J flagged that the staffing system targets Chicago + Indiana — added a
jurisdictional checklist section to the audit-trail PRD so counsel has
a working starting point.
Covered:
- Federal: Title VII, ADEA, ADA, EEOC, OFCCP, FCRA, Section 1981
- Illinois: BIPA (high risk if any candidate photos), AI Video Interview
Act (820 ILCS 42), Illinois Human Rights Act (broader than Title VII),
PIPA breach notification, Day and Temporary Labor Services Act
(directly applies — staffing industry-specific recordkeeping), Cook
County + City of Chicago Human Rights Ordinances (additional protected
classes including source of income, parental status, credit history)
- Indiana: Data Breach Disclosure, Civil Rights Law (lighter than IL),
Genetic Information Privacy Act
- SOC 2 Type II as the typical SaaS sale gate (Privacy + Security TSCs
most relevant; 6-9 month effort to first report)
- HIPAA / PCI / ISO 27001 noted as out of current scope but flagged
Phase reordering implications captured:
- BIPA risk on real candidate photos may need to be resolved BEFORE
audit-trail work (class-action exposure)
- SOC 2 Type II prep runs in parallel, not after
- IL Day and Temporary Labor Services recordkeeping may override our
proposed 4-year retention SLA
7 open questions added that counsel must answer before the §8 phases
can be locked in. Document is explicit (multiple times) that this is
NOT legal advice — a research-grade checklist for J's counsel
conversation.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
b2d717ae44