P&C Pro-File Newsletter - September 2017

Did You Know?


Preliminary data from the National Safety Council (NSC) found that there were slightly fewer motor vehicle crash fatalities during the first six months of 2017 than there were during the same period in 2016. In 2014, the number of crash fatalities began to rise significantly after several years of steady declines. The NSC believes that this increase can be attributed to the increased affordability of driving after the economy recovered from a recession.

IN THIS ISSUE


  • Study Shows Average Workplace is Physically and Emotionally Demanding. A new study has found that most U.S. employees face significant stress in the workplace.
  • OSHA Restores Injury Tracking App After Security Fears. OSHA has restored user access to its Injury Tracking Application after being notified of a potential security breach.
  • United States, Canada and Mexico Begin NAFTA Negotiations. Representatives from the three countries concluded the first round of negotiations to update the trade agreement.


Provided by:

Hierl Insurance Inc.


IN THIS ISSUE


An analysis released by the Associated Press (AP) has shown that U.S. employees who are 55 years old or older are more likely to be involved in fatal workplace accidents than their younger counterparts. Additionally, as the average age of retirement continues to increase, older employees are becoming a larger portion of the overall workforce. The Bureau of Labor Statistics (BLS) estimates that by 2024, these employees will account for 25 percent of the entire labor market.

The AP used data from the BLS and the American Community Survey to conduct its analysis, and ignored fatalities that were determined to be the result of a natural cause, such as a heart attack or stroke. Despite this, the analysis found that the natural deterioration of vision, hearing and joint strength were the main contributors to the higher number of fatalities involving older employees.

The number of workplace fatalities for employees of all ages dropped from 5,480 in 2005 to 4,836 in 2015. However, fatalities for older employees over that same period increased from 1,562 to 1,681. As older employees continue to stay in the workforce, employers need to take extra care to protect them from hazards.

Study Shows Average Workplace is Physically and Emotionally Demanding


A new study conducted by the Rand Corporation, Harvard Medical School and University of California, Los Angeles has found that most U.S. employees face at least one form of workplace stress on a regular basis. And, although the study also found that most employees receive support from their employers, workplace stress is common in every job and industry.

Here are some of the key findings from the study:

  • Nearly 75 percent of employees report intense or repetitive physical exertion on the job.
  • Over half of employees are exposed to unpleasant and potentially hazardous working conditions.
  • Nearly 20 percent of employees are exposed to hostile or threatening social environments at work.
  • Nearly 50 percent of employees report that they must work on their own time to meet the demands of their jobs.

Physical and emotional stress in the workplace can lead to injuries, illnesses and poor job performance. Contact us today at 920-921-5921 for employee communications and workplace programs that can help manage stress at your business.

OSHA Restores Injury Tracking App After Security Fears


OSHA has restored user access to its Injury Tracking Application (ITA) after shutting it down due to fears of a security breach less than one month after its launch.

OSHA launched the ITA on Aug. 1 to allow employers to submit required injury and illness data electronically. However, on Aug. 14, the Department of Homeland Security contacted the agency to inform it of a potential compromise of user information.

OSHA suspected that one company was affected by the breach. The agency contacted the company and suspended access to the app while the National Information Technology Center conducted a complete scan. After the scan, OSHA confirmed that there was no breach of data, and it will continue with its security monitoring.

Although the electronic reporting rule initially required certain employers to start submitting their required information by July 1, 2017, the ITA website was not yet ready to receive electronic reports, and OSHA proposed Dec. 1, 2017, as the new deadline. However, it is not yet clear whether this incident will affect this new compliance deadline. Affected establishments should continue to record and report workplace injuries as required by law.

United States, Canada and Mexico Begin NAFTA Negotiations


Representatives from the United States, Canada and Mexico recently concluded the first round of negotiations to update the North American Free Trade Agreement (NAFTA). This agreement sets rules for trade between the three countries, but has not been updated since it came into effect in 1994.

