Workday 请求法院驳回年龄歧视索赔:AI 招聘首次进入全国集体诉讼核心,北美华人 HR 需要关注什么?HR科技巨头 Workday 近日在一起备受关注的 AI 招聘诉讼中采取了最新法律行动。根据其在 2026 年 1 月 21 日向法院提交的文件,Workday 正式请求法官驳回原告提出的“差别影响(disparate impact)年龄歧视”指控,并主张《Age Discrimination in Employment Act(ADEA)》的适用范围仅保护在职员工,而不涵盖求职者。因此,公司认为应当撤销求职者基于年龄歧视提出的相关索赔。这一动议,是目前 Mobley v. Workday 案件的最新进展,也标志着该案正式进入核心法律博弈阶段。
该诉讼最早于 2023 年提起,原告为一批求职者,他们指控 Workday 的 AI 招聘与筛选工具在算法决策中对年龄等受保护群体造成系统性不利影响,从而构成歧视。2025 年 2 月,法院批准该案以 nationwide collective action(全国集体诉讼) 形式推进,使其从个体纠纷升级为覆盖全美范围的大规模案件。与此同时,法官还曾要求 Workday 提供使用其 HiredScore technology 的雇主完整名单,进一步扩大了潜在影响面。Workday 则公开回应称,其 AI 工具并不会识别或使用种族、年龄或残疾等受保护属性,并强调最终决策仍由人工主导。
从法律层面看,Workday 当前的策略并非直接围绕“算法是否存在偏见”展开,而是聚焦更基础的问题——求职者是否具备提起“差别影响”诉讼的法律资格。换言之,公司希望通过对法律条款的解释,缩小案HR件的适用范围。无论法院最终是否采纳这一主张,这一动作本身已经说明:AI 招聘正在从技术问题转变为司法问题。
对于北美华人 HR 从业者而言,这一点尤其值得重视。许多 NACSHR 社群成员所在的企业多为中小规模公司、跨州运营团队或初创组织,HR 通常身兼招聘、合规、员工关系与系统管理等多重角色。现实情况是,当企业采购 ATS 或 AI 筛选工具时,系统上线往往被视为效率优化;但一旦候选人质疑筛选结果或提起投诉,站出来解释流程、提供记录、应对律师函的人,往往是 HR 本人,而不是技术供应商。
这正是 Workday 案件释放的真正信号:算法并不会分担雇主责任。即便筛选由系统完成,法律仍然认定这是雇主的用工行为。企业不能以“系统自动决定”为由规避风险,HR 也无法以“工具问题”完全免责。
更广泛地看,Workday 并非孤例。此前 Eightfold AI 也因招聘流程涉及 FCRA 合规问题而遭遇诉讼调查。两起案件虽然分别涉及 ADEA 与 FCRA,不同的法律框架,却指向同一个趋势:只要算法影响到候选人的就业机会,它就等同于招聘决策本身,必须接受同等甚至更严格的监管与审查。这意味着,HR 科技行业已经进入“强合规时代”。
与此同时,监管环境也在不断收紧。包括 California 在内的多个州已开始要求企业在使用自动化招聘工具时提供候选人退出机制(opt-out),并进行风险评估与透明度披露。这类规定实际上将“算法治理”正式纳入 HR 日常合规管理范畴,而不再是技术团队的内部事务。
在这一背景下,HR 的能力模型正在悄然改变。过去我们关注的是招聘速度、转化率和成本控制;而未来更关键的问题是:系统是否可解释、是否可审计、是否留存记录、是否经得起监管问询。如果无法清晰说明筛选逻辑或提供合规证明,那么效率提升带来的收益,很可能被一次诉讼完全抵消。
对 NACSHR 的华人 HR 同行来说,这些案例并非遥远的大公司新闻,而是与日常工作直接相关的风险提醒。无论企业规模大小,只要开始使用 AI 招聘工具,就已经进入同一套法律框架之中。真正成熟的数字化升级,不是简单上线更多自动化,而是在效率、合规与信任之间取得平衡。
Workday 当前的法律动作,或许只是这场变革的开端,但它已经清晰地勾勒出一个趋势:未来的招聘竞争,不再只是“谁更智能”,而是“谁更合规、谁更可解释、谁更负责任”。这将成为所有北美 HR 必须面对的新现实。
Workday is seeking dismissal of disparate impact age discrimination claims brought by job applicants in the ongoing Mobley v. Workday lawsuit, arguing that the Age Discrimination in Employment Act (ADEA) does not extend such protections to applicants. In a court filing on January 21, 2026, the company stated that the law’s “plain language” limits disparate impact claims to employees, not candidates. The case, originally filed in 2023 and certified as a nationwide collective action in 2025, alleges that Workday’s AI recruiting tools discriminated based on age and other protected factors. Workday denies the claims, asserting that its AI systems neither use nor identify protected characteristics. The dispute highlights growing legal and compliance risks tied to AI-driven hiring technologies. Meanwhile, states including California are tightening regulations, requiring opt-out mechanisms and risk assessments for automated decision tools. The case could significantly shape how HR technology vendors and employers deploy AI in recruitment.
