This blog post will summarize Senate Bill 1864, released on Friday, which is the first “comprehensive” privacy bill to be released in advance of the 2022 Florida legislative session. This is a long post, so I begin with a “too long, didn’t read” section that I’ve found helpful in articles I’ve read. I then describe the FPPA in detail, but by pulling various pieces of the 34-page law together by subject matter. I close with some personal opinions about this bill and what we can expect in the upcoming legislative session.

 

TL;DR

The Florida Senate has released the first privacy bill of the 2022 legislative session. The Florida Privacy Protection Act (FPPA), drafted by Sen. Jennifer Bradley, is a combination of the CCPA and VCDPA, but does not contain a private right of action. It is similar to the bill Sen. Bradley authored last year but with a few tweaks and one significant change – it would create a dedicated Consumer Data Privacy Unit in the Florida Attorney General’s Office.

I expect to see several more privacy bills released soon, including Rep. Fiona McFarland’s bill, which I anticipate will have some form of a private right of action and perhaps more aggressive and broader requirements.  I also think we will see a few other privacy/cybersecurity bills this legislative session including one that updates the Florida Information Protection Act (Florida’s data breach notification law) in ways that most will not expect.

We can anticipate that, like last year, the big fight will be over whether the law includes a private right of action. If, like last year, the House insists on including an incredibly broad private right of action, I believe it is unlikely to become law, because the political composition in the Florida legislature has not changed significantly since last year.  That said, whether a bill ultimately becomes law depends less on the desire of the legislators as a whole, and more on the “horse trading” that ultimately takes place in the final hours of the legislative session.

The FPPA’s Scope and Key Definitions

The Florida Senate was first out of the gate in the 2022 Florida privacy race, releasing SB 1864, a bill authored by Senator Jennifer Bradley (the leader on all things data privacy in the Florida Senate).  The proposed law (the Florida Privacy Protection Act) is similar to the privacy bill the Senate passed at the end of the last legislative session – which contained many consumer rights but no private right of action. The FPPA draws from the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the Virginia Consumer Data Protection Act (VCDPA). (Author’s Note – I think it was smart of the Senate to release this bill quickly and, whether intentional or not, it helps the Senate appear proactive on privacy and set the narrative.)

To whom does the FPPA apply? Like the GDPR (and the VCDPA), the FPPA applies to “controllers” and “processors.” A controller is a for-profit entity that does business in Florida and determines the purposes/means of processing. Also, similar to the VCDPA, a controller must either: (a) control the processing of personal information of 100,000 or more Florida residents (“consumers”); or (b) control or process the personal information of at least 25,000 consumers and derive 50% or more of its revenue from selling personal information.

A “processor” processes personal information on behalf of, and at the direction of, a controller. Whether an entity is a controller or processor is a fact-based determination that depends upon the context in which the personal information is processed.

What is personal information? Personal information is defined broadly as “information that identifies or is linked or reasonably linkable to an identified or identifiable consumer.” It does not include consumer information available in governmental records, information that is publicly available, or information that is de-identified or aggregate consumer information. Additionally, the FPPA’s consumer rights do not apply to pseudonymous information as long as all information necessary to identify the consumer is kept separate and is subject to effective technical and organizational controls that prevent the accessing/combining of such information.

What is a “sale” of personal information? A core part of the FPPA governs the sale of personal information, but the term “sale” is not limited to a monetary exchange. A sale occurs where a controller makes a consumer’s personal information available to a third party in exchange for monetary “or other valuable consideration, including nonmonetary transactions and agreements for other valuable consideration between a controller and a third party for the benefit of a controller.”

A sale does NOT include:

(a) disclosing personal information to a processor;

(b) disclosing personal information to a third party to provide a product/service requested by the consumer;

(c) disclosing personal information to an affiliate;

(d) disclosing personal information for nontargeted advertising;

(e) transferring personal information as an asset that is part of a merger, acquisition, bankruptcy, or other transaction where a third party assumes control of the controller’s assets; or,

(f) disclosing personal information to law enforcement or emergency services for the purpose of providing assistance to the consumer.

