When Coworkers Invade Your Space re: Personal Privacy in the Workplace

Raymond Law Group LLC Connecticut, and Boston law firm

Invasion of personal privacy in the work place concerns all of us, but can you sue for that? A Connecticut trial court recently addressed this compelling privacy issue.  A Board of Education employee sued her coworkers for intentional infliction of emotional distress and for invasion of privacy. The employee alleged that her co-workers had, for several months, gathered together without her knowledge or permission to open and read her personal materials that she had stored on her work computer. The Waterbury Superior Court held that the employee had not stated a claim for intentional infliction of emotional distress, as the alleged conduct was only “undesirable and inappropriate”, and thus did not meet the “extreme and outrageous” standard of an intentional infliction of emotional distress claim. However, the court held that the employee had stated a claim for invasion of privacy, since her coworkers’ uninvited intrusion into her personal material was behavior that a reasonable person would find highly offensive. Referencing a 2009 District of Connecticut case, where the court held that employees have a reasonable expectation of privacy for their work emails, the Waterbury Superior Court noted that although the employee’s computer was a work computer, and not a personal device, this fact did not preclude her from bringing an invasion of privacy claim.

The right of privacy was first recognized by the Connecticut Supreme Court in 1982, when the Court adopted the standards for invasion of privacy listed in the Restatement (Second) of Torts. The Restatement explains that “[o]ne who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy if the intrusion would be highly offensive to a reasonable person.” 3 Restatement (Second), Torts, Invasion of Privacy § 652B, p. 378 (1977). Following the Restatement, Connecticut law now categorizes four classes of invasion of privacy: 1) unreasonable intrusion upon the seclusion of another; 2) appropriation of the other’s name or likeness; 3) unreasonable publicity given to the other’s private life; or 4) publicity that unreasonably places the other in a false light before the public. Goodrich v. Waterbury Republican-Am., Inc., 188 Conn. 107, 127-28 1982). A few years later, a Connecticut Appellate Court adopted the invasion of privacy damages listed in the Restatement (Second) of Torts. In that decision, the court held that a plaintiff who has established a cause of action for invasion of his privacy is entitled to recover damages for: 1) the harm to his interest in privacy resulting from the invasion; 2) his mental distress proved to have been suffered if it is of a kind that normally results from such an invasion; and 3) special damages of which the invasion is a legal cause. Jonap v. Silver, 1 Conn. App. 550, 557 (. 1984)

This raises an interesting legal question. If a plaintiff’s claim is found to have fulfilled the standards of an invasion of privacy claim, yet not the standards of an intentional infliction of emotional distress claim, what damages can the plaintiff recover? An intentional infliction of emotional distress claim must involve “extreme and outrageous” conduct, while an invasion of privacy claim must involve conduct that is “highly offensive to a reasonable person.” It seems incongruous that a plaintiff is unable to recover for emotional distress under an intentional infliction of emotional distress claim, yet is able to recover for “mental distress” arising from an invasion of privacy claim. However, it appears that courts have determined that conduct qualifying as invasion of privacy needs to meet a less stringent standard of distress than conduct qualifying as intentional infliction of emotional distress. If this is true, then it makes sense that a plaintiff could be unable to recover for emotional distress under an intentional infliction of emotional distress claim, while still being able to recover for mental distress under a less stringent invasion of privacy claim.

ARTICLE BY

Connecticut Workplace Privacy Law

Utah Passes Law Prohibiting LGBT Employment Discrimination

Squire Patton Boggs (US) LLP law firm

On March 12, Utah Governor Herbert signed into law S.B. 296, which amends the Utah Antidiscrimination Act to prohibit discrimination in employment by Utah employers on the basis of sexual orientation and gender identity. Notably, and perhaps not surprisingly given that 60% of Utah residents identify as Mormons, although the law had the support of the Church of Jesus Christ of Latter-Day Saints, it exempts from coverage religious institutions, organizations, and affiliates (as well as the Boy Scouts of America) from its definition of employer.

It also allows for employee expression of religious or moral beliefs in the workplace – which would appear to include opposition to LGBT issues or lifestyles – as long as such expression is “reasonable, non-disruptive and non-harassing.” In passing this law, Utah becomes the 18th state (including the District of Columbia) to adopt LGBT anti-discrimination legislation. (LGBT discrimination is also prohibited against federal employees pursuant to Executive Order 13672, signed by President Obama in June 2014.)

Oklahoma Federal Court Denies Summary Judgment to Employer on Professor’s Allegations He Was Denied Tenure After Reporting Inappropriate Facebook Posts by Fellow Professors

Allen Matkins Leck Gamble Mallory & Natsis LLP

A federal court in Oklahoma recently denied summary judgment to Northeastern State University, finding that a professor’s discrimination and retaliation claims, among others, could proceed to trial. The professor, Dr. Leslie Hannah, was appointed chair of his department in 2009. The previous assistant chair, Dr. Brian Cowlishaw, was ineligible for the chair position pursuant to the University’s nepotism policy (his wife, Dr. Bridget Cowlishaw, was a professor in the department). During that period, Dr. Brian Cowlishaw posted the following comment on his Facebook page:

“Brian Hammer Cowlishaw /salutes in NSU’s direction / Good luck with that, then! [translation: I won’t be entering the ‘election’ for department chair, because what I offer, no one wants] Good luck! / salute!”

