Author: Jeff Casale

Posted on

OSHA Wins Workers Compensation Case Fight

Aruling compelling an insurer to provide safety inspection reports and other documents to a federal agency related to a fatal grain-bin accident could chill employers’ relations with their workers’ compensation insurers.


In the case, Hilda L. Solis v. Grinnell Mutual Reinsurance Co., U.S. District Court Judge Philip Reinhard upheld a magistrate’s recommendation to require the workers’ compensation insurer to testify and present documents concerning inspections and reports that it had prepared for Haasbach, a grain bin company.


The case stems from the death of two teens last July when they were engulfed in grain 30 feet deep at Haasbach’s Mount Carroll, Illinois, site.


The U.S. Labor Department’s Occupational Safety and Health Administration said the teens, plus a third worker who was injured, were directed to engage in the banned practice of “walking down the corn,” or walking on moving grain in a storage bin while a conveyor system evacuated the grain from the bottom.


When one teen began sinking into the corn, the other tried to help, but both became engulfed, according to OSHA.


OSHA, which said the victims did not receive safety training nor did the company provide protective equipment, subpoenaed the insurer seeking more information. While Grinnell objected, the Rockford, Illinois, federal judge ruled May 2 that it must comply with the subpoena.


“The subpoena for records and inspection documents is a tool that is in OSHA’s arsenal, and they use it from time to time,” said Philadelphia-based attorney and shareholder Ben Huggett of the law firm Littler Mendelson, who represents employers in labor- and OSHA-related matters. “What this order of enforcement highlights is that OSHA is aware there are communications between the insurer and insured and that those communications are not privileged—they are not confidential or protected information.”


Grinnell argued that enforcing the OSHA subpoena would have a “chilling effect” of discouraging businesses from allowing insurers to conduct safety inspections if the resulting reports can be used against the businesses during litigation or enforcement proceedings.


Huggett agreed. Employers and insurers will have “chilled” discussions, knowing that records of such discussions and inspections could be used against them.


“I tell employers to carefully consider the insurer’s inspections and recommendations,” Huggett said. “The employer needs to address those recommendations in one form or another. They can either accept them or make a compromise on what has been suggested, but employers need to address them in some way and be aware that a document is being created.”


The Iowa-based insurer must provide to OSHA documents and reports from March 12, 2008, through June 23, 2010, according to the court order.


Grinnell’s general counsel, Dennis Day, said the company will comply with the order and will not appeal, but it will attempt to keep certain materials from being made public.

“The court affirmed OSHA’s authority to obtain relevant information from an employer’s workers’ compensation insurance company,” OSHA assistant secretary David Michaels said in a written statement. “This is not surprising legally, but it does illustrate that workers’ compensation and OSHA are not separate worlds divorced from each other.”


After an investigation, OSHA issued 25 citations to Haasbach and fined the company $555,000. Since then, OSHA has conducted 61 inspections of grain operations in Illinois, Ohio and Wisconsin and has issued 163 violations.


Workforce Management Online, June 2011Register Now!

Posted on

Settlement Reached in Firing Over Facebook Post

A settlement in the case involving an employee who was fired for posting negative comments about a supervisor on her Facebook page was made on Feb. 7, the eve of a scheduled hearing.


The National Labor Relations Board’s Hartford, Connecticut, regional office and American Medical Response of Connecticut Inc., worked out an agreement before a hearing regarding Dawnmarie Souza, a union worker for AMR’s New Haven office. She was fired in December 2009 after disagreements between her and her supervisor culminated in Souza’s posting of negative remarks about the supervisor on her personal Facebook page.


The settlement does not set a formal precedent by the NLRB, as the board was not able to make a decision on this case, an NLRB spokeswoman says.


Under the terms of the settlement, AMR agreed to revise its overly broad rules to ensure it does not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that it would not discipline or discharge employees for engaging in such discussions.


Further, the medical transportation company says employee requests for union representation will not be denied in the future and that employees will not be threatened with discipline for requesting union representation, according to an NLRB statement on the settlement.


Allegations involving Souza’s termination were resolved through a separate and private agreement between the employee and the company, the statement says.


A request for comment from Glenwood, Colorado-based AMR was not returned.


The NLRB’s regional office filed the complaint against AMR in late October, alleging that the company illegally terminated and illegally denied union representation to Souza during an investigatory interview, and maintained and enforced an “overly broad” blogging and Internet posting policy.


Under the National Labor Relations Act, employees may discuss the terms and conditions of their employment with co-workers and others, regardless of the forum.


Souza asked that a Teamsters Union Local 443 representative be present during the investigatory interview, which AMR management denied, and Souza was threatened with discipline because of her request, according to the original complaint.