What Are A Controller’s Obligations Under The FPPA?

Notice of collection/processing.  A controller must inform consumers of the purposes for which personal information is collected or used and whether that information is sold. It must do this at or before the point of collection. These notice requirements do not apply if the controller does not control the collection of personal information. In an instance where the controller collects personal information about (but not directly from) consumers, the controller may provide the required information on its Internet home page or in its online privacy policy.

Notice of sale.  A controller that sells personal information must provide notice that the information may be sold and that consumers have the right to opt out. Additionally, the controller must provide a link on its home page titled “Do Not Sell My Personal Information” that enables a consumer to opt out of the sale of the consumer’s personal information. The controller may not require a consumer to create an account in order to direct the controller not to sell the consumer’s information.

Website privacy policy. Where a controller collects personal information through its website or an online service, the controller must provide a notice that includes:

(a) the categories of personal information the controller collects through the site or online service and the categories of third parties to whom the controller may disclose such personal information;

(b) a description of the process for a consumer who uses or visits the site or online service to review and request changes to any of his/her personal information collected from the consumer through the site or online service;

(c) the process by which the controller notifies consumers of material changes to the privacy policy;

(d) whether a third party may collect personal information about a consumer’s online activities over time and across different sites or online services when the consumer uses the controller’s site or online service; and,

(e) the effective date of the notice.

Minimum necessary. A controller’s collection, use, and retention of personal information must be reasonably necessary to achieve the purposes for which the personal information was collected or processed. This remains the case for any onward transfer of personal information. If a controller wants to do otherwise, it must obtain the consumer’s consent.

Reasonable security or practices. A controller must implement reasonable security procedures and practices, appropriate to the nature of the personal information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.

Agreement with processor. If a controller discloses personal information to a processor, it must enter into an agreement that requires the processor to comply with the controller’s obligations under the FPPA and prohibits downstream recipients from selling the personal information or disclosing, retaining, or using it. (Author’s Note – this appears to be an error in the bill; the downstream recipients must retain and use the information, so I assume what the bill means is that the downstream recipients cannot retain or use the personal information outside the scope of why it is being shared with them.) If a processor shares the information with a third party for a “business purpose,” the processor must notify the controller and restrict the downstream recipients from selling the personal information or retaining, using, or disclosing it (again, I’m assuming retention/use is permitted, but only to the extent necessary to complete the transaction).

Consent for processing sensitive data. A controller must obtain the consumer’s consent before processing sensitive data concerning that consumer.  Sensitive data means information like racial or ethnic origin, religious beliefs, health diagnosis, sexual orientation, citizenship/immigration status, biometric information, personal information collected from a known child, and precise geolocation data. Additionally, if a controller wants to process sensitive data obtained from a known child (i.e., younger than 13), the processing must be limited to delivery of a product or service requested by the child’s parent and must be in accordance with the Children’s Online Privacy Protection Act (COPPA).

Establish a request process. A controller must establish a designated address through which a consumer may submit a request to exercise his or her FPPA rights. If the request is pursuant to the “right to know” (below) then the controller must disclose any personal information about the consumer it has collected, directly or indirectly, since January 1, 2023, including information it obtained through a processor. (Author’s Note – so this means a comprehensive data inventory may not be necessary, but a process for identifying and recording the collection of this data will be crucial.) The controller has 45 days to respond to a right to know/delete/repair request. This time period can be extended by 45 days if the controller determines that such an extension is reasonable necessary, but the controller must notify the consumer of the necessity of the extension.  If a processor receives a right to know/delete/repair request, it must notify the controller of the request within 10 days. The processor must help the controller respond to the request by, at minimum, providing the consumer’s personal information in the processor’s possession. Where directed by the controller, a processor must correct inaccurate personal information or delete personal information, or enable the controller to do the same.

