A number of bills which may impact California employers and employees were signed into law by Governor Arnold Schwarzenegger. These new laws include:

SB 1304 (DeSaulnier): A new paid leave requirement for California employers with 15 or more employees will go into effect on January 1, 2011. Codified by Labor Code section 1508 et seq., employees who meet the eligibility requirements will be entitled to up to 30 days’ paid leave in any one-year period for organ donation and up to five days’ paid leave for bone marrow donation. To qualify for this new leave, an employee must provide the employer with written verification of his or her status as an organ or bone marrow donor and the medical necessity for the donation. Leaves may be taken in one or more periods, and during any period of leave, employers must maintain and pay for coverage under a group health plan. Leave taken cannot be considered a break in the employee’s continuous service for the purpose of salary adjustments, sick and vacation pay accrual, annual leave or seniority. However, unless otherwise provided by a collective bargaining agreement, an employer may require employees to use up to five days of accrued sick or vacation time for bone marrow donation leave and up to two weeks of accrued sick or vacation time for organ donation leave. Upon return from such leave, an employee must be restored to the same position or to a position with equivalent status, pay and benefits.

Importantly, this leave does not run concurrently with any leave taken pursuant to the Family and Medical Leave Act (“FMLA”) or the California Family Rights Act (“CFRA”), which means that employees will be entitled to this leave in addition to any FMLA or CFRA leave. The law also protects employees from retaliation for exercising their leave rights and prohibits employers from interfering with their efforts to take such leave.

AB 569 (Emerson): This new law, codified by Labor Code section 512, will take effect January 1, 2011. It exempts construction employees, security services industry officers, commercial truck drivers, and employees of electrical and gas corporations and local publicly owned electric utilities from California’s meal period requirements if the employees are covered by a valid collective bargaining agreement containing meal period provisions. The new law contains more specific definitions of the occupations exempted from meal period requirements.

AB 2364 (Nava): This new law, which will be codified by various sections of the Unemployment Insurance Code, slightly broadens eligibility for unemployment compensation by providing that employees who leave employment to protect their family from domestic violence are eligible for unemployment benefits. This law will become effective on January 1, 2011.

Summary provided by Worklaw Network firm Pettit Kohn Ingrassia & Lutz (www.pettitkohn.com).

In Sandell v. Taylor-Listug, Inc., an age discrimination case, a California court of appeal reversed the trial court’s decision to grant summary judgment in favor of the defendant employer, finding that triable issues of fact existed with respect to the employer’s motive for firing the plaintiff.

Robert Sandell (“Sandell”) was hired as Taylor-Listsug, Inc.’s (“Defendant”) senior vice president of sales. Approximately six months into his employment, Sandell suffered a stroke. Four months later, Sandell returned to work full time. During the remainder of his employment, Sandell required a cane to walk, and his speech became noticeably slower. Defendant’s CEO terminated Sandell’s employment a few days after Sandell’s sixtieth birthday, citing displeasure with Sandell’s performance. Sandell brought a claim against Defendant for age discrimination, and the trial court granted summary judgment in Defendant’s favor.

In reversing the lower court’s ruling, the court of appeal held that Sandell had presented sufficient evidence to establish a prima facie case of age discrimination. More specifically, he established a prima facie case that he was disabled with evidence that he needed to use a cane and that his speech was impaired as a result of his stroke. The court also found that there was conflicting evidence from which a jury could have concluded that Defendant’s proffered reasons for firing Sandell were unworthy of credence. Additionally, Sandell described two statements by Defendant’s CEO that potentially supported a finding that Defendant acted with an improper motive. The appellate court rejected the trial court’s dismissive conclusion that these were simply “stray” remarks that were of no legal consequence and could be disregarded. Moreover, the timing between Sandell’s hiring and firing (2004 to 2007), even if considered short, did not necessarily create a strong inference that no discriminatory motive existed, given that the effects of Sandell’s stroke caused him to appear older than he may have appeared at the time he was hired. Evidence of discriminatory animus also included testimony that the Defendant’s president said that he would rather fire older people and replace them with newer, younger people because doing so would be cheaper for the company.

