller coaster!

 

DISCLAIMER:  The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP, or its clients.  Similarly, the opinions expressed by those providing comments are theirs alone and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients.  All of the data and information provided on this site are for informational purposes only.  It is not legal advice nor should it be relied on as legal advice.

3 employee management myths that cost small businesses big

Small business owners are bold people. They see the opportunity to build something new and jump in with gusto.

So, it’s understandable that they don’t live for managing humdrum back-office tasks like time tracking, tax filing or payroll management.

But when it comes to these complicated, important tasks, what you don’t know could hurt you. Let’s discuss three management myths that might be costing your small business big.

 

Myth 1: Using payroll software is too expensive

Maybe you’ve heard that small businesses can get by just fine without technology. Roll up your sleeves and sharpen a fresh pencil to achieve the same result, right?

Unfortunately, untrue. Manual processes don’t scale as your business grows, and almost always end up costing more money than small business payroll software over time.

Consider the paperwork. When schedules, pay stubs (showing employees their take-home pay after federal taxes, health insurance deductions, etc.) and time-off balances are only available on paper, owners and managers become gatekeepers.

It’s an unwelcome distraction for management and a source of frustration for employees. Don’t forget, costs don’t just have to be monetary. This myth could be costing you time, employee morale or other resources you value.

One way to make it better for everyone is choosing a payroll provider that offers employee self-service — meaning your people have access to, and responsibility for, their own requests and information.

Everyone runs their lives from their phones…a fact we’re sure is irritating after the fifth reminder to your staff to stop watching TikToks or carrying on lengthy text conversations during shifts.

So why not empower your employees by giving them access to their own data? They can review their PTO, benefits administration, direct deposit paystubs and more via a user-friendly online portal. It will save you time and they’ll appreciate the freedom.

A study by the American Payroll Association brings some hard facts into the decision to outsource payroll processing. They found that companies using a technology solution for payroll and timekeeping experienced a payroll error rate of 2% or less. In contrast, an error rate of up to 8% has been found in organizations manually tracking hours.

If you’re still doing payroll without support, you could be leaving your business open to errors. Even the most detail-oriented person can make a mistake when transferring information from one document to another, accidentally causing a miscalculation in payroll or tax withholdings.

Consider a payroll provider that gives you the freedom to run payroll on your own terms. When you do need outside input, it should be easy to call or email your dedicated payroll specialist for on-the-spot customer support.

Data matters, too. When you have 24/7 access to customizable payroll reports, you can feel confident about where you are now and what business decisions you want to make next.

 

Myth 2: Compliance rules are optional for small businesses

There are a lot of hoops for small businesses to jump through for basic legal and financial compliance. Keeping track of them all and doing the mundane tasks with precision is a drag and not something any business owner looks forward to.

Some hate it so much they make the risky decision to just ignore their obligations. They think they are too small to be concerned about following employment laws. In reality, small businesses are just as obligated as larger organizations to abide by employment and labor laws; there’s no rule stating small businesses are entitled to leniency if they violate the law.

According to the U.S. Department of Labor, “willful violations may be prosecuted criminally and the violator fined up to $10,000. A second conviction may result in imprisonment. Employers who willfully or repeatedly violate the minimum wage or overtime pay requirements are subject to a civil money penalty of up to $1,000 for each violation.”

And those are just the penalties associated with wage-and-hour law noncompliance. They don’t include penalties or damages for discrimination, retaliation and more.

All it takes is one disgruntled employee or observant customer to get you in trouble. Is it really worth the risk?

It’s worth considering a full-service payroll solution. The right one will make compliance a breeze by giving you digital documentation whenever you need it.

That way, you’re protected if anyone were to question your hiring, scheduling, payroll or firing choices.

Myth 3: Investing in human resources isn’t for SMBs

If you were listing the most costly parts of running your organization, labor is probably very high on the list. But guess what? You can turn that expense into your greatest asset if you pay attention to what matters to your staff (like managing their onboarding with care).

Onboarding is about making sure new employees are set up for success. Employees do best when they have clear expectations for their role and know what their priorities should be. This can even be small things, like making sure they know how much sick leave they get or when payday is.

And it’s more important than you might think. Without a thorough onboarding experience, 17% of new hires will leave within 90 days and 20% will leave within 45 days. Turnover like that can consistently put you back at square one, having to dive back into a time-consuming cycle of recruiting, screening and hiring again after just a few pay periods.

