I just blasted through about a dozen HR magazines and blogs. Here is a highlight of the most important things discussed:
- The Affordable Care Act – no surprise here. This will be a one-time event and then we’ll be getting back to normal. Not surprisingly the Administration called a one year time-out!
- Mobility – both in terms of mobility of employees as well as their mobile technologies. How it affects everything from monitoring wage and hour, productivity, communication needs, etc.
- Gaming – the buzzword in software development is “gameification.” For example, how can we make an HRIS system fun to use? How can we create contests among different HR executives using similar software programs? How do we reward employees using social media and software platforms?
- Just-in-time demands – With change occurring so rapidly, HR has to be agile, nimble, and tactile. Even better, be the change and not just a reactant to it. As the saying goes “you’re either the actor or the audience.”
- Branding – people are finally starting get it that the same concepts used to support making efforts with customers should be utilized to brand to job applicants and employees. As I’ve stated for years we treat our clients and customers in color but our employees in black and white. Time to cut that nonsense out!
- Adopting a consultative HR role – Over recent years companies have been hiring HR consultants to be employees. The change in language identifies the fact that they want these executives to help them work not just in the business but on it as well. They’re looking for the value-added beyond policies and procedures.
- Managing how work gets done – this is one of my favorite subjects to discuss. What goal do you have to help increase the productivity of your workforce? What technologies and methodologies are you using to get there? How will you manage collaboration with outsourced teams to get these projects done? One program I really like is www.halogensoftware.com.
- Everything’s moving into the cloud – in general this is a good thing even though it will take some adjustments. Certainly there are some risk management concerns that should be addressed upfront. Then of course there’s the training on usage of cloud technologies.
- Lastly, constantly evolving laws – legislatures and politicians are in business for one reason—to make laws. Therefore you can expect to see ever evolving laws offering ever evolving rights to employees. What we’re seeing now is less legislation and more regulation. When the administration presses to the regulatory edge, you can expect employers and courts to push back.
What are you seeing happen in your workplace related to these trends and what are you doing about it?
Here’s what I believe about HR:
- It just may be the single most untapped opportunity in business today.
- Marketing is about them. HR is about US.
- HR needs to listen to the criticism, not whine about it, and then do something about it.
- HR executives have a choice to be great…or merely average at best.
- Lawyers have turned HR into “don’t get sued.” HR is much more than that.
- The greatest concerns HR should focus on are hiring people you can trust, getting them to perform and keeping them when they do. These three concerns drive profitability. All other concerns are a distant second.
- People who trust each other don’t sue each other.
- HR executives have to believe in themselves first before they can be truly effective.
- HR would be well served to better understand business acumen in general.
- HR should know all the math surrounding personnel activities.
- HR should outsource as many administrative functions as possible so they can focus on growing and protecting the business.
- HR has to become proficient at using new technologies including HRIS and social media.
- HR has to better market itself if it wants “a seat at the table.”
- HR has to work on “branding” the employee experience.
- HR can be fun and profitable–that’s a choice too!
“All anyone asks for is a chance to work with pride.” —Dr. W. Edwards Deming
This issue discusses:
- Editor’s Column: Human Resource Information Systems (HRIS) – New and Improved
- Can You Cut Benefits Costs by Moving Employees to Medicare?
- Quantum HR
- Disability Employment Statistics
- Medical Documentation: Think About What’s Needed and Stop There
- ‘Bad Haircut’ and Unequal Policy Enforcement Lead to Trouble for Employer
- Leave as a Reasonable Accommodation
We have also provided you with the Form of the Month.
Please click here to view the newsletter in PDF.
Editor’s Column: Human Resource Information Systems (HRIS) – New and Improved
I see Human Resource Information Systems (HRIS) as the equivalent of “QuickBooks for managing the workforce.” They can handle employee data beginning with payroll right through to COBRA administration. Along the way, HRIS systems offer bells and whistles to help manage this data, including payroll, benefits administration, leave management, learning management, and more.
As a rule, companies with 100 employees or more have dominated the HRIS market, because these systems require a significant investment in time and money – with little short-term return. However, increasing competition in the upscale market means that HRIS providers are beginning to target smaller employers.
Here are some of the trends with these systems:
- Integration with social media platforms, including everything from Facebook to Twitter, et al.
- An improved interface that makes the system easier to use and more inviting for employees.
- Tie-ins to insurance billing (real time Workers Comp billing, benefits billing, etc.)