This case serves as an important reminder to employers that any negative comment which directly or indirectly references an employee’s age, disability or other protected characteristic could potentially be construed as discriminatory, particularly given that many courts have moved away from applying the “stray remarks doctrine” in employment discrimination cases.

To read the case go to http://www.courtinfo.ca.gov/opinions/documents/D055549.PDF.

Many times we run so hard, we fail to step back and take a 50-foot view of our company. Here is a baker’s dozen “head check” questions you and your managers should be asking yourself: 

1. Who are we? Just what is our story? Whether you call it brand, story, culture, it’s about self-definition. Two great examples are Southwest Airlines and Virgin Air. Their story is branded externally with customers and internally with personnel. Of course, every company has a story—what’s yours? If you’re not sure, ask a third party to come in and take a walk around. Then have them take a look at your website. If they have trouble defining it, you’ve missed a great marketing opportunity. To customers and employees.
2. What do we value most? Certainly the answer to this question should be identified in your brand, culture, etc. Is it hidden or stated? Is everybody on board with these values? Where are there conflicts? Is have a life competing with being the top grossing firm? Is executive pay strangling the ability to hire new talent?
3. Where are we going? As the saying goes, “If you don’t know where you’re going, any road will get you there.” How articulate has management been in defining the company’s vision, mission or goals? How articulate are your company’s managers in defining these for their teams? How articulate are each of your employees in defining these for their careers? Do you folks really know where you’re going? Don’t guess at it, ask a few folks. Survey them even!
4. Where do we need to improve integrity? We had a great Webinar guest, Tony Simons, a Cornell University professor who wrote a great book on integrity. In their studies, it is the single factor driving profitability in corporate life. High integrity companies out earn low integrity ones. So, where do you or your company over-promise and fail to walk your talk? Another way to language the concept is that of trust. What makes someone trustworthy is that they have the skills and the desire to be successful. Where can trust or integrity be compromised? Do you have checks and balances to prevent that poor conduct? Are you making a proactive effort to increase trust and integrity or do you fantasize that it will happen naturally?
5. Are we communicating? In the surveys I’ve done with companies, communication is one of the top three challenges faced by every organization. Remember this: the greatest form of communication is dialogue because it creates a “safe place” for communicating. Unfortunately, much of the workforce sits in what I’ve coined “the Culture of Silence.” This means they are far more concerned about judgment from management and peers than they are motivated to contribute a new idea. There will always be communication in an organization, it’s leadership’s choice to make it proactive and positive or allow it to wallow and become reactive and negative.
6. Do we have a standard operating procedure for doing absolutely everything? If not, what’s the excuse? Chances are if you’re an entrepreneur, you’ve read Michael Gerber’s book eMyth. The revelation is to build a business as if we were going to franchise it. Then we know we have our act together. An easy way to generate SOPs is to give people dictation equipment, talk about what and how they do things, have it typed it out, tweak it, and voila, you have a standard operating procedure for everything—from answering the phones to post-purchase reassurance.
7. Who is responsible for what? In another excellent HR That Works Webinar, the presenters talked about the Results-Only Work Environment (ROWE). In order to have that type of high-performing organization, everybody has to be very clear about their responsibilities. If you were to ask the people you manage “What are the three most important things you are responsible for every day?” would their answers match what you expected? Unless they do you have opened up a gap in performance management.
8. How does the cash flow? Are your managers and rank and file aware of how the cash flows in your organization? Fact is, the most dropped and failed course in college is accounting. Fact is, Americans are in a financial mess because they don’t manage money properly. Fact is, those people bring those habits to your workplace every day. In another excellent Webinar we did, Coach George from Dave Ramsey’s organization talked about the importance of bringing financial peace to your company. This does not just include the company’s bottom line, but the impact that financial stress has on each and every one of your employees. Smart companies will educate their employees about dollars and sense. They will be able to read a cash flow statement. They will understand how and where your company makes money so they can do a better job contributing to that effort.
9. What’s the work environment like? The work environment is always communicating. Fact is, it’s never not communicating. I remember one time trying to help out what was, at that time, a Fortune 500 company that brought together a highly skilled group of engineers and had them work on a highly secretive project. Unfortunately, this high-performing team was breaking down and many were ready to quit and go back to where they came from. When I went to go visit them, they literally worked in an office environment with nothing but gray walls as if it were some top secret Manhattan Project. How ridiculous. When I was a kid, if you were surrounded by grey walls, it meant you were in a basement throwing out the garbage or waiting for the bomb drill to end. What did that environment say to these men who were already in a stressed state? What does your environment say to your employees? Is it energizing or something else? Does it reinforce your brand or do something else? Do employees see the difference their work does every day?
10. How do we define success? How do we keep score? What’s it mean to be a winner? Does everybody know the rules to the game? Are some of your employees playing soccer and others playing baseball? In studying companies that won the Baldridge Award, these excellent companies were very good at defining what overall performance meant. Yet, even in those award winning companies, roughly 50% of employees did not know what it meant to succeed on an individual basis. So, has your company done a good job of defining success company-wide and for individual employees?
11. Where are we at risk? Have you done a SWOT analysis lately? Where are your weaknesses and threats? Do you have good risk management to address these issues? Do you have technology vulnerabilities? Turnover problems, offshore competition, outdated machinery, outdated performance management? Talked with your insurance broker about your exposures? Can you insure against these risks or mitigate these risks or mitigate the damages of these risks if they do occur? Obviously, risk exposure is something BP wasn’t very concerned about when building oil platforms in the Gulf.
12. How are we creating great customer experiences? Today is a sound byte instant gratification, what-can-you-do-for-me-now environment. Many products and services are viewed as fungible. What really matters is the “experience” that surrounds them. To me, flying is a fungible product, but I’d much rather fly Southwest than US Air because of the dramatically different customer experience. If your company has any mission statement, it should simply be this: Create great customer/client experiences! What else could be more important in today’s marketplace? What else could better help drive profits? Look at your own personal experience. We love going to Costco, Nordstrom, fly Southwest Airlines, eat at In-n-Out Hamburger. Why? Because of a great experience. Great experiences are addictive. Are clients and customers addicted to a great experience with you?
13. How can we break out of the box? How can we enhance the creativity in our organization? How can we foster new ideas? Do we actually have a process for mining the intelligence of our entire range of stakeholders? See the Creativity Checklist on HR That Works.