Later that day after the interview, Souza posted a negative remark about her supervisor on her personal Facebook page from her home computer. The posting drew supportive responses from co-workers and led to more negative comments by Souza about her supervisor, according to the complaint.


The NLRB regional office found that Souza’s Facebook postings were a “protected concerted activity,” and that AMR’s blogging and Internet posting policy contained “unlawful provisions, including one that prohibited employees from making disparaging remarks when discussing the company” and another that “prohibited employees from depicting the company in any way over the Internet without company permission.”


Workforce Management Online, February 2011Register Now!

Posted on

Lawsuits Target Testing for Legal Drugs

An automotive parts distributor is the target of lawsuits over its drug-testing policy, including one filed by the U.S. Equal Employment Opportunity Commission alleging that workers’ rights were violated when they were tested for legally prescribed drugs.


The EEOC filed a complaint last month in U.S. District Court for the Middle District of Tennessee against Rochester Hills, Michigan-based Dura Automotive Systems, which tested all of its production employees for certain legally prescribed drugs in addition to illegal, controlled substances in 2007.


The EEOC contends that Dura violated “various provisions” of the Americans with Disabilities Act by testing for legally prescribed drugs without having just cause. According to the complaint on behalf of employees of Dura’s Lawrenceburg, Tennessee, plant, the employer “tested without reasonable suspicion that such medications were affecting the employees in performance of their jobs.”


Further, the lawsuit states that Dura practiced “unlawful” employment practices, including suspending employees in excess of 30 days if they tested positive for certain legally prescribed medications. Dura also required that employees disclose medical conditions for which they had to take the drugs and required workers to forgo taking their medications as a condition of returning to work, according to the suit.


If workers failed at their job duties without the benefit of their prescribed medications, they were fired, the suit alleges.


The EEOC is seeking to end Dura Automotive’s drug-testing policy, which allows for the testing of legally prescribed drugs, and to collect back pay and compensatory damages as well as punitive damages.


The EEOC’s lawsuit is in addition to a class-action lawsuit alleging discrimination by Dura Automotive that was filed by individuals who claimed they were suspended or lost their jobs as a result of the company’s drug testing policy.


Robert Boston of Nashville’s Waller Lansden Dortch & Davis, who is representing Dura, did not return a call seeking comment.


Leslie E. Silverman, a Washington-based partner for Proskauer Rose’s labor and employment department practice and former vice chair of the EEOC, says Dura allegedly has violated multiple EEOC guidelines and cannot see how, if the allegations are proved, the court would rule against the EEOC. Silverman is not involved in the case.


Silverman says a drug test is lawful if it screens for illegal drugs, but said such a test for legally prescribed drugs is regarded as a medical exam under ADA guidelines. She says there are specific requirements that an employer must meet to conduct a medical exam; specifically, it must be job-related and consistent with “business necessity.”


“What makes this case unusual is the employer is looking for both illegal and legally prescribed drugs,” Silverman says. “Under EEOC guidelines, employers are allowed to test, but [the guidelines] exclude the use of prescription medications.”


Silverman also says that, based on the EEOC’s complaint, Dura screened all employees and didn’t limit it to those who affect public safety—a person driving a forklift, for example.


Todd Bromberg, Washington-based attorney for Wiley Rein’s employment practice, agrees. He says the alleged testing by Dura for legally prescribed drugs is uncommon and “improper.” While some employers may conduct such a drug screening if it is allowed by state law, he noted the practice is not common. Tennessee does not have such a law.


“The question is: Did the employer have good reason to test for legally prescribed drugs?” Bromberg says. “Obviously, illegal drugs and alcohol pose a threat in the workplace, and it’s possible that some people can abuse legal drugs if they take too much or the combination of drugs causes [a problem]. However, it’s not an absolute that legal drugs pose a threat in the workplace.”


Both attorneys agree that most employers would have a hard time proving that testing all employees at a plant for legal prescription drugs was necessary.


“The ADA allows employers to test employees for controlled substances, but testing for legally prescribed medications and forcing employees to disclose their medical reasons for taking them clearly exceeds what the ADA allows an employer to do,” Katharine W. Kores, director of the EEOC in the Memphis, Tennessee, district office, said in a statement.


“The situation at Dura Automotive was aggravated by the company’s humiliating those who tested positive by conducting its tests in a manner that immediately made their identities known to its entire workforce,” she said.

Posted on

Data Breach Threats From Within Growing

While the external hacker is something companies have learned to defend against, the threat of internal data breaches is growing.


Insurance and cyber security experts say a computer-savvy employee who thinks his or her job may be in jeopardy may be more inclined to tap the organization’s database for information that may be useful in a new job with a competitor.