- Mobile access, including for time-keeping purposes, as well as integration with tablet accessibility (iPads, etc.)
- Greater assistance with online recruiting and link to recruiting portals.
- Increased use of “talent analytics” that help with recruitment, workforce planning, and succession planning, together with improved analysis of workforce facts, trends, etc.
- The “gamification” of these systems.
- Influence of “the cloud” — the storage of data maintained on secure third-party Web sites, rather than your own site (like HR That Works). Of course, you’ll have to make sure that these third-party sites are, in fact, secure.
- Integration of career planning “dashboards.”
- Increased usage of paperless technology for everything from submitting resumes to electronic signatures on documents.
- Integration with employee wellness programs.
The main advantage of an HRIS system, as with a QuickBooks program, is having well managed data. HRIS advertising stresses the time saved in pulling reports on such topics as turnover. However, most smaller companies already know their turnover level.
Second, bear in mind that companies using HRIS are already running at 75 mph. Where will they get more time to use the system? When analyzed properly, do these systems really save time? Are HRIS bells and whistles truly related to corporate strategy or are they nothing more than distracting shiny objects?
Can You Cut Benefits Costs by Moving Employees to Medicare?
Many employers are doing everything they can to reduce benefit costs. One of our HR That Works Members posed this question to Alan Levy, a benefits law expert in our network.
“Q: If an employee is eligible for Medicare, can we state/insist that they must leave our company plan and accept Medicare?”
“A: We had this question from a client recently. There are serious penalties for forcing an active employee to give up the employer’s plan and go to Medicare, and offering a personal incentive might pose a problem. However, an employee can change to Medicare voluntarily, without restrictions or charges for pre-existing conditions, etc. This also applies to Medicare supplements and advantage problems. Some employees make the change voluntarily to use the current rule’s automatic unqualified acceptance, as well as to assure any “grandfathered” rights if Congress reduces or alters the program in the future. (Every “reform” proposal seems to exempt anyone already on Medicare.) A bigger problem is what happens to an employee’s spouse who isn’t old enough for Medicare if the employee leaves the company plan and goes to Medicare. Although COBRA works for a while, extension of this period is problematic.
“Finally, an employer offering a Medicare supplement or advantage plan to all who could qualify is not considered an improper incentive; the danger comes when the employer offers an individual some extra amount. The only exception I know of in this regard is the Third Circuit rule (applicable only in PA, NJ, and DE), Erie County, which treats certain variations of this scenario as age discrimination under the ADEA. EEOC says it will not apply the Third Circuit rule anywhere else in the nation, which seems to support the idea that employers offering the supplement, etc. is permissible.”
This advice is limited to the facts of the situation. As Alan points out, the EEOC has not drawn a black and white line on permissible supplements. The Social Security Administration provides an excellent publication on the interplay between private insurance and Medicare payments. (See pages 13-14)
Our understanding of the physical world grows ever deeper. Quantum physicists have taught us that simply observing matter can affect its activity. We know that bits of matter once bonded together remain “entangled” even when separated by great distances. We should remember from Physics 101 that matter likes to settle into its least active state (entropy).
What do these facts have to do with HR? It’s simple: How people think about doing their jobs has implications that might be far broader than realized. If we accept the teachings of quantum physics at face value, then:
- Due to entanglement, how you go through your day will have an invisible, but perceptible impact on how the people you bond with feel every day. If you’re having a bad day, at some point, many of your co-workers and loved ones will feel this fact.
- Much of our existence depends on what we choose it to be. The very concept of “making your day” has scientific backing. As the proverb says, “As you believe, so shall you achieve.”
- Finally, unless you’re excited, it’s natural to use the least amount of energy possible to do a job. If you want to move yourself to a higher frequency, you have to get excited. Although some of us do this naturally, most people need a little motivation to get going. Don’t underestimate the power of this motivation in your business and personal life.
Because any organization is a collection of individuals, these concepts apply to the group as a whole. A positive company culture means that there’s a positive vibration among the workforce.
Disability Employment Statistics
The Institute on Disability at the University of New Hampshire has just issued its Annual Disability Statistics Compendium. Here are some of the stats related to employment in 2010. Click here to see the entire report.
Among the 19,048,426 individuals with disabilities ages 18 to 64 years living in the community, 6,368,644 were employed — an employment rate of 33.4%. In contrast, among the 172,089,634 individuals without disabilities ages 18 to 64 years living in the community, 125,358,735 were employed — an employment rate of 72.8%. The employment rate for people with disabilities was highest in North Dakota (54%) and lowest in Kentucky (25.7%).