Employee training.  A controller must ensure that all individuals who handle consumer inquiries about the controller’s privacy practices or the controller’s compliance with the opt-in and opt-out requirements are informed of the requirements and how to direct consumers to exercise their rights.

What Are A Consumer’s Rights Under The FPPA?

Opt out of sale.  A consumer can opt out of the sale of his/her personal information at any time. Once a controller receives an opt-out request, or if a controller does not obtain consent to sell “a minor’s” personal information, the controller is not allowed to sell that information without a subsequent express authorization from the consumer. (Author’s Note – the bill is confusing in its use of “minor” and “child”, which each have different meanings under Florida law). The controller has only 10 days to comply with the consumer’s request to opt out.  (Author’s Note – for larger companies that collect personal information in many different ways, this timeline will be challenging.)

Opt out of advertising.  A consumer can opt out of the processing of his/her personal information for targeted advertising or profiling at any time. To that end, a controller must provide a link on its home page titled “Do not Advertise To Me” that enables a consumer to opt out of targeted advertising or profiling. Even if the consumer opts out, however, a controller may still: (a) offer a different price, rate, level, quality, or selection of goods/services to the consumer; and (b) offer a loyalty, reward, premium feature, discount, or club card program. Additionally, a controller may charge a different price, rate, level, quality, or selection of goods/services to a consumer who has opted out of advertising as long as the charge is not unjust, unreasonable, coercive, or usurious.

Verifying the opt-out request. A controller is only required to comply with opt-out requests it is reasonably able to authenticate. However, the controller cannot require the consumer to declare his/her privacy preferences every time he/she visits the controller’s website or uses the controller’s online services.

Limited use of opt-out request. A controller cannot use any personal information collected in connection with the submission of an opt-out request for any reason other than for complying with the opt-out request.

Right to be left alone for one year. The controller must wait one year before asking any consumer who opted out of the sale of his/her data to re-authorize the sale of that consumer’s personal information.

Sale of a minor’s information (“right to opt in”). A controller may not sell personal information collected from consumers that are known to be 16 or younger, unless: (a) for children who are 13 to 16 years-old, the child has authorized the sale; or (b) for children who are younger than 13, the parent/guardian has authorized the sale. If parental consent is obtained in compliance with COPPA, then such consent meets the parental consent requirements of the FPPA.

Right to know. Where requested by the consumer, a controller must provide: (a) the categories of sources from which the consumer’s personal information was collected; (b) the specific items of personal information it has collected about the consumer; and (c) the categories of any third parties to whom the personal information was sold.

Right to delete. Consumers have the right to request that personal information that has been collected from the consumer be deleted. A controller can deny this request for any of the following seven reasons:

(a) to complete the transaction for which the personal information was collected, fulfill the terms of a warranty or recall, provide a good/services requested by the consumer, or perform a contract between the business and the consumer;

(b) to help ensure security and integrity;

(c) to identify and repair errors that impair existing intended functionality;

(d) to exercise free speech or another legal right;

(e) to engage in public or peer-reviewed scientific, historical, or statistical research; or,

(f) to comply with a legal obligation.

Right to correction. Consumers have the right to submit a verified request for correction of their personal information held by a controller if that information is inaccurate, “taking into account the nature of the personal information and the purpose for processing the consumer’s personal information.” (Author’s Notes – (1) I’m not sure what the quoted language means or how it would be implemented; and (2) this unrestricted right would conceivably give the consumer the ability to “correct” their information with something that is knowingly false in order to “game the system” in some way (e.g., take advantage of discounts, rewards, etc.).

What Are The Controller’s Rights Under The FPPA?

Right to refuse requests. If a consumer’s request is manifestly unfounded or excessive (e.g., repetitive), a controller may either charge a reasonable fee or refuse to act on it (in which case the controller must notify the consumer of the reason for refusing the request).