Then in response to a comment, he wrote:

“There will be an ‘election’ the first week of February. They’re making a f*****g indian chair.”

In 2010, Drs. Brian and Bridget Cowlishaw, and another professor, Dr. Donna Shelton, made disparaging comments on Facebook after Dr. Hannah scheduled a department meeting to be held outdoors by the river. In response to a post by Dr. Bridget Cowlishaw about not looking forward to the beginning of the academic year, Dr. Shelton wrote:

“Wonder if they sell body armor for use under regalia…”

In response to a post by Dr. Brian Cowlishaw about the camping trip, Dr. Bridget Cowlishaw wrote:

“Nah, our chair will bring all the handbaskets we need. He’s probably woven them himself.”

In response to a post about whether anyone attended, Dr. Bridget Cowlishaw wrote:

“Maybe they were all eaten by wolves.”

Dr. Hannah reported the posts to the University. The University found that the posts were inappropriate, and reprimanded the professors. Dr. Bridget Cowlishaw entered into a settlement agreement with the University whereby she resigned.

In 2011, Dr. Hannah reported to Human Resources: “I think the time has come for me to leave NSU. This seems to be an unsafe place for American Indians. I will be submitting my resignation . . . ” He then did not resign his position, but he did resign as department chair.

Dr. Hannah ultimately submitted his application for tenure and early promotion when he became eligible in late 2012. The committee that reviewed his application consisted of seven people, including Dr. Brian Cowlishaw and Dr. Shelton. The vote regarding Dr. Hannah was split 3/3 with one abstention, with Dr. Brian Cowlishaw and Dr. Shelton voting to deny the application. Thereafter, in early 2013, the University’s Dean reviewed the committee’s findings and denied Dr. Hannah’s application, stating that Dr. Hannah had “polarized the Department and displayed hostility toward other faculty and staff.” The Dean later stated that, while he was aware of past conflicts in the department, he was unaware of the inappropriate Facebook posts. Dr. Hannah filed a complaint with the University, and the University placed Dr. Hannah on administrative leave with pay for the remainder of his contract.

Dr. Hannah filed suit, including for discrimination and retaliation. The University brought a summary judgment motion. With respect to the discrimination and retaliation claims, the University’s main argument was that there was no causal connection between the Facebook posts in 2009 and 2010 and the denial of Dr. Hannah’s tenure in 2013.

The court was unconvinced that the passage of time between the Facebook posts and the denial of tenure defeated causation, stating: “Two years is not a significant amount of time. It is more than plausible and rather likely that after two years, Dr. Cowlishaw and Dr. Shelton still held some animosity toward Dr. Hannah for his reporting their Facebook posts, which resulted in their reprimands and possibly in the resignation of Dr. Cowlishaw’s wife.”

The Hannah case is another reminder for employers regarding the importance of implementing a good social media policy and training all employees to abide by it. Training employees not to make inappropriate posts in the first place trumps effective corrective action once the employer becomes aware of such posts. Although inHannah, the University’s initial response to the inappropriate posts was sufficient, the fact that the professors had made the posts in the first place played a key role in precluding the University from prevailing on summary judgment during later litigation.

ARTICLE BY

Another Court Rejects Notion that Restrictive Covenant Agreements Must be Supported by At Least Two Years of At-Will Employment

Godfrey & Kahn S.C. Law firm

In a recent decision addressing the enforceability of a restrictive covenant agreement under Illinois law, the court in Bankers Life and Casualty Co. v. Miller, 2015 U.S. Dist. LEXIS 14337 (N.D. Ill. 2/6/15), ruled that Illinois law did not require a minimum of two years of employment to support the employee’s restrictive covenant obligations.  The court rejected the employee’s argument that the “bright-line” rule created by the Illinois Appellate Court in Fifield v. Premier Dealer Services, Inc.required at least two years of continued employment to justify enforcement of the non-competition restrictions.

The Bankers court ruled that “the competition restrictions were not invalid for lack of consideration as a matter of law on the basis that the departing employees’ tenure was less than two years[.]”  Instead, the court ruled that each non-competition restriction should be assessed on a case-by-case basis.  The Bankers ruling is in line with a prior Northern District of Illinois decision, Montel Aetnastak, Inc. v. Miessen, in which the court (by a different judge) ruled that 15 months of continued employment was sufficient consideration to support a non-competition restriction.  In Montel, the employee voluntarily resigned his employment.

In Illinois state courts, however, employers have not had such good luck.  The Illinois Appellate Court in Prairie Rheumatology Associates, S.C. v. Francis recently reiterated the two-year rule created in Fifield.