Hope that was good food for thought. Here’s to your success!

Electronic Arts is a big manufacturer of software games. There is rumor on the web that one blog article posted by a disgruntled employee (self-named EA Louse) blogsite https://ealouse.wordpress.com/2010/10/12/hello-world/ could have affected the stock’s price and disclosed trade secrets, if not more. The costs to its employee brand may have taken an even bigger hit. More than 1,200 responses have been have been posted on the blog as of today (10/15). Dozens of other bloggers and the news media have also chimed in.

I’m not interested in who is “right.” The simple lesson is this:

1. If you are employee and don’t like where you work, then get a job somewhere else. I wonder how often EA Louse took his resume for a spin? He acknowledges EA had a bad rap as far back as the EA Spouse Blog. Was he willing to suffer the abuse to practice his art? Was his artistic vision ignored? Then move on to the competition (if you are good enough) and don’t whine about it afterward.
2. If your job can be outsourced then you tread on thin ice. Makes no difference if it’s in manufacturing or IT or programming or design, etc. May want to adjust your career aspirations accordingly.
3. As an employer, social media risks are VERY, VERY REAL. How does EA defends themselves against this? I haven’t seen a press release response yet. (I looked for one). What I did see is the war between the leadership of EA and its competitor, Activision http://g4tv.com/thefeed/blog/post/707749/catfight-bobby-kotick-slams-ea-ea-fires-back.html Seems like this can be an expected norm in this industry?
4. If you don’t treat employees right they will not only end up filing lawsuits…now they can cost you millions in stock value in one blog post! (Hope you have insurance to cover that!) 
5. Have a plan to react to what posted about your company in Social Media.

