AI in the Workplace: Employment Law & Data Privacy Risks Employers Face

Employers navigating the adoption of new technologies powered by AI face a fast-moving regulatory environment at the intersection of data privacy risk and employment law. Ben Johnson, Kathryn Nadro, and Deja Davis of LP’s Employment & Executive Compensation Group recently delivered a webinar addressing key topics around AI in the workplace. This talk covered:

New State and Local Laws Governing the Use of AI in Employment Decisions

Five jurisdictions now have AI employment laws on the books, with effective dates ranging from October 2025 through January 2027. Laws in Illinois, Colorado, California, Connecticut, and New York City require companies that use AI in a way that influences employment decisions around recruitment, hiring, performance, advancement, and separation to disclose that use. Examples of activities that may trigger this requirement are resume parsing, candidate scoring, chatbots, video interview analysis, and others, and some jurisdictions require bias audits.

The Federal Framework for Addressing Bias

Alongside state and local regulations, federal EEOC guidance is also still active. Federal discrimination laws apply fully to AI tools; there is no exemption for automated systems, and the fact that a vendor created a tool is not a legal defense. That means employers must carefully consider potential sources of bias, including biased training data, proxy characteristics, inaccessible tools, and non-job-related screening. Risk is present in activities around recruiting, hiring, monitoring, wage setting, promotion, and termination. Employers must maintain human review, job criteria, records, and escalation processes. Vendor contracts should include audit rights and bias testing provisions.

Employee Use of AI to Generate Complaints Leading to Litigation

Employees can now produce detailed, attorney-quality complaints quickly using AI, and the easy access to EEOC, IDHR, and other filing resources that these tools provide increases the risk of escalation. HR departments must maintain best practices around evaluation of the substance and facts of these complaints and not be swayed by the seeming legal sophistication of AI-generated language. It is now more crucial than ever to ensure investigation and document preservation practices are up to date.

HR Investigations of AI-Enabled Employee Misconduct

AI is also now playing a greater role in incidents of employee misconduct. New risks include the creation of deepfakes, AI-generated emails/texts/screenshots, altered medical documentation, fabricated accommodation requests, fake certifications, manufactured witness statements and evidence, and more.

Biometric Information and Recording Risks

Many workplaces now routinely use recording/transcription tools through software such as Teams, Otter.AI, and others. This activity may trigger biometric data collection concerns. Employers should audit notice and consent practices for all AI-assisted meeting and recording tools and discuss such risks with their vendors.

AI-Driven Workforce Reductions

New efficiencies created by AI are driving workforce reductions in some companies. Employers must take care to remain compliant with existing WARN, mini-WARN, discrimination, and retaliation laws. There are no AI-related exemptions for these laws. Some states also enforce reporting requirements. Employers should be aware of the implications of the specific reason given for reductions: AI as a business reason (automation has reduced the need for certain roles) carries significantly less risk than to using AI as a selection mechanism (relying on an algorithm to select who is laid off).

Practical Compliance Strategies for Employers

1. Inventory — Audit all AI-enabled tools across the full employment lifecycle
2. Vendor Management — Review contracts for audit rights, compliance obligations, data restrictions, indemnity, and suspension rights
3. Notice Preparation — Draft jurisdiction-specific disclosures for Illinois, Colorado, California, Connecticut, and New York City
4. Human Review — Require human decision authority before adverse actions; no fully automated rejections without legal vetting
5. Documentation — Retain AI notices, use records, decision documentation, and outcome data by protected group where feasible for statutorily required periods

Most of all, now is the time to stay in close touch with your outside legal counsel to ensure compliance across the dynamic employment law landscape. Reach out to Ben Johnson, Kathryn Nadro, Deja Davis, or another member of LP’s Employment & Executive Compensation Group.