The recent negotiations were prompted by comments from President Donald Trump, who believes that significant trade deficits with Canada and Mexico have led to unfavorable conditions for U.S. businesses. Although representatives from Canada and Mexico disagree with these assertions, all three countries hope to complete an update to NAFTA by early 2018.


4 Trends Shaping Cybersecurity in 2017

The threat of cyber attacks is increasing every day. Make sure you are stay up-to-date with all the recent news and trends happening in the world of cyber security so you can stay informed on how to protect yourself from cyber threats. Check out this great column by Denny Jacob from Property Casualty 360 and find out about the top 4 trends impacting cybersecurity this year.

No. 4: Growing areas of concern

Organizations with a chief information security officer (CISO) in 2017 increased to 65 percent compared to 50 percent in 2016. Staffing challenges and budgetary distribution, however, reveal where organizations face exposure.

Finding qualified personnel to fill cybersecurity positions is as ongoing challenge. For example, one-third of study respondents note that their enterprises receive more than 10 applicants for an open position. More than half of those applicants, however, are unqualified. Even skilled applicants require time and training before their job performance is up to par with others who are already working on the company's cybersecurity operation.

Half of the study respondents reported security budgets will increase in 2017, which is down from 65 percent of respondents who reported an increase in 2016. This, along with staffing challenges, has many enterprises reliant on both automation and external resources to offset missing skills on the cybersecurity team.

Another challenge: Relying on third-party vendors means there must be funds available to offset any personnel shortage.

If the skills gap continues unabated and the funding for automation and external third-party support is reduced, businesses will struggle to fill their cybersecurity needs.

No. 3: More complicated cyber threats

Faced with declining budgets, businesses will have less funding available on a per-attack basis. Meanwhile, the number of attacks is growing, and they are becoming more sophisticated.

More than half (53 percent) of respondents noted an increase in the overall number of attacks compared previous years. Only half (roughly 50 percent) said their companies executed a cybersecurity incident response plan in 2016.

Here are some additional findings regarding the recent uptick in cyber breaches:

• 10 percent of respondents reported experiencing a hijacking of corporate assets for botnet use;• 18 percent reported experiencing an advanced persistent threat (APT) attack; and

• 14 percent reported stolen credentials.

• Last year’s results for the three types of attacks were:

• 15 percent for botnet use;

• 25 percent for APT attacks; and

•15 percent involving stolen credentials.

Phishing (40 percent), malware (37 percent) and social engineering (29 percent) continue to top the charts in terms of the specific types of attacks, although their overall frequency of occurrence decreased: Although attacks are up overall, the number of attacks in these three categories is down.

No. 2: Mobile takes a backseat to IoT

Businesses are now more sophisticated in the mobile arena. The proof: Cyber breaches resulting from mobile devices are down. Only 13 percent of respondents cite lost mobile devices as an exploitation vector in 2016, compared to 34 percent in 2015. Encryption factors into the decrease; only 9 percent indicated that lost or stolen mobile devices were unencrypted.

IoT continues to rise as an area of concern. Three out of five (59 percent) of the 2016 respondents cite some level of concern relative to IoT, while an additional 30 percent are either "extremely concerned" or "very concerned" about this exposure.

IoT is an increasingly important element in governance, risk and cybersecurity activities. This is a challenging area for many, because traditional security efforts may not already cover the functions and devices feeding this digital trend.

No. 1: Ransomware is the new normal

The number of code attacks, including ransomware attacks, remains high: 62 percent of respondents reported their enterprises experienced a ransomware attackspecifically.

Half of the respondents believe financial gain is the biggest motivator for criminals, followed by disruption of service (45 percent) and theft of personally identifiable information (37 percent). Despite this trend, only 53 percent of respondents' companies have a formal process in place to deal with ransomware attacks.

What does that look like?