You can start by requesting Google Alerts about you and your company. http://www.google.com/alerts

In a continued effort to crack down on 1099 misclassification schemes, the PA legislature has passed a bill that defines the issue. You can see the bills history at http://www.legis.state.pa.us/cfdocs/billinfo/billinfo.cfm?syear=2009&sind=0&body=H&type=B&bn=0400 below is the most important language in that bill. MY highlights in bold.

(a) General rule.–For purposes of workers’ compensation, unemployment compensation and improper classification of employees provided herein, an individual who performs services in the construction industry for remuneration is an independent contractor only if:

(1) The individual has a written contract to perform such services.

(2) The individual is free from control or direction over performance of such services both under the contract of service and in fact.

(3) As to such services, the individual is customarily engaged in an independently established trade, occupation, profession or business.

(b) Criteria.–An individual is customarily engaged in an independently established trade, occupation, profession or business with respect to services the individual performs in the commercial or residential building construction industry only if:

(1) The individual possesses the essential tools, equipment and other assets necessary to perform the services independent of the person for whom the services are performed.

(2) The individual’s arrangement with the person for whom the services are performed is such that the individual shall realize a profit or suffer a loss as a result of performing the services.

(3) The individual performs the services through a business in which the individual has a proprietary interest.

(4) The individual maintains a business location that is separate from the location of the person for whom the services are being performed.

(5) The individual:

(i) previously performed the same or similar services for another person in accordance with paragraphs

(1), (2), (3) and (4) and while free from direction or control over performance of the services, both under the contract of service and in fact; or

(ii) holds himself out to other persons as available and able, and in fact is available and able, to perform the same or similar services in accordance with paragraphs (1), (2), (3) and (4) while free from direction or control over performance of the services.

(6) The individual maintains liability insurance during the term of this contract of at least $50,000.

(c) Factors not to be considered.–The failure to withhold Federal or State income taxes or pay unemployment compensation contributions or workers’ compensation premiums with respect to an individual’s remuneration shall not be considered in determining whether the individual is an independent contractor for purposes of the Workers’ Compensation Act or the Unemployment Compensation Law.

(d) Workers’ compensation.–

(1) An individual who is an independent contractor as determined under section 3 is not an employee for purposes of the Workers’ Compensation Act. For purposes of this section, each employment relationship shall be considered separately.

President Obama declared October as “National Disability Employment Awareness Month 2010.” To that end, the Office of Disability and Employment Policy (ODEP) recently released an online return-to-work toolkit for employers and employees. According to the ODEP, this toolkit is intended to offer insight into the return-to-work process and apprise employers and employees about their rights and responsibilities following an employee’s disability-related leave of absence.

The employee toolkit includes information about job accommodation, preparing for a job interview, resume writing, self-employment and employment-related laws.  The employer toolkit discusses topics ranging from modifying work duties or schedules to helping an employee perform the essential functions of her position to reducing workers’ compensation costs. For instance, the toolkit guides employers on how to increase the effectiveness of their return to work strategies by developing an integrated disability and absence management (IDAM) program, which the ODEP believes will enable an employer to reduce job-related injuries and accommodate employees. The employer toolkit also provides overviews of employers’ obligations under workers’ compensation laws, the FMLA, ADA, and the Rehabilitation Act of 1973.

More Information: Scott Cruz at Franczek Radelet: sc@franczek.com or (312) 786-6570

The California Department of Fair Employment and Housing (DFEH) today announced a $210,000 out-of-court settlement of a disability discrimination in employment case filed against The Permanente Medical Group (TPMG) for refusal to accommodate and unlawful termination.

According to the Department, a registered nurse in one of TPMG’s Northern California facilities had suffered work-related repetitive stress injuries to her hands and shoulder, which TPMG had initially accommodated.  After the employee underwent shoulder surgery, she returned to work and requested additional doctor-recommended accommodation.  However, TPMG allegedly refused to return the employee to work and instead placed her on a permanent leave of absence.