If you don’t feel like your onboarding process is complete enough to set your new hires up for success, but don’t have the time to design it, you should consider a digital solution.

Payroll and HR software with the appropriate add-ons makes it easier to do onboarding right. Beyond creating prepared, well-adjusted new hires, you’ll also be able to manage the standards required for compliance with labor and recordkeeping laws.

For instance, an employee handbook may seem like something only larger businesses need to ensure thousands of employees are following procedure. But even if you have a small number of employees, it’s important to document your expectations for them.

No one likes having tough conversations addressing employee behaviors. Having an employee handbook and policy manual goes a long way in difficult conversations. Also, a well-written handbook can act as legal protection for your business should issues arise, according to the National Federation of Independent Business (NFIB).

But a handbook is only the first step. It’s important employees know it exists, read it and agree to follow it. While it’s possible without technology, it’s a lot easier with a digital solution.

Think about technology that makes reading and acknowledging the handbook part of the onboarding experience. That way, everyone is on the same page from the beginning. You have proof employees read the handbook, and they can access it when they’ve got questions.

 

Heartland Payroll+ was designed specifically for small business, so affordable pricing and user-friendly technology are a given. You buy what you want, when you’re ready for it, with the option to change your mind at any time.

The tech you buy is important. The provider you buy it from matters just as much. When it comes to guidance on compliance, company policies, hiring, terminations and more, we’re here for you.

Don’t allow your team, your business or yourself to fall prey to common myths for another minute. Learn more today: https://www.heartland.us/products/payroll-plus

Navigating COVID-19 and Its Impact/Aftermath: Take Control With Whole Person Wellness

“Wellness is a state of complete physical, mental, and social well-being, and not merely the absence of disease or infirmity.” – The World Health Organization

 

  • Stress influences many hormones, including cortisol, that impact the production of antibodies & extra stress on the pituitary and adrenal glands leaving us immunocompromised.
  • According to many studies, the most common health problem in the world is depression, often manifested in the form of insomnia, stress, poor nutrition, physical inactivity, obesity, and heart disease.
  • Social relationships have an impact on our mental health, physical health and mortality risk. Sociologists have identified a link between social relationships and health outcomes. Many studies show that social relationships, both quality and quantity, have short and long-term effects on our health.
  • Loneliness can kill. A person who is lonely is 50% more likely to die prematurely than a person who has healthy social relationships. Loneliness can reduce a person’s immune system and cause inflammation in the body which can lead to heart disease and other chronic conditions. Without social or emotional support, stress can place a bigger toll on a person’s health. –Psychology Today

 

The Cost of Burnout is High:  How Do We Recover?

 

  • Know your stress signals & triggers

Pay attention throughout the day to your ups and downs, periods of flatness, low energy, agitation, sadness, lack of concentration, lack of motivation, hopelessness, feeling lack of control, grief, inability to accomplish and deliver what we usually can, exhaustion, “I have nothing left to give anyone”, irritability, etc.

 

  • Recognize your level of agitation/heightened emotional state and take corrective action to manage in real time as it occurs or as soon afterwards as feasible.

 

  • Choose effective recovery strategies to quiet the mind, relax the body and bring yourself back to a place of restoration.

 

Focus on right brain activities:

  • Sensory
  • Appreciation / gratitude
  • At the moment awareness / mindfulness
  • Not goal-directed

 

Give some thought to YOU:

Make time for these things daily – even a few minutes throughout the day changes our physiology and makes us stronger physically and mentally.

 

  • What gives you a measure of peace?
  • What relaxes you?
  • What makes you feel great or at least good?
  • What gives you joy?
  • What restores you?

 

Assess and focus on what really matters to you in life and work: what can you get rid of? What can you work around? What can be put off?