For employers, the difference in the treatment of Illinois restrictive covenant agreements emphasizes the importance of beating the employee to the courthouse.  In other words, if an employee files a declaratory action in state court, the odds are that the court will follow the Fifield rule.  If, on the other hand, the employer files first in federal court, the odds favor the employer.

Yet another case, Instant Technology, LLC v. Defazio, 2014 U.S. Dist. LEXIS 61232 (N.D. Ill. May 2, 2014), is pending in the Seventh Circuit Court of Appeals.  We will monitor this case and follow up once a ruling is issued.

ARTICLE BY

OF

Two More HR Mistakes To Avoid – Human Resources

Michael Best Logo

Having just touched the tip of the HR iceberg in my recent post  “Avoid these 3 Common HR Mistakes,” let’s dive a little deeper. Below are two more common mistakes made by companies and their human resources professionals:

Mistake #4: Failing to preserve key evidence.  Every terminated employee poses the risk of future litigation. Consequently, take steps to preserve crucial evidence. To the extent possible, save all employee voice mails that involve statements of: (1) quitting; (2) insubordination; (3) threats of violence; (4) profanity; and (5) excuses for absences unrelated to any disability (if you terminated the employee for absenteeism). Similarly, print and save screen shots of employees’ texts and social media postings, particularly if the contents reveal employee misconduct. Finally, always keep a signed and dated copy of the termination letter, and save the employee’s personnel file for at least 3 years.

Mistake #5: Failing to keep quiet. When it comes to discussing employment terminations, the less said the better. Never talk with a lawyer representing an employee. Generally, anything you say is evidence that will be used against you. For the same reason, don’t talk to an employee’s family member about their situation – he/she is not the employee. Don’t talk with anyone from a government agency unless your lawyer is present. Don’t tell individuals who do not have a “need to know” why an employee was terminated; if you can’t later prove the reason(s) for the termination you may face a defamation claim. Finally, be careful what you write in emails. Do not: (1) refer to an employee’s protected characteristics (such as race, age, gender, sexual orientation, religion, disability, etc.); (2) refer to an employee’s threat of a lawsuit; or (3) call the employee derogatory names (including “troublemaker”). Emails can and will be discovered in the course of litigation, and can be highly damaging to your case.*

Navigate around these legal icebergs in order to avoid sinking your case.

ARTICLE BY

OF

Anti-Bullying Laws in California and Tennessee Could Be the Start of a New Trend

Jackson Lewis Law firm

While there are no current federal laws that prevent workplace bullying in the private sector, “Healthy Workplace” bills have been introduced in 26 states since 2003.  Tennessee recently became the first state to pass the “Healthy Workplace Act,” a law designed to encourage public sector agencies to create an anti-bullying policy that addresses “abusive conduct” by making the agencies immune to bullying-related lawsuits if they adopt a policy that complies with the law.

More recently, California passed a workplace anti-bullying law for private-sector employers that became effective on January 1, 2015.  California’s A.B. 2053 requires employers with 50 or more employees that already provide training on preventing sexual harassment to include new training on preventing “abusive conduct” in the workplace to supervisory employees.  It is likely that other states will follow suit and pass their own “Healthy Workplace” bills in the coming years as anti-bullying continues to trend in the news and become a focus in the workplace.

Statistics show bullying in the workplace may be a real problem, with 65.6 million U.S. workers being affected by it.  According to 2014 National Survey conducted by the Workplace Bullying Institute, 27 percent of U.S. workers reported that they had experienced abusive conduct at work and 21% of U.S. Workers have witnessed abusive conduct of others at work.

The 2014 National Survey uncovered that most employees do not think that their employers do enough to address workplace bullying:

• 25% of employees’ surveyed asserted that employers deny that bullying and harassing conduct takes place and fail to investigate complaints

• 16% asserted that employers discount bullying or describe it as non-serious

•  15% asserted that employers rationalize it by describing the bullying as innocent

• 11% asserted that employers defend abusive conduct when the perpetrators are executives and managers

Only 12% of employees’ surveyed found that their employers took steps to eliminate bullying by creating and enforcing certain policies and procedures.  The perceived failure from employees and state lawmakers that employers are adequately addressing workplace bullying may be one reason for the recent passage of anti-bullying laws in Tennessee and California and the introduction of similar bills in other states.

Under Tennessee’s Healthy Workplace Act, “abusive conduct” is broadly defined as acts or omissions that would cause a reasonable person, based on the severity, nature, and frequency of the conduct, to believe that an employee was subject to an abusive work environment, such as: (A) Repeated verbal abuse in the workplace, including derogatory remarks, insults, and epithets; (B) Verbal, non-verbal, or physical conduct of a threatening, intimidating, or humiliating nature in the workplace; or (C) The sabotage or undermining of an employee’s work performance in the workplace.

California’s A.B. 2053 similarly defines “abusive conduct” very broadly.  “Abusive conduct” means conduct of an employer or employee in the workplace, with malice, that a reasonable person would find hostile, offensive, and unrelated to an employer’s legitimate business interests.  It may include repeated infliction of verbal abuse, such as the use of derogatory remarks, insults, and epithets, verbal or physical conduct that a reasonable person would find threatening, intimidating, or humiliating, or the gratuitous sabotage or undermining of a person’s work performance.  The Act recognizes that a single act shall not constitute abusive conduct, unless especially severe and egregious.