“The purpose of the Fair Employment and Housing Act is to keep people with disabilities engaged and productive in the workplace,” said DFEH Director Phyllis Cheng.  “Employees should be accommodated so long as they are able to perform the essential functions of the job.  Employers are excused from making the accommodation only if it causes an undue burden.”

The settlement also required TPMG to reinstate the employee in addition to paying her $210,000 for lost wages and emotional pain and suffering.  TPMG further agreed that its Northern California medical group facilities’ managers, supervisors, and disability case managers would receive disability discrimination prevention training.  In settling the case, TPMG did not admit liability.

The mission of the DFEH is to protect the people of California from unlawful discrimination in employment, housing and public accommodations and from hate violence.  For more information, visit the Department’s website at www.dfeh.ca.gov.

The National Labor Relations Board issued 351 decisions in contested cases during Fiscal Year 2010 (October 1, 2009 – September 30, 2010), resolving the Agency’s oldest pending cases and tackling some of the difficult issues that had deadlocked the Board as it awaited new members.

The year-end numbers represent an increase of more than 20% over the previous year. Moreover, the number of decisions issued increased sharply in the final two months of the fiscal year, suggesting a more productive Board going into FY 2011.  To read the rest go to http://www.nlrb.gov/shared_files/Press%20Releases/2010/R-2787.pdf .

“It is not necessary to change. Survival is not mandatory.”    – W. Edwards Deming, Management Consultant and Educator

This issue discusses:

• Editor’s Column: Human Resource Information Technology
• What is an Impairment?
• Using Credit Checks
• Cyber Liability 101
• Second Opinions Under the ADA

We have also provided you with the Form of the Month.

Please click here to view this month’s newsletter in PDF format.

Editor’s Column:  Human Resource Information Technology

A technological interface runs our financial, marketing, sales, and operations from beginning to end, using such programs as QuickBooks, Excel, Great Plains, GoldMine, ACT, Sales Force, and Daptiv.

Human resource operations also employ a variety of technology platforms for payroll, time and attendance, workforce planning and management, online recruiting, benefits administration, compliance management, performance management, compensation management, training management, enterprise resource planning, succession planning, and so forth. Human resources information systems (HRIS or HRMS) are consolidating these various HR disciplines. For years, large corporations have relied on firms such PeopleSoft, Oracle, UltiPro and others – while smaller companies work with such programs such as Sage/Abra, HR Office, People-Trak ADP, PayChex, and Ceridian. Today, companies with as few as 25 employees are evaluating the cost/benefit of employing HRIS systems.

The primary benefit of technology is the ability to reduce duplication of effort and inherent error by consolidation, analysis, storage, and reporting data. Payroll companies, insurers, and benefit providers will continue to offer human resource information platforms — PEOs, HROs and ASOs, as well as directly from vendors. Chances are you’ll be able to choose from a suite of integrated options.

Will the effort be worth it? In my experience, a lot can go wrong with these technologies. The payroll and time and attendance tie-in are especially important. Assuming all the bells and whistles work properly, the next question is “Who’s going to be excited about using the program?” Most HR people don’t run toward technology, they run away from it! It’s just not their thing. Although others will go along with it reluctantly in order to make their organization more efficient, they’ll tend to use technology programs at their lowest denominator. For example, most HRIS systems advertise how many different reports you can pull – sometimes hundreds or more. Chances are however, that most HR people don’t pull any reports and don’t use the program strategically. They tend to free up some time for open benefits enrollment and time keeping, but won’t help in hiring, managing, training, or compliance.

Suppose you’re a 100-person company considering a complete HRIS system that functions well and costs about $6-$10 per employee every month, for an annual total of $6,000 to $12,000 (plus set-up fees). Let’s say the program saves HR a month of time and the rest of the company another month combined – time spent on new hire paperwork, changing benefits, tracking vacation days, COBRA admin, etc. If the average employee is paid $50,000 then the “savings” is equal to two months at $4,000 each, for a total of $8,000. Compare these “savings” with the $6,000 to $12,000 price of the system, and you come out at close to a wash. That’s OK. Your system is tighter, with more effective information management, employee self service, etc. You might also justify this expense if it freed up HR to take on more strategic efforts, but is that what is happening?