Safe harbor for other controller/processor violations. A controller is not liable for a processor’s violation of the FPPA if at the time the controller disclosed the personal information to the processor the controller did not have actual knowledge or a reason to believe the processor intended to commit such a violation. Similarly, a processor is not liable for the obligations of a controller. Likewise, a controller or processor that discloses personal information to a third-party controller or processor is not in violation of the FPPA for the third party’s violations if the controller/processor did not have knowledge at the time of disclosing the information that the recipient intended to commit a violation. Conversely, a third-party controller or processor receiving personal information from a controller or processor in compliance with the FPPA is not in violation of the FPPA for the controller’s/processor’s noncompliance.

When Does The FPPA Not Apply?

The FPPA includes a significant number of exceptions and exclusions.  For example, the FPPA would not apply where it would restrict a controller’s or processor’s ability to do any of the following 15 activities:

(a) comply with legal obligations;

(b) comply with an investigation, subpoena, or summons;

(c) cooperate with law enforcement;

(d) exercise, prepare for, or defend legal claims;

(e) conduct internal research to develop, improve, or repair products, services, or technology;

(f) effectuate a product recall or provide a warranty for products or services;

(g) identify or repair technical errors that impair existing or intended functionality;

(h) perform internal operations that are aligned with the consumer’s expectations or compatible with processing data in furtherance of the provision or a product or service requested by the consumer;

(i) provide a product/service (or perform a contract) specifically requested by a consumer; perform a contract to which the consumer or parent is a party;

(j) take steps to protect an interest that is essential for life or physical safety of the consumer or another person;

(k) prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity, and prosecute those responsible;

(l) preserve the integrity or security of information technology systems;

(m) investigate, report, or prosecute those responsible for any illegal, malicious, harmful, deceptive, or otherwise harmful activities;

(n) engage in certain public or peer-reviewed scientific or statistical research in the public interest; and,

(o) assist another controller, processor, or third party with any of the above obligations.

In addition to the above restrictions, the FPPA also would not apply to any of the following 17 circumstances:

(a) personal information collected in the employment context. This means personal information about employees, owners, directors, officers, beneficiaries, job applicants, interns, or volunteers, as long as the controller is collecting/disclosing such information to the extent reasonable and necessary. (Author’s Note – this exclusion will likely require a correction by Sen. Bradley’s office because, as written, it implies that the FPPA would not apply to any controller that engages in this activity, which would be almost every company doing business in Florida).

(b) personal information in business-related communications/transactions;

(c) personal information in job applications and employment benefit documents;

(d) personal information in a contract with an independent contractor;

(e) protected health information (as that term is defined by HIPAA) that contains personal information;

(f) a covered entity or business associate under HIPAA;

(g) information collected for purposes of research;

(h) information created for purposes of the Health Care Quality Improvement Act;

(i) de-identified information under HIPAA or the Federal Policy for the Protection of Human Subjects (FPPHS);

(j) information collected as party of a clinical trial subject to the FPPHS;

(k) information collected, processed, sold, or disclosed pursuant to the Fair Credit Reporting Act;

(l) information and financial institutions regulated by the Gramm-Leach-Bliley Act;

(m) information collected, processed, sold, or disclosed pursuant to the Farm Credit Act;

(n) information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy Protection Act;

(o) education information under the Family Education Rights and Privacy Act;

(p) information and entities governed by the Airline Deregulation Act (where preemption applies); and,

(q) vehicle information or ownership information shared between a new motor vehicle dealer, a distributor, or the vehicle’s manufacturer if the vehicle or ownership information is shared for the purpose of effectuating a vehicle repair covered by a warranty or recall, provided that the entity that receives the information does not sell, share, or use it for any other purpose.

How Will The FPPA Be Enforced?

First, there is no private cause of action established by the FPPA and will be enforced exclusively by the Florida Attorney General. In fact, it explicitly states that evidence of any noncompliance with the FPPA can only be used as the basis to prove a cause of action brought by the Florida Attorney General.