While California and most other states do not provide a private right of action for an employee to sue for workplace bullying, bullying at the workplace – that goes unchecked – can result in negative consequences, such as decreased productivity and efficiency, increased absenteeism, loss of morale, increased resignations or transfer requests, and increased hotline calls and internal complaints.   It may also result in employees suing their employers for harassment or a hostile work environment based on a protected class, such as race and gender under Title VII of the Civil Rights Act of 1964 or for tort liability claims, such as negligent hiring or intentional infliction of emotional distress.

Thus, employers would be well-advised to manage this risk and develop a stronger workplace conduct policy now.  To address the potential for workplace bullying and the possibility that states will follow Tennessee’s and California’s lead in regulating workplace bullying, employers should analyze the workplace culture for incidents or prevalence to bullying and develop a workplace bullying prevention program.

ARTICLE BY

OF

The New Illinois Secure Choice Savings Program: Considerations for Employers

On January 4, 2015, the governor of Illinois signed into law the Illinois Secure Choice Savings Program Act (S.B. 2758). This law—first of its kind in the nation—requires certain employers to provide an automatic payroll deduction for savings in a Roth IRA for employees who are over age 18 and who do not opt out. Employers who are subject to this mandate are those who have 25 or more employees in Illinois, have been in business for at least two years, and have not offered their employees tax-favored retirement benefits in the preceding two years. “Small employers” not otherwise subject to the Act may participate in the Program on an elective basis. The Program will not be activated before 2017, and affected employers must establish a payroll deposit arrangement “at most nine months” after the Program opens for enrollment.

Several interest groups promoted this legislation, and several opposed this ambitious law.

Scope of Program

The Secure Choice Savings Program will require affected employers to automatically enroll eligible employees who do not opt out and to facilitate payroll deductions for those employees. The statute provides that employers will not be treated as fiduciaries “over the Program” or liable for Program investments, design, or benefits. No employer contributions are required.

Open enrollment will occur at least once a year. Affected employers will forward the payroll deductions to a system administered by a seven-member state board that will supervise the investment of the assets, engage investment managers, and perform similar supervisory functions. Employers’ activities will also include distributing materials provided by the state board. Penalties for an employer’s violation will be $250 per employee per year, with the amount increasing to $500 for violations with respect to employees who continue to be treated as unenrolled in years after the initial assessment.

Enrollees may contribute up to the IRA maximum, with a default level of 3% of wages for those who do not elect a different percentage or amount. Enrollees will have the investment options provided by the state board.

Employers must consider various federal tax obligations. For example, the Program’s treatment of contributions to a Roth IRA as a payroll deduction implicates federal income and payroll tax obligations with respect to those funds. Contributions to Program accounts, when combined with an employee’s IRA contributions outside of the Program, may not exceed the Tax Code’s annual limit. The extent of an employer’s responsibility, if any, in connection with an employee’s compliance in this context, remains to be developed.

In addition, when disputes arise with respect to an employer’s obligations under the Act—for example, Program penalty assessments—contested matters are ultimately appealed under the Illinois Administrative Review Law (ARL) in a 35-day window (like a statute of limitations, only stricter) for challenges to agency decisions (here, the Department of Revenue). As many practitioners know, the ARL process is one that is laden with procedural landmines for parties who challenge agency decisions in state court.

From a different perspective, the Act attempts to restrict the scope of fiduciary obligations—potentially good news for employers and others involved in the Program. However, drawing lessons from the ERISA experience, contributions to 401(k) plans have sometimes resulted in the delay or failure of contributions from financially distressed employers who must forward money deducted from employee paychecks. For ERISA plans, this can result in United States Department of Labor (USDOL) enforcement in court. However, from practical perspective, the Illinois Secure Choice Savings Program raises questions as to how such non-ERISA violations will be treated.

The law specifically requires the state board to request an opinion from the USDOL regarding ERISA’s applicability to the Program. Also, the state board may not implement the Program if the Program’s IRAs fail to qualify for favorable federal tax treatment normally accorded to IRAs, or if it is determined that the Program is an employee benefit plan, or if any “employer liability is established” under ERISA. In addition, the Program may not be implemented unless there is adequate funding for its operation. Delay in satisfying these various conditions could push the start date to a later time.

Although the Act strives to create a “non-ERISA environment” in which no Program activity will constitute an ERISA plan, the fact that 50 different states may create various programs with rules different from the Illinois rules suggests that the USDOL may scrutinize not only the definition of a “plan” but also theAct itself for adequate avoidance of the patchwork of rules from which ERISA was enacted to spare multi-state employers.