I continue to believe that strategy trumps technology nearly every time. The poor hire of a $50,000/year employee dwarfs any savings an HRIS system can provide. Strategic thinking about how to attract and hire great employees is far more important than the technology interface you use for the hiring process. The strategy you use to retain employees has far greater significance than any report that you’ll generate about retention statistics. The future challenge of HRIS programs is to consolidate all aspects of HR without a glitch, while using them at a strategic level, not just as technological tool. This will require integration with strategic tools, content, and support (similar to what Members of HR That Works get!). In my experience, we’re not there yet.

Before the promise of new HR technologies traps you, be clear about the impact it can have on your organization. Determine exactly how much net time and money you’ll save, factor in the learning curve and data storage benefits. Then ask what strategic effort you will take on, given this freed up time!

What is an Impairment?

Responding to an HR That Works Member who asked if an employee’s short stature, which limited her performance, could be considered a disability, Beth Loy from JAN http://askjan.org/ provided this document that summarizes the definition of an impairment (an essential requirement for a covered disability), and provides a number of examples.

Using Credit Checks

Many HR That Works Members have asked about limitations on using credit checks under federal and state laws. Here’s the most recent EEOC “informal” discussion letter on this topic.

As of this date, four states (Illinois, Hawaii, Oregon, and Washington) have laws restricting the use of credit checks to employees in financially sensitive positions – never mind that an applicant or employee with poor credit is a greater overall “risk” for employers. The Illinois statute is typical in limiting credit checks to:

• Positions involving access to sensitive information
• Positions involving unsupervised access to cash or marketable assets valued at more than $2,500
• Positions with signatory power over business assets of $100 or more per transaction
• Managers who set the direction of or control a business
• Positions for which the employer is required by law to obtain a bond
• Positions for which state or federal law or regulation establishes credit history as a bona fide occupational qualification
• Positions for which the law requires employers to obtain credit history

This is one reason why we recommend that you work with our partner Global HR Research, who stays on top of these developments.

Cyber Liability 101

What is Cyber Liability?
In 1992, when I started our company and bought my first computer (a Gateway 33 mhz.), you couldn’t buy a “Cyber Liability” policy. Few people knew what a “website” was, and “security breaches” created images of Mission Impossible.

Flash forward to 2010 and issues arising out of data security, management of confidential information, and infringement of intellectual property rights are all considered major exposures. In today’s interconnected cyberworld, the potential for catastrophic loss has escalated dramatically. Although the early “hackers” seemed to be challenging themselves intellectually to see what type of mischief they could cause, today’s cyberthieves have serious criminal intent in mind. Terrorists, organized crime, and random computer geeks working alone are making cyber crime a growth industry. According to Privacy Rights Clearinghouse, more than 263 million data records of U.S. residents have suffered breaches since 2005.

Risk Analysis
Step one in the Cavignac & Associates Risk Management Process is “risk analysis: Identifying assets or circumstances which could lead to a loss.” This process, also known as “exposure analysis,” defines the assets or circumstances as “loss exposures.” Potential exposures include the loss of your company’s data and the cost of restoring it, defending against or settling a third party claim, cyber extortion, damage to reputation, notifying individuals whose personal information might have been compromised, and paying for credit monitoring of individuals (if required by law). Nearly every state now requires businesses that have compromised an individuals’ information to notify this individual. One study of larger companies estimated the cost of a data breach at $204 per compromised record. The same study calculated the average cost of a single data breach at $6.75 million!

Risk Control
Once you’ve defined your exposures, you need to determine how you can manage them. In other words, what can you do to lower the likelihood of a cyber liability claim or the severity of a claim if one occurs? A number of companies focus on helping businesses manage and protect both their own data and the data of their customers. The key is to centralize IT management and develop enforceable policies and procedures across your network. Check the implementation of these policies and procedures periodically. After a suspected or actual breach, take action as soon as possible. If necessary, call the appropriate IT security specialist companies.