Worse, the employee could attempt to take revenge on his or her employer as job cuts abound during the recession, experts say.


“I think it’s safe enough to assume that, as people are put under greater and greater emotional stress, additional people may lose their moral compass and do things and take data that, in normal circumstances, they might not,” said Alan E. Brill, New York-based senior managing director of technology services at Kroll Ontrack, a division of Kroll Inc., a consultant unit of Marsh & McLennan Cos. Inc.


“But we have to live with the circumstances that we’re in; and if we’re in a higher-risk environment of people doing that, I think we have to be able to respond to that and provide the tools and technology to do so,” Brill said.


Brill said Kroll already is seeing a higher rate of incidents involving employees taking sensitive company data—either before or after they’ve been let go—that they intend to use to better themselves with another employer or start a competing business.


Brian Lapidus, a colleague of Brill and the Nashville, Tennessee-based COO of Kroll’s fraud solutions division, said there were about 1,000 more data security inquiries to Kroll in December than just last July.


“We’re seeing more [data] breaches and we’re seeing more activity from those people who have been victims of a breach,” Lapidus said.


A study that Ponemon Institute LLC released last month found that more than 88 percent of all data breaches involved insider negligence, while the remaining 12 percent were the result of a malicious act. The study also found that the cost of data breaches to companies rose in 2008 to an average $202 per record compromised, up 2.5 percent from 2007 and 11 percent from 2006.


According to Traverse City, Michigan-based Ponemon, “the investment required to prevent a data breach is dwarfed by the resulting costs of a breach.” While the external hacker is something companies have learned to better defend against, the threat of internal data breaches is growing.


Insiders gain access to the data through lax controls and monitoring of network systems, a direct effect of cutbacks in security software and information technology support staff, Brill and other cyber risk analysts say.


“The ability to stop an insider who has access is not really practical,” said Mike Rothman, senior VP of strategy with Acton, Massachusetts-based IT consultant eIQnetworks Inc. “The tools have been put in place to monitor [systems], but I think that IT workers have such a long list of activities to do on a daily basis … you can overlook the monitoring when you have other tangible projects that people are waiting for action on.”


Software programs capable of sweeping systems for irregular data flows are available, Rothman said. It is becoming more “critical” to run automated network scans as companies cut back on data security staffing, he said.


But the attacks are becoming more complicated and intelligent, cyber risk specialists say.


Alex Horan, director of product management for Boston-based Core Security Technologies, said hackers are using “more talented” malware—or malicious software—than in the past and that the attacks have gone beyond the viral e-mail or embedded link to what appear to be safe software downloads.


In a data breach at Princeton, New Jersey-based Heartland Payment Systems Inc., investigators uncovered the breach in January but found that malware had been installed more than a year earlier, according to statements by Heartland executives.


The malware was specifically designed to take certain information and was relatively undetectable. Heartland executives said they did not know how the malware was installed or how much data was taken from the payroll processing operation.


“It’s an attacker knowing the organization and the type of data it holds,” Horan said. “[The hacker] is not sending out a billion e-mails hoping that someone will click on the e-mail. It’s now a more targeted approach.”


Brill agreed, adding that malware is becoming more specialized and, in most cases, is undetectable by the software that fights malware as it is something software companies have not seen before and cannot defend against.


Network security, especially for organizations that use a third party to manage databases, is becoming more important to companies, said Mark Steinhoff, New York-based a principal in Deloitte & Touche’s security and privacy practice.


Deloitte recently surveyed global top 100 financial institutions, banks and insurers and found that 36 percent of the respondents were more concerned with internal breaches, while 35 percent of all respondents were concerned with internal and external breach threats.


“When you look at what organizations are most concerned about, it’s both the internal and external threat,” Steinhoff said. “The insider threat is getting more attention, but the tools to protect against it are still evolving.”


The recent attention surrounding data breaches is puzzling to Kevin P. Kalinich, Chicago-based co-national managing director of Aon Corp.’s financial services group for professional risks.


“There have always been data breaches,” but recent developments in state and federal laws that require data breaches be made public have generated more attention and the incorrect belief that data breaches are rising, he said.


Kalinich said studies have shown that “people feel less guilty about taking electronic data” than hard-copy files and data breaches may indeed increase.


“Organizations have to be aware of economic turmoil and specifically its effects on their employees,” advised Tracey Vispoli, vice president and manager for the financial fidelity and cyber solutions unit at Warren, New Jersey-based Chubb Group of Insurance Cos.


“I think people need to be more worried about [internal data breaches] than in the past. The trends are changing and essentially you have a workforce that is more disgruntled and more upset than in years past, and I think that is something that will be a looming issue in the years ahead,” she said.