The recently inaugurated federal MyRA (my retirement account) program bears some analogy to the Illinois Program; for example, its reliance on Roth IRAs. However, there are several important differences in the two models. Although the USDOL recently gave assurance that MyRAs would not constitute ERISA plans, the specter of numerous state programs could well give federal regulators pause. ERISA preemption does not extend to federal laws, but many non-federal programs promoting retirement benefits could be viewed as requiring close and time-consuming review. Assuming federal authorities conclude that ERISA is not implicated by the Illinois Program, that conclusion may be slow in coming if DOL regulators see a need to deal comprehensively with future programs of other states. On the other hand, Illinois authorities may have already coordinated informally with the USDOL, and the Program’s clearance might be fast-tracked in Washington.

Start-up of the Program will also entail definitional clarifications of certain terms used in the Act, particularly those used to define the scope of the Program.

Much commentary on this law is possible—from regulatory, fiscal, procedural, and other perspectives. But given the two-year wait, the required clearances from federal agencies, the possibility that some changes in the law may occur, and the potential challenges in Illinois for funding the Program’s operations, we will defer detailed commentary to a later date.

What Should Employers in Illinois Do Now?

Given the long period of at least two years before the Act’s implementation, and given that the law directs Illinois regulators to deal with federal agencies and secure adequate funding for Program operations, employers should monitor developments relating to the Program.

Employers who clearly or arguably employ 25 or more employees should determine whether any Illinois employees are not covered by a tax-favored retirement plan. Close questions will have to be reviewed in light of interpretations of the statute. A single eligible employee who does not opt out may require the employer’s compliance.

Effect on Employers Based in Other States

If the new law takes effect in Illinois as presently contemplated—and even if it doesn’t—other states may soon be seen enacting similar laws intended to mandate the enrollment of employees not covered by an employer’s retirement plan. Those jurisdictions should also be monitored for legislative moves like the Illinois Secure Choice Savings Program Act because the Illinois Act could be a harbinger of similar laws in other states.

Winter Weather: OSHA Updates on Cold Weather Hazards

Jackson Lewis Law firm

Stepping outside this week is a biting reminder that winter has arrived. OSHA has updated its website with information about winter hazards and the steps that can be taken to protect employees.  Although there is no specific standard covering winter weather, employees are protected by the Occupational Safety and Health Act (1970) General Duty Clause or Section 5(a)(1), which requires employers to provide employees a workplace free from recognized hazards.  This is a good time for employers to review their cold weather work practices.

In order to plan accordingly, it is essential that employers understand the potential dangers posed by the weather and familiarize themselves with the terminology used by meteorologists and the medical community.  Icy conditions or heavy snow can lead to slick or blocked roads and downed power lines.  Although people may be advised to stay off the roads in these conditions, such advice is impracticable for workers such as EMTs, snow plough operators, and power company employees.   According to OSHA, environmental cold exposes workers to the risk of cold stress. Any worker exposed to cold temperatures is susceptible to cold stress but extra attention should be paid to workers whose work necessitates them being outside, employees with health conditions such as heart disease or high blood pressure, new employees who may not be accustomed to the conditions, and workers who are returning to work after an absence.

In addition to OSHA’s webpage on “Winter Weather” there are other tools available to help an employer assess the situation and take the necessary precautions to protect their workers.  The American Conference of Governmental Industrial Hygienists (ACGIH) has published a chart entitled “Work/Warm-up Schedule for a 4-Hour Shift” which provides a clear model for employers to determine the length of time someone can work under decreasing weather conditions.  https://www.osha.gov/dts/weather/winter_weather/windchill_table.pdf

According to OSHA, employers can help alleviate the risks of cold stress by adapting work schedules to the weather conditions: implementing safe practices such as limiting the amount of time workers are outside, scheduling frequent breaks, providing hot, sweet drinks (e.g. tea but NOT alcohol); providing engineering controls, including providing radiant heat and protecting workers from drafts.  Additionally, employers should monitor workers for signs of cold stress, especially those employees previously mentioned.

Environmental cold can lead to cold stress which occurs when lower skin temperature gives way to a lower core temperature.  A person’s body temperature will cool down faster when there is a wind chill.  The most common types of cold stress include: frostbite (freezing, usually of the extremities, e.g. fingers and toes, which can lead to amputation of the affected area); hypothermia (characterized by a core body temperature falling below 95° F, can be fatal); chilblains (ulcers caused by repeated exposure of skin to cold temperatures); and trench foot (result of extended periods of cold, wet feet).  See NIOSH’s Fast Facts sheet –http://www.cdc.gov/niosh/docs/2010-115/pdfs/2010-115.pdf

According to OSHA employers should train employees about these hazards. Well-educated employees can contribute to a safer working environment.  Training should at a minimum cover the following areas:

  • What are the dangers?

  • How to recognize the symptoms associated with Cold Stress related conditions

  • Monitoring oneself and co-workers for signs of cold stress

  • How to dress appropriately for the weather (i.e. layers of loose clothing)

  • First Aid in the case of emergency.