The employment rate for individuals with disabilities ages 18 to 64 years living in the community was 33.4% while the rate for individuals without disabilities ages 18 to 64 years living in the community was 72.8% — an “employment gap” of 39.4%. The employment gap was greatest in Maine (48.9%) and smallest in Wyoming (27.7%).
The employment gap between individuals with and without disabilities ages 18 to 64 years living in the community was 39.4%, compared with 39.1% in 2009.
Among the 19,048,426 individuals with disabilities ages 16 to 64 years living in the community, 3,834,727 were employed fulltime, year-round — a full-time, year-round employment rate of 20.1%. In contrast, of the 172,089,634 individuals without disabilities ages 16 to 64 years living in the community, 88,683,091 were employed full-time, year-round — a full-time, year-round employment rate of 51.5%. The full-time, year-round employment rate for people with disabilities was highest in North Dakota (32.1%) and lowest in Maine (15.2%).
Finally, the full-time, year-round employment rate for individuals with disabilities ages 18 to 64 years living in the community was 20.1%, while the full-time, year-round employment rate for individuals without disabilities ages 18 to 64 years living in the community was 51.5% — a full-time, year-round employment gap of 31.4. The full-time, year-round employment gap was greatest in Maine (38.8%) and smallest in Utah (24.1%).
What can an employer take away from this?
- Obtaining gainful employment can be a real struggle for people with disabilities.
- Some communities are more “open” to employing the disabled. Some of this difference has to do with the types of jobs available, employment programs, and incentives.
- As “good people” we can rise above any perceived limitations and employ those with disabilities based on the results they are capable of producing.
To help with accommodation ideas go to http://askjan.org/.
Medical Documentation: Think About What’s Needed and Stop There
In our experience at JAN, there seems to be a great deal of confusion about medical documentation under the ADA. Employers aren’t sure what they can ask for, when they can ask for it, or whether the ADA Amendments Act has changed the rules for medical documentation. Employees aren’t sure what medical information they have to provide or how much to disclose. Medical professionals aren’t sure what documentation will be most helpful in getting their patients the workplace accommodations they need. Most of these questions come up when an employee requests an accommodation.
The good news: The medical inquiry rules that apply when an employee requests an accommodation are less complicated when they might seem. The general rule is that when the disability or need for accommodation is not obvious, an employer may require an employee to provide documentation that can substantiate that s/he has an ADA disability and needs the reasonable accommodation requested, but can’t ask for unrelated documentation. So when thinking about what medical information to request or to provide, think about what is needed and stop there!
Let’s start with the documentation needed to substantiate that the employee has a disability. The definition of disability for accommodation purposes is “a physical or mental impairment that substantially limits a major life activity or a record of such an impairment.” To determine whether an employee has a disability, the employer can ask whether the employee has (or had) an impairment. If yes, you can ask whether the impairment affects (or affected) a major life activity. You can also ask whether the impairment substantially limits (or limited) the major life activity.
This is where the ADA Amendments Act has made some changes. Although the definition of “disability” remained unchanged, the threshold for showing substantial limitation is much lower than before. This means that the documentation needed to show that an employee has a disability should be far less extensive.
What about the documentation needed to substantiate the need for an accommodation? The ADA Amendments Act did not change the reasonable accommodation provisions of the ADA, so the rules for medical documentation likewise remained unchanged. An employer may verify that the accommodation is needed, ask questions about the employee’s limitations that are causing the problem, and get other relevant information about the request to help determine effective accommodations.
For more information, see recently updated JAN publications related to medical documentation, including:
- How to Determine Whether a Person Has a Disability under the Americans with Disabilities Act Amendments Act (ADAAA)
- Medical Inquiry in Response to an Accommodation Request
- Sample Medical Inquiry Form
- Practical Guidance for Medical Professionals: Providing Sufficient Medical Documentation in Support of a Patient’s Accommodation Request and Sample Accommodation Support Letter
- Linda Carter Batiste, J.D., Principal Consultant
‘Bad Haircut’ and Unequal Policy Enforcement Lead to Trouble for Employer
In NLRB v. White Oak Manor, the Fourth Circuit Court of Appeals enforced a decision by the National Labor Relations Board finding that an employer violated the National Labor Relations Act when it discharged an employee for allegedly photographing employees at work without permission. The Court agreed with the Board’s findings that the employee was actually discharged because of protected concerted activity and that the employer had not enforced its photography and dress code policies consistently.
