- ICE Updates I-9 Process, Tightens Compliance for Employers
- House Bills Target Data Privacy Holes in HIPAA and GLBA
- House Bill Proposes $10M Fines for High Insurance Claim Denials
- Supreme Court to Rule on DOL’s H-2A Enforcement Powers
ICE Updates I-9 Process, Tightens Compliance for Employers
In a move that significantly raises the stakes for workplace compliance, U.S. Immigration and Customs Enforcement (ICE) recently announced updates to its Form I-9 Inspection Fact Sheet, reclassifying numerous common administrative errors from “technical” to “substantive” violations. This marks a notable change in U.S. immigration enforcement, effectively eliminating the longstanding 10-day “cure” period for minor mistakes and subjecting employers to immediate, considerable monetary penalties during audits.
Historically, employers relied on agency guidance (e.g., the 1997 Immigration and Naturalization Service statement known as the “Virtue Memorandum”) that allowed them to correct minor Form I-9 “technical or procedural” errors within 10 business days of an audit without facing penalties. Under the updated framework, more than 10 common, previously curable error categories are now reclassified as substantive. These violations are deemed noncurable, meaning they will result in immediate fines ranging from $288 to $2,861 per form. For large employers in particular, the changes could create significant financial exposure.
The table below outlines some of the common errors ICE now considers immediate substantive violations.
|
Error |
Examples |
|
Missing information |
Omitted employee birthdates, hire dates, or signatures/dates in Section 1, 2 or Supplement B. |
|
Section 2 incompleteness |
Missing employer details, preparer/translator information in Supplement A or incomplete document data (title, number, expiration). |
|
Remote verification failures |
Misusing the alternative procedure without active E-Verify participation, or failure to check the alternative procedure box. |
|
Unauthorized forms |
Using Spanish-language forms outside of Puerto Rico. |
ICE, in its new guidance, stated that retaining document copies — a common practice previously used to fix errors — is no longer a valid safe harbor to cure missing data in Section 2.
Legal experts recommend employers internalize the changes by:
- Conducting an internal audit of existing I-9s to identify and correct these now-substantive errors before receiving a Notice of Inspection (NOI).
- Retraining HR staff on the updated requirements for completing Section 2 and Supplement B.
- Reviewing remote verification procedures to ensure E-Verify compliance and proper documentation.
House Bills Target Data Privacy Holes in HIPAA and GLBA
Republican members of the U.S. House of Representatives’ Financial Services Committee and the Energy & Commerce Committee introduced two interlinked bills on Wednesday, April 22, that aim to create a comprehensive federal data privacy framework and modernize financial data protection.
The bills are:
|
Congressional Bill Number |
Title of Bill |
Purpose of Legislation |
|
Guidelines for Use, Access and Responsible Disclosure of Financial Data Act (or GUARD Financial Data Act) |
Seeks to update existing Gramm-Leach-Bliley Act (GLBA) rules in order to enhance protections for personal financial information stored by financial institutions. | |
|
Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (or SECURE Data Act) |
Seeks to establish a national standard for protecting personal information not currently covered by the Health Insurance Portability and Accountability Act (HIPAA) or the GLBA. |
The GUARD Financial Data Act would require financial institutions to limit the collection of nonpublic personal information and obtain consumer opt-in consent for sharing sensitive nonpublic data. It also would require these institutions to disclose how they use artificial intelligence (AI) to collect and process personal data. Consumers could request a copy of all records a financial institution holds on them.
For employers, the GUARD Act would apply to how financial entities such as 401(k) providers, recordkeepers or plan administrators use the data of retirement plan account holders. Specifically, it would:
- Force such entities to tighten security around participant data, shifting from voluntary security guidelines to more enforced, standardized requirements.
- Ensure that when participant information is shared with third parties (like data aggregators), it is handled securely, likely restricting how platforms use or sell this information.
- Reinforce the “fiduciary prudence in data security” efforts called out in the Employee Retirement Income Security Act (ERISA) by codifying tighter controls, reducing risks of unauthorized access to 401(k) accounts.
The SECURE Data Act would require covered entities to receive affirmative consumer opt-in consent before processing “sensitive” personal data (e.g., precise geolocation, health information) for anyone under age 16. Consumers would have the right to:
- Confirm if a controller is processing their data;
- Access that data;
- Correct inaccuracies;
- Request deletions; and,
- Obtain a portable copy of their data.
As currently drafted, the SECURE Data Act generally focuses on consumers rather than employees, specifically excluding information handled in a “commercial or employment context.” However, if you as an employer collect covered data on job applicants, the Act fully applies.
House Bill Proposes $10M Fines for High Insurance Claim Denials
Reps. Pat Ryan (D-New Jersey) and Angie Craig (D-Minnesota) on Thursday, April 23, introduced H.R. 8442, titled the “Patient Refunds for Bad Denials Act,” which seeks to hold health insurance companies accountable for above-average denial rates and refund patients for medical payments that should have been covered by insurance.
The legislation would create financial penalties for health insurers that deny more than 25% of claims in a given year, based on an annual audit by the Department of Health and Human Services (HHS). The penalty for noncompliance would total $10 million plus an additional $2 million for each percentage point above the 25% denial threshold. These penalties would be paid back to affected enrollees.
According to a March 2026 Kaiser Family Foundation (KFF) research report, two-thirds of surveyed insured adults said delays and denials of health care services by health insurance companies are a “major problem,” and one-third of insured adults said they have had a health insurance company deny coverage for a service or medication prescribed by their doctor in the past two years. Nearly 40% of participants who reported having trouble paying medical bills said denied claims contributed to their medical debt.
Supreme Court to Rule on DOL’s H-2A Enforcement Powers
The U.S. Supreme Court on Monday, April 27, agreed to examine and determine whether the Department of Labor (DOL) has the constitutional right to prosecute H-2A visa cases using an in-house process. The H-2A visa classification provides foreigners with legal authorization to temporarily perform agricultural work in the U.S., often on a seasonal basis.
The originating case involved a lawsuit by Sun Valley Orchards, a New Jersey produce farm, which claimed it was entitled to have its case heard in federal court before it was hit with more than $500,000 in fines for H-2A violations.
The DOL petitioned the Supreme Court to review an April 10, 2025, ruling by the Third Circuit Court of Appeals, which determined the agency’s current setup was unconstitutional.
Editor’s Note: Additional Content
For more information and resources related to this article, see the pages below, which offer quick access to all WorldatWork content on these topics:
#1 Total Rewards & Comp Newsletter
Subscribe to Workspan Weekly and always get the latest news on compensation and Total Rewards delivered directly to you. Never miss another update on the newest regulations, court decisions, state laws and trends in the field.