 

Here is what others are doing:

 

·       Turn off the news  
·       Read a book  
·       Listen to music  
·       Take a break from social media  
·       Learn how to control your breathing  
·       Grounding:try to relax as you lie flat on your back on the floor  
·       Get outside  
·       Move your head and body  
·       Practice mindfulness  
·       Learn to meditate (Headspace, Sanvello, Calm)  
·       Try yoga  
·       Journal  
·       Laugh (stimulates lungs, heart and endorphins)  
·       Exercise  

 

·       Spend time with an animal
·       Hug more (those in your household during COVID)
·       Ask others how they are feeling
·       Connect with others virtually
·       Focus on giving if you are able
·       Mindfully focus on every single simple activity and the accompanying feeling of accomplishment
·       Start & end the day with gratitude

 

Breathe! It is our best tool – easy and free! If you do nothing else, schedule yourself, make time for deep breathing throughout the day – even a few breaths will trigger a reset in your mind and body. In for 4, hold for 4, out for 6 is a tried-and -true method but anything works!

5 ways hiring managers can combat the hiring crisis

Like most of us during the early days of the pandemic, business owners were running on pure adrenaline, just trying to find ways to survive.

Now, with vaccinations on the rise and eased restrictions, they’re poised and ready to get back to normal. However, they’re facing a major pandemic-induced challenge: chronic labor shortages in the job market.

What led to our current hiring challenges?

To sum it up, the COVID pandemic is to blame. Shutdowns and social distancing caused businesses across industries to close their doors. Those that relied on face-to-face interactions — like restaurants — moved toward a remote, curb-side or delivery business model. Layoffs followed.

Meanwhile, organizations in certain industries, including warehousing, e-commerce, fulfillment and grocery stores, were facing unprecedented demand. To attract workers, they raised wages and offered signing bonuses. Workers flocked to these positions and are not likely to leave them. In fact, a recent survey by Joblist found that nearly 30% of restaurant workers do not plan on returning to the industry.

 

Lastly, enhanced unemployment benefits could incentivize some workers to stay home. According to QSR Magazine and Black Box Intelligence, these circumstances came together to create “a perfect storm” of talent shortages.

 

Hiring decisions should be about candidate experience, culture fit for the employer brand, and creating a healthy and diverse workforce. Unfortunately, in today’s job market, sourcing any qualified candidates is a far bigger concern.

5 ways to beat the talent crunch and find qualified candidates

These labor market conditions won’t last forever. While you can be optimistic that several elements of the perfect storm are beginning to pass, it would be a mistake to let that optimism turn to denial. The pandemic has created permanent changes that employers in all industries will have to face going forward. You can adapt by considering the following.

  1. Focus on recruiting. Employee referrals, website job boards and social media posts are some of the most successful methods of recruiting for restaurants, according to a poll by Black Box Intelligence and QSR Magazine. Communicate openings to staff and post them online.
  2. Recruiters need to create job descriptions that tout your culture and career paths. Show workers a job with your organization is more than just a job. Create and post job descriptions that showcase your culture and your business as a place employees can grow.
  3. Make applying easy. Blake Casper, a McDonald’s franchisee who was offering a $50 incentive just for candidates to show up for interviews, had better luck employing a mix of referral programs, signing bonuses and allowing candidates to text to apply. Consider adopting text-to-apply technology.
  4. Offer robust onboarding. Show new hires that you’re willing to invest in their expertise and performance by training them well from the start. Not only will training help you attract top talent, it can help you retain the best candidates, too.
  5. Offer flexible scheduling. The ability to work remotely is a perk that workers are beginning to expect. If offering remote work isn’t possible because of your business model, offering a flexible schedule can be the next best thing.

The right technology can help find the right candidates

Taking the steps above might sound daunting if you don’t have any type of human resources management solution. But with the right technology, you can make talent acquisition less painful and automate key aspects of your recruiting strategy and hiring process.

When it comes to recruitment, it’s helpful to use a technology that empowers you to post your job openings online and on social media platforms with just a few clicks. Potential candidates should be able to text to apply easily from any mobile device. The right system should also make it easy for you to manage the entire recruitment process all from one central dashboard.

The right solution will also have an onboarding module that will help you recruit the right talent and take steps toward their retention. Look for technology that incorporates all of these capabilities into a system that also helps you manage payroll and scheduling.

Heartland can simplify the hiring process and other staffing needs

Heartland Hire aggregates all your job postings, current applicants, and scheduled interviews all in one convenient dashboard. You can also access relevant resumes, interview notes, job stats and more in your own database. Plus, with Heartland Hire, you can create a new job posting in 60 seconds and post it to your careers page and social media accounts in a few clicks.