Nichole Wright-Gore worked as a supply clerk for White Oak Manor. White Oak’s policies prohibited employees from wearing hats and taking photographs inside the long-term care facility. Wright-Gore was embarrassed about a bad haircut and started to wear a hat to work, without comment from any supervisor. After a week, however, when supervisors told her to remove the hat, she refused and was sent home. The next day, White Oak employees dressed up in costumes for Halloween. Wright-Gore’s costume included a hat, but her supervisor made her remove the hat pursuant to company policy. Wright-Gore complained that White Oak was enforcing the hat policy unequally, but her supervisor told her to worry only about herself and gave her a written warning for insubordination because she had refused to remove her hat the day before.
During the next few weeks, Wright-Gore photographed several employees wearing hats to work and violating other White Oak dress policies, such as failing to cover up their tattoos. She photographed some employees with their consent, but also took photographs of employees without their consent. She also shared the photographs with other employees and discussed the unequal treatment with them in an attempt to build support for her argument. White Oak eventually discharged Wright-Gore for violating the photography policy.
She then filed an unfair labor practice charge alleging that White Oak interfered with her right to engage in protective concerted activity. The Administrative Law Judge (ALJ) found that Wright-Gore’s complaints became protected concerted activity when they evolved into an effort to have White Oak enforce its dress code policies fairly. Another important issue was whether she lost protection of the Act by taking pictures of other employees without permission, in violation of White Oak policy. The ALJ held that she did not, in part, because there was evidence that other employees took pictures of each other without permission, and even displayed the pictures around the facility, without repercussion. The Board affirmed the ALJ findings.
On appeal, White Oak argued that Wright-Gore could not have engaged in protected concerted activity because she initially acted out of pure self- interest, and did not intend to act on behalf of a broader group. The Fourth Circuit rejected this argument and enforced the Board’s decision. As the court noted, “[t]hat an employee’s self-interest catalyzed her decision to complain about working conditions does not inexorably bar a determination that her actions were protected and concerted.” Thus, the fact that Wright initially acted out of her own self- interest did not remove her actions from the protections of the Act. Moreover, the court’s decision emphasized the fact that White Oak had not enforced its photography or dress code policies consistently.
This case reinforces the importance of employers enforcing workplace policies consistently and the reality that seemingly individualized complaints can lead to employer decisions which conflict with the National Labor Relations Act.
Courtesy of Worklaw® Network firm Franczek Radelet.
Leave as a Reasonable Accommodation
One of the more vexing issues facing both employers and employees involves leave time related to a medical condition, especially when the period of leave exceeds an employer’s permitted leave allowance or otherwise violates an established attendance policy. Although such situations might be challenging and confusing, employers must confront them directly because using leave necessitated by an employee’s disability constitutes a “reasonable accommodation” under the ADA.
The U.S. Equal Employment Opportunity Commission’s (EEOC) Reasonable Accommodation Guidance provides examples of some of the reasons an employee with a disability might require leave:
- Obtaining medical treatment or rehabilitation services related to the disability.
- Recuperating from an illness or an episodic manifestation of the disability.
- Obtaining repairs on prosthetic device or other equipment such as a wheelchair.
- Avoiding temporary adverse conditions in the work environment (for example, an air-conditioning breakdown causing unusually warm temperatures that could seriously harm an employee with multiple sclerosis).
- Training in the use of a service animal or assistive device.
- Training in the use of Braille or sign language.
Here’s a discussion of some frequent and confusing leave-related issues that employers and employee have presented to JAN.
How Much Leave Is Reasonable? The ADA does not set a specific amount of time relative to the use of leave as a reasonable accommodation. As with any accommodation situation, you should consider a period of leave for an employee with a disability on a case-by-case analysis. If an employee needs a leave of absence that exceeds his or her accrued paid leave, the employer should permit the employee to exhaust the paid leave and then allow the use of unpaid leave absent undue hardship.
Although there’s no limit on the amount of leave used as a reasonable accommodation under the ADA, the EEOC has held that employers need not grant indefinite leave as a reasonable accommodation (see the EEOC Guidance on Applying Performance and Conduct Standards, Question 21). However, the employee need not provide a specific, fixed date of return. A request for leave is acceptable with an approximate date of return (e.g., around the end of August) or a range of dates for a return to work (e.g., sometime between August 24 and September 23).