The bill defines two activities as unfair and deceptive trade practices: (a) failing to delete/correct a consumer’s personal information after received a verifiable request to which no exception applies; and (b) continuing to sell a consumer’s personal information after the consumer chooses to opt out, or selling the personal information of a consumer age 16 or younger without obtaining their consent. The Attorney General may give the controller/processor 45 days to cure such violations, but the right to cure is discretionary and whether it is provided depends on the number of violations, the likelihood of public injury, and the safety of persons/property.

On an annual basis, the Attorney General must submit a report to the Senate President and Speaker of the House of Representatives describing any actions taken to enforce the FPPA.

If the Attorney General brings an action, the court may grant actual damages to a consumer and/or injunctive/declaratory relief.

One More Thing . . .

The FPPA would create within the Florida Attorney’ General’s Office a Consumer Data Privacy Unit that must be headed by a director who is fully accountable to the Attorney General. That Unit will be responsible for enforcing the FPPA and, more generally, protecting the personal information of Florida residents.

When Will The FPPA Go Into Effect?

December 31, 2022.

What To Expect Next?

The FPPA is likely the first of at least two or three data privacy bills we can expect to be introduced in the Florida legislature during the 2022 session. Representative McFarland, the leader in data privacy and all things technology in the House of Representatives, is working on a comprehensive bill that will be introduced soon. She has been meeting with many different constituencies as she shapes version 2.0. I anticipate that bill will include broader requirements but (at least initially) keep a private right of action.

I also anticipate we will see a bill that updates Florida’s data breach notification law (the Florida Information Protection Act) by adding more specificity to the definition of “reasonable security.” We may even see a private right of action added to it.

What is the chance that any of these bills will become law? If you forced me to choose a side, I think a privacy bill will be passed during this legislative session, but I do not think it will include a private right of action. A comprehensive privacy bill almost passed last year and this year is an important election year in Florida for the Governor and members of both chambers, so passing a pro-populist privacy law will be important for political leaders who want to claim the mantle of “fighting back against big tech” even if the legislation goes far beyond that objective.

That said, there are many businesses who have not needed to comply with the CCPA or prepare for Virginia’s or Colorado’s privacy laws. For those companies, the FPPA will present a significant financial burden even without a private right of action. The truth is that whether we see a privacy law passed by the legislature will likely come down to how these bills are prioritized by leadership in both chambers during the “horse trading” process at the end of the legislative session. So strap yourself in for another three-month roller coaster!

 

DISCLAIMER:  The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP, or its clients.  Similarly, the opinions expressed by those providing comments are theirs alone and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients.  All of the data and information provided on this site are for informational purposes only.  It is not legal advice nor should it be relied on as legal advice.

Small business owners are bold people. They see the opportunity to build something new and jump in with gusto.

So, it’s understandable that they don’t live for managing humdrum back-office tasks like time tracking, tax filing or payroll management.

But when it comes to these complicated, important tasks, what you don’t know could hurt you. Let’s discuss three management myths that might be costing your small business big.

 

Myth 1: Using payroll software is too expensive

Maybe you’ve heard that small businesses can get by just fine without technology. Roll up your sleeves and sharpen a fresh pencil to achieve the same result, right?

Unfortunately, untrue. Manual processes don’t scale as your business grows, and almost always end up costing more money than small business payroll software over time.

Consider the paperwork. When schedules, pay stubs (showing employees their take-home pay after federal taxes, health insurance deductions, etc.) and time-off balances are only available on paper, owners and managers become gatekeepers.

It’s an unwelcome distraction for management and a source of frustration for employees. Don’t forget, costs don’t just have to be monetary. This myth could be costing you time, employee morale or other resources you value.

One way to make it better for everyone is choosing a payroll provider that offers employee self-service — meaning your people have access to, and responsibility for, their own requests and information.

Everyone runs their lives from their phones…a fact we’re sure is irritating after the fifth reminder to your staff to stop watching TikToks or carrying on lengthy text conversations during shifts.

So why not empower your employees by giving them access to their own data? They can review their PTO, benefits administration, direct deposit paystubs and more via a user-friendly online portal. It will save you time and they’ll appreciate the freedom.