This type of technology, combined with our personalized customer service, can help you take the steps you need to adapt to the current talent pool crisis and secure the new team members you need.

You can learn more about Heartland’s human resources management and payroll services by clicking here. To read more about Hiring in Hard Times, check out our infographic here.

 

Navigating COVID-19 and Its Impact/Aftermath: Take Control With Whole Person Wellness

 

“Wellness is a state of complete physical, mental, and social well-being, and not merely the absence of disease or infirmity.” – The World Health Organization

 

  • Stress influences many hormones, including cortisol, that impact the production of antibodies & extra stress on the pituitary and adrenal glands leaving us immunocompromised.
  • According to many studies, the most common health problem in the world is depression, often manifested in the form of insomnia, stress, poor nutrition, physical inactivity, obesity, and heart disease.
  • Social relationships have an impact on our mental health, physical health and mortality risk. Sociologists have identified a link between social relationships and health outcomes. Many studies show that social relationships, both quality and quantity, have short and long-term effects on our health.
  • Loneliness can kill. A person who is lonely is 50% more likely to die prematurely than a person who has healthy social relationships. Loneliness can reduce a person’s immune system and cause inflammation in the body which can lead to heart disease and other chronic conditions. Without social or emotional support, stress can place a bigger toll on a person’s health. –Psychology Today

 

The Cost of Burnout is High:  How Do We Recover?

 

  • Know your stress signals & triggers

Pay attention throughout the day to your ups and downs, periods of flatness, low energy, agitation, sadness, lack of concentration, lack of motivation, hopelessness, feeling lack of control, grief, inability to accomplish and deliver what we usually can, exhaustion, “I have nothing left to give anyone”, irritability, etc.

 

  • Recognize your level of agitation/heightened emotional state and take corrective action to manage in real time as it occurs or as soon afterwards as feasible.

 

  • Choose effective recovery strategies to quiet the mind, relax the body and bring yourself back to a place of restoration.

 

Focus on right brain activities:

  • Sensory
  • Appreciation / gratitude
  • At the moment awareness / mindfulness
  • Not goal-directed

 

Give some thought to YOU:

Make time for these things daily – even a few minutes throughout the day changes our physiology and makes us stronger physically and mentally.

 

  • What gives you a measure of peace?
  • What relaxes you?
  • What makes you feel great or at least good?
  • What gives you joy?
  • What restores you?

 

Assess and focus on what really matters to you in life and work: what can you get rid of? What can you work around? What can be put off?

 

Here is what others are doing:

 

·       Turn off the news  
·       Read a book  
·       Listen to music  
·       Take a break from social media  
·       Learn how to control your breathing  
·       Grounding:try to relax as you lie flat on your back on the floor  
·       Get outside  
·       Move your head and body  
·       Practice mindfulness  
·       Learn to meditate (Headspace, Sanvello, Calm)  
·       Try yoga  
·       Journal  
·       Laugh (stimulates lungs, heart and endorphins)  
·       Exercise  

 

·       Spend time with an animal
·       Hug more (those in your household during COVID)
·       Ask others how they are feeling
·       Connect with others virtually
·       Focus on giving if you are able
·       Mindfully focus on every single simple activity and the accompanying feeling of accomplishment
·       Start & end the day with gratitude

 

Breathe! It is our best tool – easy and free! If you do nothing else, schedule yourself, make time for deep breathing throughout the day – even a few breaths will trigger a reset in your mind and body. In for 4, hold for 4, out for 6 is a tried-and -true method but anything works!

We have proudly partnered with the National Restaurant Association introducing top-of-class products for restaurants.

The way service looks has changed rapidly, but Heartland’s kept up. We’ve upgraded our products and developed new features to help business owners thrive.

Heartland Restaurant is designed specifically for hospitality businesses – from quick service to casual and fine dining. Streamlining operations in one solution makes it easier for restaurant owners to manage and grow their business from tableside to delivery, kiosk to kitchen and from countertop to online.

Point of Sale

Our cloud‐based POS solutions have smooth‐as‐butter integrations with online ordering, contactless payments and more. Manage from work, home or wherever life takes you.

Online Ordering

Make the transition with a simple, reliable solution delivering the revenue you need and the efficient, cleanly designed checkout experience customers expect.

Mobile Payments

Designed for dependability, you can accept payments online or in‐person payments from your phone or tablet in minutes. Curbside pickup just became a breeze.