ADA and the Family and Medical Leave Act (FMLA). An employee’s rights under the ADA and the FMLA are separate and distinct. The EEOC has ruled that when an employee is entitled to leave under both laws, the employer should allow leave under the law providing the employee with the greater rights (see the EEOC Fact Sheet on the FMLA, ADA, and Title VII). Additionally, employers should note that the ADA might require them to grant leave beyond the 12 weeks allowed under the FMLA as a reasonable accommodation. In this case, an employer can consider the FMLA leave taken in determining whether the requested leave time poses an undue hardship.
Erratic or Unreliable Attendance. The ADA can require employers to modify attendance policies as a reasonable accommodation in the absence of undue hardship. This does not mean that employers must exempt an employee from time and attendance requirements completely or accept irregular and unreliable attendance unquestionably. Frequent occurrences of tardiness or absenteeism, particularly during an extended period and without adequate notice, could certainly impose an undue hardship in many situations. See the Commission’s Guidance on Applying Performance and Conduct Standards for a detailed discussion with examples of specific scenarios.
Alternative Accommodations. Although it makes sense for employers to give an employee’s choice of accommodation primary consideration when more than one reasonable accommodation is possible, they can ultimately choose the accommodation to be implemented, assuming that it’s equally effective. Accordingly, under the ADA an employer can offer a reasonable accommodation that requires an employee to remain on the job, as long as it’s effective and doesn’t interfere with the employee’s medical needs.
Holding the Employee’s Position. The ADA requires an employer to consider returning the employee to his or her same position in the absence of undue hardship. If undue hardship applies, the employer must consider reassignment to a vacant, equivalent position for which the employee is qualified.
Undue Hardship. As with any other reasonable accommodations, whether an employer should allow the use of leave as an accommodation will sometimes come down to an undue hardship analysis. In the case of leave, undue hardship will generally relate to a possible disruption in operations of the entity. For instance, the absence of an employee who performs highly specialized duties might create legitimate undue hardship issues, as might leave that occurs in a frequent and unpredictable manner. Generalized assessments are not adequate, because undue hardship must be determined based on individual and specific circumstances. Additionally, the EEOC has ruled that an employer cannot base an undue hardship claim on the argument that a reasonable accommodation might affect the morale of other employees negatively or that other employees might have to cover for the employee who is on leave.
What to Remember. Ultimately, much of the confusion involving leave as an accommodation occurs when there are no clear and open lines of communication. Lack of communication is usually the major obstacle to executing an effective accommodation solution. All parties need to be aware of any relevant updates or concerns, and everyone should make an effort to keep the information flowing. If you need ideas on how to encourage ongoing communication during the accommodation process, contact JAN.
- Bill McCollum, MPA, Consultant
Form of the Month
I-9 Guidelines Audit (PDF) – Use this form for auditing your I-9 Forms, which verify the citizenship status of employees.
Click here to to listen to this month’s newsletter podcast.
Reprints are welcome! All you have to do is include the following notation with reprinted material:
©2011 Reprinted with permission from HRThatWorks.com, a powerful program designed to inspire great HR practices.
“It is not necessary to change. Survival is not mandatory.” – W. Edwards Deming, Management Consultant and Educator
This issue discusses:
- Editor’s Column: Human Resource Information Technology
- What is an Impairment?
- Using Credit Checks
- Cyber Liability 101
- Second Opinions Under the ADA
We have also provided you with the Form of the Month.
Please click here to view this month’s newsletter in PDF format.
Editor’s Column: Human Resource Information Technology
Human resource operations also employ a variety of technology platforms for payroll, time and attendance, workforce planning and management, online recruiting, benefits administration, compliance management, performance management, compensation management, training management, enterprise resource planning, succession planning, and so forth. Human resources information systems (HRIS or HRMS) are consolidating these various HR disciplines. For years, large corporations have relied on firms such PeopleSoft, Oracle, UltiPro and others – while smaller companies work with such programs such as Sage/Abra, HR Office, People-Trak ADP, PayChex, and Ceridian. Today, companies with as few as 25 employees are evaluating the cost/benefit of employing HRIS systems.
The primary benefit of technology is the ability to reduce duplication of effort and inherent error by consolidation, analysis, storage, and reporting data. Payroll companies, insurers, and benefit providers will continue to offer human resource information platforms — PEOs, HROs and ASOs, as well as directly from vendors. Chances are you’ll be able to choose from a suite of integrated options.