OSHA’s Quick Card “Protecting Workers from Cold Stress” is a concise, easy to read reference sheet identifying the most common cold stress health hazards, how to recognize them, and the emergency measures to be taken if you suspect someone is suffering from cold stress.  See https://www.osha.gov/Publications/OSHA3156.pdf

Employers whose employees use company vehicles or who work around vehicles, it is also essential for vehicles to be properly maintained and equipped for severe driving conditions.  Depending on the work environment, additional training of employees may be advisable.  Suggested topics of training might include:

  • Work zone traffic safety

  • What to do if you are stranded in a vehicle

  • How to safely shovel snow

  • The use of equipment such as snow blowers

  • Working at heights

  • Walking safely to prevent slips, trips, and falls

  • Repairing downed or damaged power lines or being in the vicinity of downed or damaged power lines

See https://www.osha.gov/dts/weather/winter_weather/hazards_precautions.html.

OSHA has published comprehensive materials about winter weather.  These may be viewed at https://www.osha.gov/dts/weather/winter_weather/index.html

ARTICLE BY

OF

Three Lessons for Mitigating Network Security Risks in 2015: Bring Your Own Device

Risk-Management-Monitor-Com

Not too long ago, organizations fell into one of two camps when it came to personal mobile devices in the workplace – these devices were either connected to their networks or they weren’t.

But times have changed. Mobile devices have become so ubiquitous that every business has to acknowledge that employees will connect their personal devices to the corporate network, whether there’s a bring-your-own-device (BYOD) policy in place or not. So really, those two camps we mentioned earlier have evolved – the devices are a given, and now, it’s just a question of whether or not you choose to regulate them.

This decision has significant implications for network security. If you aren’t regulating the use of these devices, you could be putting the integrity of your entire network at risk. As data protection specialist Vinod Banerjee told CNBC, “You have employees doing more on a mobile device and doing it ad hoc here and there and perhaps therefore not thinking about some of the risks that are apparent.” What’s worse, this has the potential to happen on a wide scale – Gartner predicted that, by 2018, more than half of all mobile users will turn first to their phone or tablet to complete online tasks. The potential for substantial remote access vulnerabilities is high.

So what can risk practitioners within IT departments do to regain control over company-related information stored on employees’ personal devices? Here are three steps to improve network security:

1. Focus on the Increasing Number of Endpoints, Not New Types

Employees are expected to have returned from holiday time off with all sorts of new gadgets they received as gifts, from fitness trackers to smart cameras and other connected devices.

Although these personal connected devices do pose some network security risk if they’re used in the workplace, securing different network-enabled mobile endpoints is really nothing special for an IT security professional. It doesn’t matter if it’s a smartphone, a tablet or a smart toilet that connects to the network – in the end, all of these devices are computers and enterprises will treat them as such.

The real problem for IT departments involves the number of new network-enabled endpoints. With each additional endpoint comes more network traffic and, subsequently, more risk. Together, a high number of endpoints has the potential to create more severe remote access vulnerabilities within corporate networks.

To mitigate the risk that accompanies these endpoints, IT departments will rely on centralized authentication and authorization functions to ensure user access control and network policy adherence. Appropriate filtering of all the traffic, data and information that is sent into the network by users is also very important. Just as drivers create environmental waste every time they get behind the wheel, network users constantly send waste – in this case, private web and data traffic, as well as malicious software – into the network through their personal devices. Enterprises need to prepare their networks for this onslaught.

2. Raise the Base Level of Security

Another way that new endpoints could chip away at a network security infrastructure is if risk practitioners fall into a trap where they focus so much on securing new endpoints, such as phones and tablets, that they lose focus on securing devices like laptops and desktops that have been in use for much longer.

It’s not difficult to see how this could happen – information security professionals know that attackers constantly change their modus operandi as they look for security vulnerabilities, often through new, potentially unprotected devices. So, in response, IT departments pour more resources into protecting these devices. In a worst-case scenario, enterprises could find themselves lacking the resources to both pivot and mitigate new vulnerabilities, while still adequately protecting remote endpoints that have been attached to the corporate network for years.

To offset this concern, IT departments need to maintain a heightened level of security across the entire network. It’s not enough to address devices ad hoc. It’s about raising the floor of network security, to protect all devices – regardless of their shape or operating system.

3. Link IT and HR When Deprovisioning Users

Another area of concern around mobile devices involves ex-employees. Employee termination procedures now need to account for BYOD and remote access, in order to prevent former employees from accessing the corporate network after their last day on the job. This is particularly important because IT staff have minimal visibility over ex-employees who could be abusing their remote access capabilities.

As IT departments know, generally the best approach to network security is to adopt policies that are centrally managed and strictly enforced. In this case, by connecting the human resources database with the user deprovisioning process, a company ensures all access to corporate systems is denied from devices, across-the-board, as soon as the employee is marked “terminated” in the HR database. This eliminates any likelihood of remote access vulnerabilities.

Similarly, there also needs to be a process for removing all company data from an ex-employee’s personal mobile device. By implementing a mobile device management or container solution, which creates a distinct work environment on the device, you’ll have an easy-to-administer method of deleting all traces of corporate data whenever an employee leaves the company. This approach is doubly effective, as it also neatly handles situations when a device is lost or stolen.