Is This Risk Insurable?
As cyber liability exposures have evolved, so has insurance coverage. Although the Insurance Services Office (ISO) created a “standard” policy in November of 2009, most policies today are unique to the company offering the coverage. This means that you’ll need to evaluate the policy to make certain it addresses your potential exposures. These policies include both first party and third-party coverages. First-party coverage pays you for the costs of repairing or replacing damage caused by a covered peril; third party coverage includes the cost of defending and settling third-party claims, including regulatory actions.

Cyber Liability policies usually include some or all of these coverages:

• Website Publishing Liability – Nearly everyone has a website these days. This coverage protects you from liability-based information posted on your website, which might include actual or alleged misstatements; infringement of another’s copyright; trademark, etc., or violation of a person’s right to privacy.
• Security Breach Liability – Covers your liability from a security breach or transmission of a computer virus to a third party. A security breach occurs if an unauthorized person accesses the personal information of another, or if someone authorized to access such information uses it inappropriately.
• Programming Errors and Omissions Liability – Protects against your legal liability from actual or alleged programming errors that lead to disclosing a client’s personal information
• Replacement or Restoration of Electronic Data – This first-party coverage repays you for replacing or restoring data or programs damaged or destroyed as a direct result of a computer virus or similar bug.
• Extortion Threats – Reimburses you for extortion expenses and ransom payments resulting directly from an extortion threat. These threats usually involved on introducing a virus, malicious code, or publishing clients’ personal information.
• Business Income and Extra Expense – Covers loss of business income and extraordinary operating expenses due to a cyber incident or extortion threat.
• Public Relations Expense – Cyber liability incidents can create bad press. This covers the costs of a public relations firm to help you protect or restore your reputation after such an incident.
• Security Breach Expense – Covers the often significant expenses of notifying others that their personal information has been compromised These costs include overtime salaries for employees dealing with the issue, fees and costs of a company hired to operate a call center, post-event credit monitoring services, and other reasonable expenses.

The Cost
Cost can vary dramatically, depending on the type of business, type and volume of information on file, and other factors. Because Cyber Liability insurance is a relatively new coverage, there’s not a large enough database to calculate rates. Most companies are basing their prices based on what they believe the exposure to be and what they think they can charge. Annual premiums for smaller firms (with fewer than 50 employees) will probably range from $1,000 to $10,000. Larger firms might expect to pay $15,000 to $25,000.

Best Practices
Every firm, regardless of size, should evaluate its exposure to this type of loss and determine what steps they can take to manage this type of potential claim. Finally, you should obtain a quotation for coverage. Even if you don’t buy the coverage, you should know the cost and make the conscious decision not to buy it as opposed to assuming you don’t want to afford it.

Managing a Security Breach
If you become aware of an actual or potential security breach, investigate it immediately! If personal information has been compromised, at a minimum, you should take these steps:

• Depending on the circumstances, contact local law enforcement, and if appropriate the FBI and possibly the U.S. Postal Inspection Service (if the fraud involves mail theft).
• Notify any businesses that the breach might affect.
• Notify any individuals whose personal information might have been compromised. Designate a contact person to coordinate the notification process.
• If the incident involves Social Security numbers, credit card information, or other sensitive personal information, contact the major credit bureaus.
• Remove any inappropriately posted information on your website immediately.
• Consult with counsel to make certain you’re complying with any applicable laws, specifically those pertaining to notification and credit monitoring.
• Notify your insurance advisor to determine if insurance might apply to the incident.
• If necessary, consider contacting your public relations consultant to help manage the process and protect your firm’s reputation.

Article Courtesy of Jeffrey Cavignac of Cavignac and Associates (www.cavignac.com). Jeff is a long-time HR That Works and Sitkins International member located in beautiful downtown San Diego.

Second Opinions Under the ADA

Last month one of our Members had to deal with a request for disability accommodation/leave that seemed contrived by the employee as a way to protect her job. The question was whether the company could send the employee for a second opinion from a doctor of their choice. Here is the response from Linda Batiste, counsel for JAN:

“In general, you can ask for a second opinion if you have insufficient information in the first opinion you received. For example, if an employee indicated she needs a certain accommodation, but the statement by the employee’s doctor does not provide you with all the information you need to justify the accommodation, you can require a second opinion.