Will the effort be worth it? In my experience, a lot can go wrong with these technologies. The payroll and time and attendance tie-in are especially important. Assuming all the bells and whistles work properly, the next question is “Who’s going to be excited about using the program?” Most HR people don’t run toward technology, they run away from it! It’s just not their thing. Although others will go along with it reluctantly in order to make their organization more efficient, they’ll tend to use technology programs at their lowest denominator. For example, most HRIS systems advertise how many different reports you can pull – sometimes hundreds or more. Chances are however, that most HR people don’t pull any reports and don’t use the program strategically. They tend to free up some time for open benefits enrollment and time keeping, but won’t help in hiring, managing, training, or compliance.
Suppose you’re a 100-person company considering a complete HRIS system that functions well and costs about $6-$10 per employee every month, for an annual total of $6,000 to $12,000 (plus set-up fees). Let’s say the program saves HR a month of time and the rest of the company another month combined – time spent on new hire paperwork, changing benefits, tracking vacation days, COBRA admin, etc. If the average employee is paid $50,000 then the “savings” is equal to two months at $4,000 each, for a total of $8,000. Compare these “savings” with the $6,000 to $12,000 price of the system, and you come out at close to a wash. That’s OK. Your system is tighter, with more effective information management, employee self service, etc. You might also justify this expense if it freed up HR to take on more strategic efforts, but is that what is happening?
I continue to believe that strategy trumps technology nearly every time. The poor hire of a $50,000/year employee dwarfs any savings an HRIS system can provide. Strategic thinking about how to attract and hire great employees is far more important than the technology interface you use for the hiring process. The strategy you use to retain employees has far greater significance than any report that you’ll generate about retention statistics. The future challenge of HRIS programs is to consolidate all aspects of HR without a glitch, while using them at a strategic level, not just as technological tool. This will require integration with strategic tools, content, and support (similar to what Members of HR That Works get!). In my experience, we’re not there yet.
Before the promise of new HR technologies traps you, be clear about the impact it can have on your organization. Determine exactly how much net time and money you’ll save, factor in the learning curve and data storage benefits. Then ask what strategic effort you will take on, given this freed up time!
What is an Impairment?
Responding to an HR That Works Member who asked if an employee’s short stature, which limited her performance, could be considered a disability, Beth Loy from JAN http://askjan.org/ provided this document that summarizes the definition of an impairment (an essential requirement for a covered disability), and provides a number of examples.
Using Credit Checks
Many HR That Works Members have asked about limitations on using credit checks under federal and state laws. Here’s the most recent EEOC “informal” discussion letter on this topic.
As of this date, four states (Illinois, Hawaii, Oregon, and Washington) have laws restricting the use of credit checks to employees in financially sensitive positions – never mind that an applicant or employee with poor credit is a greater overall “risk” for employers. The Illinois statute is typical in limiting credit checks to:
- Positions involving access to sensitive information
- Positions involving unsupervised access to cash or marketable assets valued at more than $2,500
- Positions with signatory power over business assets of $100 or more per transaction
- Managers who set the direction of or control a business
- Positions for which the employer is required by law to obtain a bond
- Positions for which state or federal law or regulation establishes credit history as a bona fide occupational qualification
- Positions for which the law requires employers to obtain credit history
This is one reason why we recommend that you work with our partner Global HR Research, who stays on top of these developments.
Cyber Liability 101
What is Cyber Liability?
In 1992, when I started our company and bought my first computer (a Gateway 33 mhz.), you couldn’t buy a “Cyber Liability” policy. Few people knew what a “website” was, and “security breaches” created images of Mission Impossible.
Flash forward to 2010 and issues arising out of data security, management of confidential information, and infringement of intellectual property rights are all considered major exposures. In today’s interconnected cyberworld, the potential for catastrophic loss has escalated dramatically. Although the early “hackers” seemed to be challenging themselves intellectually to see what type of mischief they could cause, today’s cyberthieves have serious criminal intent in mind. Terrorists, organized crime, and random computer geeks working alone are making cyber crime a growth industry. According to Privacy Rights Clearinghouse, more than 263 million data records of U.S. residents have suffered breaches since 2005.