New Risks, New Resolutions

As the network security landscape continues to shift, the BYOD and remote access policies and processes of yesterday will no longer be sufficient for IT departments to manage the personal devices of employees. The New Year brings with it new challenges, and risk practitioners need new approaches to keep their networks safe and secure.

OF

California Labor Laws for the New Year

Drinker Biddle Law Firm

If only the Beatles’ call to “Let it Be” was heard by the California Legislature. Instead, employer regulation is on the rise again. In 2014, 574 bills introduced mentioned “employer,” compared to 186 in 2013. Most of those 500-plus bills did not pass, and several that did pass were not signed into law by the governor. One veto blocked a bill that would have penalized employers for limiting job prospects of, or discriminating against, job applicants who aren’t currently employed.

A sampling of significant new laws affecting private employers, effective Jan. 1, 2015, unless otherwise mentioned, follows.

Shared Liability for Employers Who Use Labor Contractors

AB 1897 mandates that companies provided with workers from a labor contractor to perform labor within its “usual course of business” at its premises or worksite will “share with the labor contractor all civil legal responsibility and civil liability” for the labor contractor’s failure to pay wages required by law or secure valid workers compensation insurance, for the workers supplied.

The law applies regardless of whether the company knew about the violations and whether the company hiring the labor contractor (recast by the new law as a “client employer”) and labor contractor are deemed joint employers. This liability sharing is in addition to any other theories of liability or requirements established by statutes or common law.

The client employer will not, however, share liability under this new law if it has a workforce of less than 25 employees (including those obtained through the labor contractor), or is supplied by the labor contractor with five or fewer workers at any given time.

A labor contractor is defined as an individual or entity that supplies, either with or without a contract, a client employer with workers to perform labor within the client employer’s usual course of business, unless the specific labor falls under the exclusion clause in AB 1897. Excluded are bona fide nonprofits, bona fide labor organizations, apprenticeship programs, hiring halls operated pursuant to a collective bargaining agreement, motion picture payroll services companies and certain employee leasing arrangements that contractually obligate the client employer to assume all civil legal responsibility and civil liability for securing workers’ compensation insurance.

This bill is a significant expansion of existing law—which is limited to prohibiting employers from entering into a contract for labor or services with a construction, farm labor, garment, janitorial, security guard or warehouse contractor—if the employer knows or should know that the agreement does not include sufficient funds.

In light of the new law, labor services contractor engagements should be evaluated with an eye toward limiting the risk of retaining non-compliant contractors, including indemnity, insurance, termination provisions and compliance verification protocols.

Wage and Hour Changes

California’s $9 hourly minimum wage is due to increase to $10 Jan. 1, 2016. Defeated by the California Legislature, however, was a bill to raise the hourly minimum wage to $11 in 2015, $12 in 2016, $13 in 2017 and then adjust annually for inflation starting in 2018.

Undeterred, several municipalities have increased their respective minimum wage for companies who employ workers in their jurisdiction. For example, employees who work in San Francisco more than two hours per week, including part-time and temporary workers, are entitled to the San Francisco hourly minimum wage, which increased Jan. 1 from $10.74 to $11.05 and will increase to $12.25 by May 1. Hourly minimum wages also increased Jan. 1 in San Jose ($10.30).

The minimum wage will increase in Oakland March 2 ($12.25) and in Berkeley Oct. 1 ($11). Many other cities have either enacted, or have pending, minimum wage laws.

Federal minimum wage continues to lag behind California, but no longer for federal contractors. President Obama issued Executive Order 13658 in 2014 which established that workers under federal contracts must be paid at least $10.10 per hour. This applies to new contracts and replacements for expiring federal contracts that resulted from solicitations issued on or after Jan. 1, 2015, or to contracts that were awarded outside the solicitation process on or after Jan. 1, 2015. There are prevailing wage requirements for many state and local government and agency contractors as well.

Employers should monitor each of the requirements, including those in the jurisdiction in which they do business, to assure compliance.

Paid Sick Days Now Required

Effective July 1, AB 1522 is the first statewide law that requires employers to provide paid sick days to employees. The new law grants employees, who worked at least 30 days since the commencement of their employment, the right to accrue one hour of paid sick time off for each 30 hours worked—up to 24 hours (three days) in a year of employment. Exempt employees are presumed to work a 40-hour normal workweek; but, if their normal workweek is less, the lower amount could be used for accrual purposes.

An employer may cap accrual at 48 hours (six days) and also may limit the use of paid sick days in a year to 24 hours. Unused paid sick days normally carry-over from year to year, though no carry-over is required if 24 hours of paid sick days is accrued to the employee at the beginning of a year. No payout is required at termination of employment.

The paid sick days may be used for the employee’s own health condition or preventative care; a family member’s health condition or preventative care; if the employee is a victim of domestic assault or sexual violence; and stalking. “Family member” means a child, regardless of age or dependency (including adopted, foster, step or legal ward), parent (biological, adoptive, foster, step, in-law or registered domestic partner’s parent), spouse, registered domestic partner, grandparent, grandchild or siblings.