A study by the American Payroll Association brings some hard facts into the decision to outsource payroll processing. They found that companies using a technology solution for payroll and timekeeping experienced a payroll error rate of 2% or less. In contrast, an error rate of up to 8% has been found in organizations manually tracking hours.

If you’re still doing payroll without support, you could be leaving your business open to errors. Even the most detail-oriented person can make a mistake when transferring information from one document to another, accidentally causing a miscalculation in payroll or tax withholdings.

Consider a payroll provider that gives you the freedom to run payroll on your own terms. When you do need outside input, it should be easy to call or email your dedicated payroll specialist for on-the-spot customer support.

Data matters, too. When you have 24/7 access to customizable payroll reports, you can feel confident about where you are now and what business decisions you want to make next.

 

Myth 2: Compliance rules are optional for small businesses

There are a lot of hoops for small businesses to jump through for basic legal and financial compliance. Keeping track of them all and doing the mundane tasks with precision is a drag and not something any business owner looks forward to.

Some hate it so much they make the risky decision to just ignore their obligations. They think they are too small to be concerned about following employment laws. In reality, small businesses are just as obligated as larger organizations to abide by employment and labor laws; there’s no rule stating small businesses are entitled to leniency if they violate the law.

According to the U.S. Department of Labor, “willful violations may be prosecuted criminally and the violator fined up to $10,000. A second conviction may result in imprisonment. Employers who willfully or repeatedly violate the minimum wage or overtime pay requirements are subject to a civil money penalty of up to $1,000 for each violation.”

And those are just the penalties associated with wage-and-hour law noncompliance. They don’t include penalties or damages for discrimination, retaliation and more.

All it takes is one disgruntled employee or observant customer to get you in trouble. Is it really worth the risk?

It’s worth considering a full-service payroll solution. The right one will make compliance a breeze by giving you digital documentation whenever you need it.

That way, you’re protected if anyone were to question your hiring, scheduling, payroll or firing choices.

Myth 3: Investing in human resources isn’t for SMBs

If you were listing the most costly parts of running your organization, labor is probably very high on the list. But guess what? You can turn that expense into your greatest asset if you pay attention to what matters to your staff (like managing their onboarding with care).

Onboarding is about making sure new employees are set up for success. Employees do best when they have clear expectations for their role and know what their priorities should be. This can even be small things, like making sure they know how much sick leave they get or when payday is.

And it’s more important than you might think. Without a thorough onboarding experience, 17% of new hires will leave within 90 days and 20% will leave within 45 days. Turnover like that can consistently put you back at square one, having to dive back into a time-consuming cycle of recruiting, screening and hiring again after just a few pay periods.

If you don’t feel like your onboarding process is complete enough to set your new hires up for success, but don’t have the time to design it, you should consider a digital solution.

Payroll and HR software with the appropriate add-ons makes it easier to do onboarding right. Beyond creating prepared, well-adjusted new hires, you’ll also be able to manage the standards required for compliance with labor and recordkeeping laws.

For instance, an employee handbook may seem like something only larger businesses need to ensure thousands of employees are following procedure. But even if you have a small number of employees, it’s important to document your expectations for them.

No one likes having tough conversations addressing employee behaviors. Having an employee handbook and policy manual goes a long way in difficult conversations. Also, a well-written handbook can act as legal protection for your business should issues arise, according to the National Federation of Independent Business (NFIB).

But a handbook is only the first step. It’s important employees know it exists, read it and agree to follow it. While it’s possible without technology, it’s a lot easier with a digital solution.

Think about technology that makes reading and acknowledging the handbook part of the onboarding experience. That way, everyone is on the same page from the beginning. You have proof employees read the handbook, and they can access it when they’ve got questions.

 

Heartland Payroll+ was designed specifically for small business, so affordable pricing and user-friendly technology are a given. You buy what you want, when you’re ready for it, with the option to change your mind at any time.

The tech you buy is important. The provider you buy it from matters just as much. When it comes to guidance on compliance, company policies, hiring, terminations and more, we’re here for you.