Step one in the Cavignac & Associates Risk Management Process is “risk analysis: Identifying assets or circumstances which could lead to a loss.” This process, also known as “exposure analysis,” defines the assets or circumstances as “loss exposures.” Potential exposures include the loss of your company’s data and the cost of restoring it, defending against or settling a third party claim, cyber extortion, damage to reputation, notifying individuals whose personal information might have been compromised, and paying for credit monitoring of individuals (if required by law). Nearly every state now requires businesses that have compromised an individuals’ information to notify this individual. One study of larger companies estimated the cost of a data breach at $204 per compromised record. The same study calculated the average cost of a single data breach at $6.75 million!
Once you’ve defined your exposures, you need to determine how you can manage them. In other words, what can you do to lower the likelihood of a cyber liability claim or the severity of a claim if one occurs? A number of companies focus on helping businesses manage and protect both their own data and the data of their customers. The key is to centralize IT management and develop enforceable policies and procedures across your network. Check the implementation of these policies and procedures periodically. After a suspected or actual breach, take action as soon as possible. If necessary, call the appropriate IT security specialist companies.
Is This Risk Insurable?
As cyber liability exposures have evolved, so has insurance coverage. Although the Insurance Services Office (ISO) created a “standard” policy in November of 2009, most policies today are unique to the company offering the coverage. This means that you’ll need to evaluate the policy to make certain it addresses your potential exposures. These policies include both first party and third-party coverages. First-party coverage pays you for the costs of repairing or replacing damage caused by a covered peril; third party coverage includes the cost of defending and settling third-party claims, including regulatory actions.
Cyber Liability policies usually include some or all of these coverages:
- Website Publishing Liability – Nearly everyone has a website these days. This coverage protects you from liability-based information posted on your website, which might include actual or alleged misstatements; infringement of another’s copyright; trademark, etc., or violation of a person’s right to privacy.
- Security Breach Liability – Covers your liability from a security breach or transmission of a computer virus to a third party. A security breach occurs if an unauthorized person accesses the personal information of another, or if someone authorized to access such information uses it inappropriately.
- Programming Errors and Omissions Liability – Protects against your legal liability from actual or alleged programming errors that lead to disclosing a client’s personal information
- Replacement or Restoration of Electronic Data – This first-party coverage repays you for replacing or restoring data or programs damaged or destroyed as a direct result of a computer virus or similar bug.
- Extortion Threats – Reimburses you for extortion expenses and ransom payments resulting directly from an extortion threat. These threats usually involved on introducing a virus, malicious code, or publishing clients’ personal information.
- Business Income and Extra Expense – Covers loss of business income and extraordinary operating expenses due to a cyber incident or extortion threat.
- Public Relations Expense – Cyber liability incidents can create bad press. This covers the costs of a public relations firm to help you protect or restore your reputation after such an incident.
- Security Breach Expense – Covers the often significant expenses of notifying others that their personal information has been compromised These costs include overtime salaries for employees dealing with the issue, fees and costs of a company hired to operate a call center, post-event credit monitoring services, and other reasonable expenses.
Cost can vary dramatically, depending on the type of business, type and volume of information on file, and other factors. Because Cyber Liability insurance is a relatively new coverage, there’s not a large enough database to calculate rates. Most companies are basing their prices based on what they believe the exposure to be and what they think they can charge. Annual premiums for smaller firms (with fewer than 50 employees) will probably range from $1,000 to $10,000. Larger firms might expect to pay $15,000 to $25,000.
Every firm, regardless of size, should evaluate its exposure to this type of loss and determine what steps they can take to manage this type of potential claim. Finally, you should obtain a quotation for coverage. Even if you don’t buy the coverage, you should know the cost and make the conscious decision not to buy it as opposed to assuming you don’t want to afford it.
Managing a Security Breach
If you become aware of an actual or potential security breach, investigate it immediately! If personal information has been compromised, at a minimum, you should take these steps:
- Depending on the circumstances, contact local law enforcement, and if appropriate the FBI and possibly the U.S. Postal Inspection Service (if the fraud involves mail theft).
- Notify any businesses that the breach might affect.
- Notify any individuals whose personal information might have been compromised. Designate a contact person to coordinate the notification process.
- If the incident involves Social Security numbers, credit card information, or other sensitive personal information, contact the major credit bureaus.
- Remove any inappropriately posted information on your website immediately.
- Consult with counsel to make certain you’re complying with any applicable laws, specifically those pertaining to notification and credit monitoring.
- Notify your insurance advisor to determine if insurance might apply to the incident.