Email Marketing

Keep your customers close even during social distancing. Provide key information and updates about your hours, current specials, takeout, delivery options and more.

Payroll

Everything in the restaurant industry is fast paced, including your payroll and HR needs. With our tools, you’ll spend less time worrying about employee onboarding or payroll and more time building memorable customer experiences.

Virtual Gift

Ditch physical gift cards for the convenience of selling virtual gift cards on your website. Ideal for customers wanting to show their support, or just looking for a delicious meal.

Want to know more?  Visit Heartland

We have proudly partnered with the National Restaurant Association introducing top-of-class products for restaurants.

The way service looks has changed rapidly, but Heartland’s kept up. We’ve upgraded our products and developed new features to help business owners thrive.

Heartland Restaurant is designed specifically for hospitality businesses – from quick service to casual and fine dining. Streamlining operations in one solution makes it easier for restaurant owners to manage and grow their business from tableside to delivery, kiosk to kitchen and from countertop to online.

Point of Sale

Our cloud‐based POS solutions have smooth‐as‐butter integrations with online ordering, contactless payments and more. Manage from work, home or wherever life takes you.

Online Ordering

Make the transition with a simple, reliable solution delivering the revenue you need and the efficient, cleanly designed checkout experience customers expect.

Mobile Payments

Designed for dependability, you can accept payments online or in‐person payments from your phone or tablet in minutes. Curbside pickup just became a breeze.

Email Marketing

Keep your customers close even during social distancing. Provide key information and updates about your hours, current specials, takeout, delivery options and more.

Payroll

Everything in the restaurant industry is fast paced, including your payroll and HR needs. With our tools, you’ll spend less time worrying about employee onboarding or payroll and more time building memorable customer experiences.

Virtual Gift

Ditch physical gift cards for the convenience of selling virtual gift cards on your website. Ideal for customers wanting to show their support, or just looking for a delicious meal.

Want to know more?  Visit Heartland.

Payments Without Pesky Limits

Minimalism, a movement to rid life of excess in favor of what’s important, is growing in popularity. It’s only natural the trend would extend to business. And it turns out there’s freedom in simplicity. Now, all you need to run your business is:

  1. Your phone
  2. Heartland Mobile Pay
  3. Your next destination

Don’t be fooled; this lightweight card reader is a heavy hitter when it comes to features. Whether your customers tap, dip or swipe, Mobile Pay does it all — and gets you access to your money within 24 hours. The only limitation is the bounds of your entrepreneurial spirit.

The ideal customer experience, anywhere 

Ruggedly designed to work in any environment, Mobile Pay is ready to collect payments wherever business takes you. Process transactions at lightning speed, or generate invoices for later payment. Customers get the efficient experience they expect, and you get the security of EMV electronic chip card technology authenticating each card as genuine.

Never miss a sale 

Go boldly back to business after downloading the Mobile Pay app and connecting the Heartland card reader to your phone or tablet. With Mobile Pay’s reliability, worrying about technical glitches and lost sales are a thing of the past. Rest even easier knowing Mobile Pay encrypts card data as soon as it enters the card reader, and card data is never stored on your mobile device.

Customer trends revealed 

Data helps you run a better business. Mobile Pay provides a companion merchant web portal, accessible 24/365 from any internet-enabled device. Simply view real-time sales, transaction details and inventory. Export reports to share with partners when you need to re-stock or reevaluate.

Get all the functionality of a traditional payment terminal with the counterspace of a phone. Mobile Pay is the flexible solution for your evolving business.

Is now the right time to ditch your old point of sale for something new?

Like most small businesses, restaurateurs threw their 2020 plans out the window after pandemic shutdowns shuttered locations. But SMBs aren’t the only ones who altered their plans. You can add point of sale software providers to the list.

Companies like Heartland began upgrading products and developing new features to help small business owners thrive when business is unusual.

Here are six of the latest product features and things you should consider when deciding to upgrade your point of sale:

Is your POS more than you bargained for?

Point of sale systems aren’t one size fits all. Some solutions are designed for complex businesses, offering features that you’ll never use. Usually, complex solutions mean a complex user experience. If you’re having trouble navigating the display screen, think about the new server you just hired. How many hours will it take to cross-train him on the system?