集体诉讼
2026年01月27日
集体诉讼
Paychex因数据泄露被起诉:数千员工信息遭曝光事件背景
2024年4月30日,知名薪资服务公司Paychex在与加利福尼亚州政府交换未认领财产信息时,意外曝光了大量雇员的个人信息。此次数据泄露事件导致成千上万名雇员的姓名、社会安全号码等敏感信息被未授权的个人获取。事件发生后,引发了广泛关注和担忧。
诉讼详情
2024年7月11日,纽约西区联邦法院收到了一起针对Paychex的集体诉讼。原告娜塔莉·史蒂文森(Natalie Stevenson)声称,Paychex未能采取足够的网络安全措施,导致未授权个人能够访问并窃取员工的个人信息。此次诉讼的核心指控是Paychex在数据安全方面存在严重疏忽,没有及时通知受影响的个人,从而加剧了受害者的潜在风险。
原告指出,Paychex在处理不直接与公司有关系的个人信息时,负有保护这些信息的责任。然而,公司未能实施足够的安全措施来防止数据泄露,违反了对受影响个人的信任。此次事件不仅给受害者带来了身份盗窃的风险,还导致了财务监控费用的增加以及其他相关损失。
受害者影响
据原告律师团队称,数据泄露事件对受影响的员工造成了以下几方面的损害:
身份盗窃风险增加:受影响的员工可能面临身份盗窃的直接威胁,导致个人信息被恶意使用。
财务监控费用增加:受害者不得不投入更多的时间和金钱来监控其财务账户,以防止欺诈活动。
精神损害:由于个人信息泄露,受害者承受了巨大的心理压力和不安。
数据价值损失:个人信息的泄露降低了这些信息的价值,并可能对受害者的未来造成不利影响。
法律责任
此次诉讼由Weitz & Luxenberg PC和Strauss Borrelli PLLC的律师团队代表原告发起。诉讼文件指出,Paychex未能履行其应有的安全义务,导致员工信息遭到泄露。原告要求法院判令Paychex赔偿受害者的实际损失,并采取必要措施,防止未来类似事件的发生。
具体而言,诉讼要求Paychex:
赔偿损失:包括因身份盗窃和财务监控增加的费用。
提供后续支持:为受害者提供信用监控服务和身份恢复支持。
改进安全措施:实施更严格的网络安全措施,防止类似数据泄露事件再次发生。
行业影响
此次事件并非孤立个例,近年来,越来越多的公司因数据泄露事件面临法律诉讼。数据安全已经成为各行业关注的焦点,企业需要不断提升其网络安全水平,以保护客户和员工的个人信息。
近年来,许多知名企业因数据泄露事件被起诉并支付了巨额赔偿。例如,HR供应商UKG因2021年的数据泄露事件而支付了数百万美元的赔偿。此外,餐饮连锁店Panera和新闻媒体Philadelphia Inquirer也因类似事件面临法律诉讼。
结论
此次针对Paychex的集体诉讼提醒企业必须高度重视数据安全。随着个人信息保护法律法规的不断完善,企业在处理和保护客户及员工信息时需更加谨慎。未来,企业应不断投资于网络安全技术和培训,确保信息安全管理体系的完善和有效运作。
对于受影响的员工而言,及时采取防范措施并寻求法律支持是应对数据泄露事件的重要步骤。受害者应密切关注其财务账户,并采取必要的信用监控措施,以减少身份盗窃带来的潜在损失。此次事件的法律进展将对未来类似案件的处理提供重要参考,也将促使企业进一步加强数据保护措施。
Paychex Sued for Negligence After Data Breach Exposes Workers’ Names and Social Security Numbers
Background
On April 30, 2024, Paychex, a leading payroll services provider, experienced a significant data breach while exchanging unclaimed property information with the State of California. This incident exposed the personal information of thousands of employees, including names and Social Security numbers. The breach has raised serious concerns about Paychex’s cybersecurity measures and its ability to protect sensitive data.
Details of the Lawsuit
On July 11, 2024, a class action lawsuit was filed against Paychex in the U.S. District Court for the Western District of New York. The plaintiff, Natalie Stevenson, alleges that Paychex failed to implement adequate cybersecurity measures, which allowed unauthorized individuals to access and steal employees’ personal information. The lawsuit claims that Paychex’s negligence in data security practices and delayed notification to affected individuals have caused significant harm.
The lawsuit highlights several key points:
Negligence in Data Security: Paychex is accused of not having sufficient safeguards to protect personal information, leading to unauthorized access and data theft.