“The following is from Disability-Related Inquiries and Medical Examinations of Employees under the ADA.

“May an employer require an employee to go to a health care professional of the employer’s (rather than the employee’s) choice when the employee requests a reasonable accommodation?

“The ADA does not prevent an employer from requiring an employee to go to an appropriate health care professional of the employer’s choice if the employee provides insufficient documentation from his/her treating physician (or other health care professional) to substantiate that s/he has an ADA disability and needs a reasonable accommodation. ⁽⁵⁵⁾ However, if an employee provides insufficient documentation in response to the employer’s initial request, the employer should explain why the documentation is insufficient and allow the employee an opportunity to provide the missing information in a timely manner.⁽⁵⁶⁾ The employer also should consider consulting with the employee’s doctor (with the employee’s consent) before requiring the employee to go to a health care professional of its choice.⁽⁵⁷⁾

“Documentation is insufficient if it does not specify the existence of an ADA disability and explain the need for reasonable accommodation.⁽⁵⁸⁾ Documentation also might be insufficient where, for example: (1) the health care professional does not have the expertise to give an opinion about the employee’s medical condition and the limitations imposed by it; (2) the information does not specify the functional limitations due to the disability; or, (3) other factors indicate that the information provided is not credible or is fraudulent. If an employee provides insufficient documentation, an employer does not have to provide reasonable accommodation until sufficient documentation is provided.

“Any medical examination conducted by the employer’s health care professional must be job related and consistent with business necessity. This means that the examination must be limited to determining the existence of an ADA disability and the functional limitations that require reasonable accommodation. If an employer requires an employee to go to a health care professional of the employer’s choice, the employer must pay all costs associated with the visit(s).⁽⁵⁹⁾

“The Commission has previously stated that when an employee provides sufficient evidence of the existence of a disability and the need for reasonable accommodation, continued efforts by the employer to require that the individual provide more documentation and/or submit to a medical examination could be considered retaliation.⁽⁶⁰⁾ “However, an employer that requests additional information or requires a medical examination based on a good faith belief that the documentation the employee submitted is insufficient would not be liable for retaliation.

“May an employer require that an employee, who it reasonably believes will pose a direct threat, be examined by an appropriate health care professional of the employer’s choice?

“Yes. The determination that an employee poses a direct threat must be based on an individualized assessment of the employee’s present ability to safely perform the essential functions of the job. This assessment must be based on a reasonable medical judgment that relies on the most current medical knowledge and/or best objective evidence.⁽⁶¹⁾ To meet this burden, an employer might want to have the employee examined by a health care professional of its choice who has expertise in the employee’s specific condition and can provide medical information that allows the employer to determine the effects of the condition on the employee’s ability to perform his/her job. Any medical examination, however, must be limited to determining whether the employee can perform his/her job without posing a direct threat, with or without reasonable accommodation. An employer also must pay all costs associated with the employee’s visit(s) to its health care professional.⁽⁶²⁾

“An employer should be cautious about relying solely on the opinion of its own health care professional that an employee poses a direct threat where that opinion is contradicted by documentation from the employee’s own treating physician, who is knowledgeable about the employee’s medical condition and job functions, and/or other objective evidence. In evaluating conflicting medical information, the employer may find it helpful to consider: (1) the area of expertise of each medical professional who has provided information; (2) the kind of information each person providing documentation has about the job’s essential functions and the work environment in which they are performed; (3) whether a particular opinion is based on speculation or on current, objectively verifiable information about the risks associated with a particular condition; and, (4) whether the medical opinion is contradicted by information known to or observed by the employer (e.g., information about the employee’s actual experience in the job in question or in previous similar jobs).

Form of the Month

List of HR That Works Forms (PDF) – This list outlines all personnel forms available to HR That Works Members, along with their corresponding categories.

Podcast

Please click here to listen to this month’s newsletter podcast.

Podcast: Play in new window | Download