Support. Support. Support.

If location is most important in small business hierocracy, support is the next bullet on the list. Make sure you’re getting the point of sale support you need as the business grows. Is the company offering consulting support? If not, find a partner who’s aware of the latest payment tech trends and products, so you have the tools you need today and in the future.

Does it have online ordering?

Yes, it’s not new, but before you skip ahead to the next tip, make sure you understand the benefits of integrating online ordering with the point of sale.

A cloud-based POS with a built-in online ordering tool lets you accept orders on your website and manage them at the POS. And since these are cloud-based systems, you can track online sales from anywhere, on any web browser.

Make sure it’s restaurant approved.

Remember, not all point of sale systems are the same. Choose one built for your restaurant. Some newer, cloud-based POS systems offer an array of features like real-time reporting, time and attendance, inventory management, and customer buying behaviors. These systems are perfect if you want to save on inventory costs, reduce overtime wages, and optimize your menu.

Can’t touch this.

Payment companies invested a ton of resources into contactless and touchless payment technology over the last year, with Scan to Pay and Pay-to-Link being the latest to hit the market. These two features are transforming the way restaurants accept payments. Sounds great, but what is Scan to Pay and Pay-by-Link?

Scan to Pay technology lets customers scan a unique QR code with their smartphone, usually printed on their check, and pay for their meal at the table, host stand, or the curb.

With Pay-by-Link, you can create a unique payment link and text it to the customer. No more accepting cards over the phone. No more unpaid to-go orders.

Keep scheduling, payroll, and the POS under one roof.

Why should you find a solution that combines these three functions? Well, fewer headaches for one, but by combining scheduling, payroll, and payments, you’ll spend less time scrolling through spreadsheets and more time growing your business.

An integrated solution shares data, so if a server enters her tip on the point of sale, it’s synced with the other programs. And since these are cloud-based systems, you can create schedules from anywhere, on any web browser. Staff can view schedule updates from their phone in real time.

If it feels like the right time to update your point of sale, we suggest you check out Heartland Restaurant. It’s a smart, cloud-based POS designed for restaurants; it checks all our boxes.

 

Read more

How Tech Helps Restaurants Prep for the Future

 

When “Daniel” shut down due to COVID-19, Chef Daniel Boulud quickly developed creative weekly menus, powered by an online delivery and carryout platform. His pivot shows how some restaurateurs have faced new circumstances with remarkable resilience and innovation.

“In response to the changed environment, the first thing restaurants are doing is purchasing a digital point of sale,” says Andre Nataf, senior vice president of point of sale at Global Payments’ company Heartland. “In addition to accepting digital transactions, they need to have tools to engage with customers, such as email marketing capabilities, loyalty programs and a robust website presence.”

 

New customer expectations

About 70% of consumers said eating at a restaurant will help them feel normal again, according to a nationwide Global Payments survey of 1,000 consumers. However, when they do arrive, they’ll be more wary of safety, cleanliness and quality.

The good news: when people feel safe, they’re likely to return. Use technology to build loyalty and trust:

Digital ordering. Customers can reserve, order and pay from their mobile apps and devices. Digital also minimizes interactions between delivery drivers and staff.

Touchless payments. Restaurants can add QR codes to digital drive-thru menu boards or restaurant receipts, with customers ordering and paying with Apple Pay or Google Wallet. About 44% of consumers are willing to tap to pay, up from 29% before the pandemic, according to the Global Payments survey.

Digitally powered inventory. Restaurants can control menus with a click or a tap for instantly reflected changes, even with multiple locations.

Cloud agility. Cloud-based platforms allow restaurants to streamline tasks including kitchen management and drive-thru operations. They also help with customer intelligence and social media reputation management, centralizing reporting and analytics for deeper, faster insights.

Guest list management. Digital POS Systems allow customers to place orders while waiting and receive texts when their tables are ready.

UV-C disinfection. Ultraviolet light can kill or inactivate 99% of microorganisms on POS devices and kiosks. It can be added to existing screens and monitor surfaces for when they’ve been cleaned.

Low-contact server tips. Cloud-based tip processing allows employees to receive funds on prepaid cards, and tipping software like Netspend® Tip Network™ integrate with POS systems to digitally allocate tips.

Consumers are more comfortable in a digital world–technology will only play a bigger role in the future.