Don’t allow your team, your business or yourself to fall prey to common myths for another minute. Learn more today: https://www.heartland.us/products/payroll-plus

Like most of us during the early days of the pandemic, business owners were running on pure adrenaline, just trying to find ways to survive.

Now, with vaccinations on the rise and eased restrictions, they’re poised and ready to get back to normal. However, they’re facing a major pandemic-induced challenge: chronic labor shortages in the job market.

What led to our current hiring challenges?

To sum it up, the COVID pandemic is to blame. Shutdowns and social distancing caused businesses across industries to close their doors. Those that relied on face-to-face interactions — like restaurants — moved toward a remote, curb-side or delivery business model. Layoffs followed.

Meanwhile, organizations in certain industries, including warehousing, e-commerce, fulfillment and grocery stores, were facing unprecedented demand. To attract workers, they raised wages and offered signing bonuses. Workers flocked to these positions and are not likely to leave them. In fact, a recent survey by Joblist found that nearly 30% of restaurant workers do not plan on returning to the industry.

 

Lastly, enhanced unemployment benefits could incentivize some workers to stay home. According to QSR Magazine and Black Box Intelligence, these circumstances came together to create “a perfect storm” of talent shortages.

 

Hiring decisions should be about candidate experience, culture fit for the employer brand, and creating a healthy and diverse workforce. Unfortunately, in today’s job market, sourcing any qualified candidates is a far bigger concern.

5 ways to beat the talent crunch and find qualified candidates

These labor market conditions won’t last forever. While you can be optimistic that several elements of the perfect storm are beginning to pass, it would be a mistake to let that optimism turn to denial. The pandemic has created permanent changes that employers in all industries will have to face going forward. You can adapt by considering the following.

1. Focus on recruiting. Employee referrals, website job boards and social media posts are some of the most successful methods of recruiting for restaurants, according to a poll by Black Box Intelligence and QSR Magazine. Communicate openings to staff and post them online.
2. Recruiters need to create job descriptions that tout your culture and career paths. Show workers a job with your organization is more than just a job. Create and post job descriptions that showcase your culture and your business as a place employees can grow.
3. Make applying easy. Blake Casper, a McDonald’s franchisee who was offering a $50 incentive just for candidates to show up for interviews, had better luck employing a mix of referral programs, signing bonuses and allowing candidates to text to apply. Consider adopting text-to-apply technology.
4. Offer robust onboarding. Show new hires that you’re willing to invest in their expertise and performance by training them well from the start. Not only will training help you attract top talent, it can help you retain the best candidates, too.
5. Offer flexible scheduling. The ability to work remotely is a perk that workers are beginning to expect. If offering remote work isn’t possible because of your business model, offering a flexible schedule can be the next best thing.

The right technology can help find the right candidates

Taking the steps above might sound daunting if you don’t have any type of human resources management solution. But with the right technology, you can make talent acquisition less painful and automate key aspects of your recruiting strategy and hiring process.

When it comes to recruitment, it’s helpful to use a technology that empowers you to post your job openings online and on social media platforms with just a few clicks. Potential candidates should be able to text to apply easily from any mobile device. The right system should also make it easy for you to manage the entire recruitment process all from one central dashboard.

The right solution will also have an onboarding module that will help you recruit the right talent and take steps toward their retention. Look for technology that incorporates all of these capabilities into a system that also helps you manage payroll and scheduling.

Heartland can simplify the hiring process and other staffing needs

Heartland Hire aggregates all your job postings, current applicants, and scheduled interviews all in one convenient dashboard. You can also access relevant resumes, interview notes, job stats and more in your own database. Plus, with Heartland Hire, you can create a new job posting in 60 seconds and post it to your careers page and social media accounts in a few clicks.

This type of technology, combined with our personalized customer service, can help you take the steps you need to adapt to the current talent pool crisis and secure the new team members you need.

You can learn more about Heartland’s human resources management and payroll services by clicking here. To read more about Hiring in Hard Times, check out our infographic here.