- If necessary, consider contacting your public relations consultant to help manage the process and protect your firm’s reputation.
Article Courtesy of Jeffrey Cavignac of Cavignac and Associates (www.cavignac.com). Jeff is a long-time HR That Works and Sitkins International member located in beautiful downtown San Diego.
Second Opinions Under the ADA
Last month one of our Members had to deal with a request for disability accommodation/leave that seemed contrived by the employee as a way to protect her job. The question was whether the company could send the employee for a second opinion from a doctor of their choice. Here is the response from Linda Batiste, counsel for JAN:
“In general, you can ask for a second opinion if you have insufficient information in the first opinion you received. For example, if an employee indicated she needs a certain accommodation, but the statement by the employee’s doctor does not provide you with all the information you need to justify the accommodation, you can require a second opinion.
“The following is from Disability-Related Inquiries and Medical Examinations of Employees under the ADA.
“May an employer require an employee to go to a health care professional of the employer’s (rather than the employee’s) choice when the employee requests a reasonable accommodation?
“The ADA does not prevent an employer from requiring an employee to go to an appropriate health care professional of the employer’s choice if the employee provides insufficient documentation from his/her treating physician (or other health care professional) to substantiate that s/he has an ADA disability and needs a reasonable accommodation. (55) However, if an employee provides insufficient documentation in response to the employer’s initial request, the employer should explain why the documentation is insufficient and allow the employee an opportunity to provide the missing information in a timely manner.(56) The employer also should consider consulting with the employee’s doctor (with the employee’s consent) before requiring the employee to go to a health care professional of its choice.(57)
“Documentation is insufficient if it does not specify the existence of an ADA disability and explain the need for reasonable accommodation.(58) Documentation also might be insufficient where, for example: (1) the health care professional does not have the expertise to give an opinion about the employee’s medical condition and the limitations imposed by it; (2) the information does not specify the functional limitations due to the disability; or, (3) other factors indicate that the information provided is not credible or is fraudulent. If an employee provides insufficient documentation, an employer does not have to provide reasonable accommodation until sufficient documentation is provided.
“Any medical examination conducted by the employer’s health care professional must be job related and consistent with business necessity. This means that the examination must be limited to determining the existence of an ADA disability and the functional limitations that require reasonable accommodation. If an employer requires an employee to go to a health care professional of the employer’s choice, the employer must pay all costs associated with the visit(s).(59)
“The Commission has previously stated that when an employee provides sufficient evidence of the existence of a disability and the need for reasonable accommodation, continued efforts by the employer to require that the individual provide more documentation and/or submit to a medical examination could be considered retaliation.(60) “However, an employer that requests additional information or requires a medical examination based on a good faith belief that the documentation the employee submitted is insufficient would not be liable for retaliation.
“May an employer require that an employee, who it reasonably believes will pose a direct threat, be examined by an appropriate health care professional of the employer’s choice?
“Yes. The determination that an employee poses a direct threat must be based on an individualized assessment of the employee’s present ability to safely perform the essential functions of the job. This assessment must be based on a reasonable medical judgment that relies on the most current medical knowledge and/or best objective evidence.(61) To meet this burden, an employer might want to have the employee examined by a health care professional of its choice who has expertise in the employee’s specific condition and can provide medical information that allows the employer to determine the effects of the condition on the employee’s ability to perform his/her job. Any medical examination, however, must be limited to determining whether the employee can perform his/her job without posing a direct threat, with or without reasonable accommodation. An employer also must pay all costs associated with the employee’s visit(s) to its health care professional.(62)
“An employer should be cautious about relying solely on the opinion of its own health care professional that an employee poses a direct threat where that opinion is contradicted by documentation from the employee’s own treating physician, who is knowledgeable about the employee’s medical condition and job functions, and/or other objective evidence. In evaluating conflicting medical information, the employer may find it helpful to consider: (1) the area of expertise of each medical professional who has provided information; (2) the kind of information each person providing documentation has about the job’s essential functions and the work environment in which they are performed; (3) whether a particular opinion is based on speculation or on current, objectively verifiable information about the risks associated with a particular condition; and, (4) whether the medical opinion is contradicted by information known to or observed by the employer (e.g., information about the employee’s actual experience in the job in question or in previous similar jobs).
Form of the Month
List of HR That Works Forms (PDF) – This list outlines all personnel forms available to HR That Works Members, along with their corresponding categories.
Please click here to listen to this month’s newsletter podcast.