The law applies to all employers, regardless of size, except for a few categories of employees that are not covered—such as those governed by a collective bargaining agreement that contains certain provisions, in-home supportive services providers and certain air carrier personnel.

Employers must keep records for at least three years, a new workplace poster is required and employers are barred from retaliating against employees who assert rights under this new law.

Failure of an employer to comply with AB 1522 can result in significant monetary fines and penalties in addition to pay for the sick days withheld, reinstatement and back pay if employment was ended, and attorneys fees and costs.

Employers should beware to integrate city specific paid sick leave laws with the new state law. For example, the pre-existing San Francisco paid sick day law has some provisions that are similar and some that are different from AB 1522. As a general rule, where multiple laws afford employee rights on a common topic, the employee is entitled to the law benefits that favors the employee most.

Discrimination Law and Training Requirements Expanded

AB 1443 amends the California Fair Employment and Housing Act (FEHA) to make its anti-discrimination, anti-harassment and religious accommodation provisions apply to unpaid interns. It also amends FEHA’s anti-harassment, and religious belief or observance accommodation provisions, to apply to volunteers. This new law appears to respond to, and trump, courts that have not classified these workers as employees and, in turn, found them not eligible for legal protections afforded to employees.

Prior law requires the California Department of Motor Vehicles to commence issuing special drivers licenses in January to applicants who meet other requirements to obtain a license, but cannot submit satisfactory proof of lawful presence in the United States. AB 1660 amends FEHA to prohibit discrimination against holders of these special drivers licenses; adverse action by an employer because an employee or applicant holds a special license can be a form of national origin discrimination. Employer compliance with any requirement or prohibition of federal immigration law is not a violation of FEHA.

Since 2006, employers of 50 or more employees have been required to provide supervisors with two hours of classroom or other effective interactive anti-sexual harassment training, every two years. New supervisors are to receive the training within six months after they start a supervisory position. This is commonly known as “AB 1825” training.

In apparent response to societal concerns about the impacts of bullying in general, AB 2053 requires that AB 1825 training include a component on abusive conduct prevention. Under the new law, abusive conduct means “conduct of an employer or employee in the workplace, with malice, that a reasonable person would find hostile, offensive and unrelated to an employer’s legitimate business interests.

Abusive conduct may include repeated infliction of verbal abuse—such as the use of derogatory remarks, insults and epithets; verbal or physical conduct that a reasonable person would find threatening, intimidating or humiliating; or the gratuitous sabotage or undermining of a person’s work performance. A single act shall not constitute abusive conduct, unless especially severe and egregious.”

The new law does not make abusive conduct unlawful in and of itself, but it’s common for plaintiffs’ counsel to try, in attempts to win cases, to tether abusive behavior by a supervisor to conduct that is alleged to be unlawful.

SB 1087 requires farm labor contractors to provide sexual harassment prevention and complaint process training annually to supervisory employees and at the time of hire and each two years thereafter to non-supervisory employees. The new law also blocks state licensing of farm labor contractors who have been found by a court or administrative agency to have engaged in sexual harassment in the past three years, or who knew— or should have known—that a supervisor had been found by a court or administrative agency to have engaged in sexual harassment in the past three years.

Child Labor Laws Enhanced

AB 2288, the Child Labor Protection Act of 2014, accomplishes three things.

1. It confirms existing law that “tolls” or suspends the running of statutes of limitation on a minor’s claims for unlawful employment practices until the minor reaches the age of 18.

2. Treble damages are now available—in addition to other remedies—to an individual who is discharged, threatened with discharge, demoted, suspended, retaliated or discriminated against, or subjected to adverse action in the terms or conditions employment because the individual filed a claim or civil action alleging a violation of the Labor Code that arose while the individual was a minor.

3. For Class “A” child labor law violations involving minors at or under the age of 12, the required range of civil penalties increases to $25,000 to $50,000. Class A violations include employing certain minors in dangerous or prohibited occupations under the Labor Code, acting unlawfully or under conditions that present an imminent danger to the minor employee, and three or more violations of child work permit or hours requirements.

Immigration and Retaliation

Several new California laws involving immigration issues surfaced last year. All were premised on existing law that all workers are entitled to the rights and protections of state employment law regardless of immigration status, and that employers must not leverage immigration status against applicants, employees or their families.

This year, AB 2751 adds to and clarifies these existing laws.

For example, actionable “unfair immigration- related practices” now include threatening or filing a false report to any government agency. The bill also clarifies that a court has authority to order the suspension of business licenses of an offending employer to block otherwise lawful operations at worksites where the offenses occurred.

What’s Next?

Employers should consider how these new laws impact their workplaces, and then review and update their personnel practices and policies with the advice of experienced attorneys or human resource professionals.

*Originally published by CalCPA in the January/February 2015 issue of California CPA.

ARTICLE BY