Delayed Notification: The company allegedly failed to promptly inform the affected individuals, exacerbating the potential harm caused by the breach.
Duty of Care: Paychex is argued to have assumed a duty of care to protect the personal information of employees, even if those individuals had no direct relationship with the company.
Impact on Victims
The data breach has had multiple adverse effects on the affected employees:
Increased Risk of Identity Theft: Exposed individuals are at a heightened risk of identity theft and fraud.
Financial Monitoring Costs: Victims have incurred additional expenses and time to monitor their financial accounts for suspicious activity.
Emotional Distress: The breach has caused significant stress and anxiety among those affected.
Loss of Data Value: The exposure has diminished the value of the victims’ personal information, potentially impacting their future security.
Legal Responsibility
The lawsuit seeks to hold Paychex accountable for its alleged failures and aims to secure compensation for the victims. Specifically, the lawsuit demands:
Damages: Compensation for financial losses and emotional distress suffered by the victims.
Support Services: Provision of credit monitoring and identity restoration services to the affected individuals.
Enhanced Security Measures: Implementation of stronger cybersecurity protocols to prevent future breaches.
Broader Industry Impact
This incident is part of a growing trend of data breach lawsuits targeting companies handling sensitive personal information. Similar cases have been filed against various organizations, highlighting the urgent need for robust cybersecurity measures across industries. Notably, HR vendor UKG faced significant legal and financial repercussions following its 2021 data breach, illustrating the widespread consequences of inadequate data protection.
Conclusion
The Paychex data breach lawsuit underscores the critical importance of cybersecurity in protecting personal information. As data breaches become increasingly common, organizations must prioritize the implementation of comprehensive security measures to safeguard sensitive data. This case serves as a reminder to all companies about the legal and ethical responsibilities they bear in managing and protecting personal information.
For the affected employees, it is crucial to take proactive steps in monitoring their financial accounts and seeking legal advice to address potential identity theft and fraud. The outcome of this lawsuit will likely influence future data protection practices and set precedents for handling similar incidents.
扫一扫
添加客服