Businesses can conduct "tabletop" exercises that stage a ransomware event or discuss in advance decisions about payment vs. non-payment. Payment may seem like the easiest solution, but law enforcement agencies warn it can have an encouraging effect on those criminals as some cases lead to repeated attacks of the same business.

Many cybersecurity specialists argue that the best way to fight a ransomware attack is to avoid one in the first place. Advance planning that might include the implementation of a governing corporate policy or other operating parameters, can help to ensure that the best cybersecurity decisions are made when the time comes to battle a breach.

See the original article Here.

Source:

Jacob D. (2017 August 25). 4 trends shaping cybersecurity in 2017 [Web blog post]. Retrieved from address http://www.benefitspro.com/2017/08/25/4-trends-shaping-cybersecurity-in-2017?ref=hp-in-depth&page_all=1


The Equifax Breach and How it Affects You

Equifax announced Thursday that it suffered a breach being discussed as one of the largest data breaches in history. Equifax learned of the incident in July 2017. The breach occurred from mid-May through July 2017.

Equifax is one of three nationwide credit-reporting companies that track and rate the financial history of U.S. consumers. The companies are supplied with data about loans, loan payments and credit cards.

The company reported that over 143 million of its U.S. customers may have been affected by the breach, wherein unauthorized users had access to the company’s data from mid-May through July of this year.

According to the company’s FAQ page, private identifying information, such as birth dates, addresses, names, driver’s-license numbers, and Social Security numbers, were obtained by the unauthorized users. Equifax also reported that “credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”

Here are six steps to protect yourself from the recent Equifax Data Breach incident:

Step 1: Find out if your information has been put at risk

Equifax is offering a website where you can check whether you are one of the 143 million people whose data may have been compromised.

Consumers can go to EquifaxSecurity2017.com to find out if their information was impacted by the breach. On the website under “potential impact,” consumers can check the potential impact the breach had on their personal information by entering their last name and the last six digits of their social security number to receive a message alerting them if their data was compromised.

Even if the tool indicates you weren't exposed, you're still eligible for a free one-year subscription to Equifax's protection services. Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. You have until November 21, 2017 to enroll.

Step 2: Check your credit reports and bank statements

More than three months passed between the time the breach may have started and now. We're not sure if the data of those affected was used maliciously during that period, so consider looking through your credit reports for any suspicious activity. The federal government guarantees everyone a free annual credit report from the three major bureaus from annualcreditreport.com.

When looking through your reports, keep an eye out for new accounts you didn't open, late payments on debts you don't recognize and any other activity that looks unfamiliar.

Step 3: Freeze your accounts and report fraudulent activity immediately

If you suspect someone used your identity to open credit cards, take on loans, or re-open closed accounts, contact the credit card company's fraud department immediately. You are not responsible for charges made on a fraudulent card, but you must report the issue in a timely manner.

Even if your credit report comes back clean, remain watchful of your credit. One of the most reliable ways to prevent someone from opening credit cards in your name is to place what's called a "credit freeze." Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.

When you freeze your credit, you (or anyone acting as you) will be required to un-freeze your account by providing the PIN you got when you froze your credit.

To freeze your credit, contact each of the credit bureaus using these phone numbers:

Equifax: 1-800-349-9960 Experian: 1‑888‑397‑3742 TransUnion: 1-888-909-8872

After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN. Be sure to keep the PIN or password in a safe place.

Step 4: Set fraud alerts

If you decide against a credit freeze, a fraud alert is another way to make it hard for identity thieves to open accounts in your name. When a fraud alert is set, credit card companies will be required to verify your identity before opening an account. That, combined with the credit freeze, is a great way to keep your credit secure.

To set a fraud alert, contact just one of the credit card bureaus and ask for an initial fraud alert. Once the alert is set, it will last 90 days. After that, you have the option to renew it.

Step 5: Use strong passwords and allow two-factor authentication on accounts

Data suggests that between 31% and 65% of people use the same password at multiple sites. This is a means if your username and password are compromised at one website, cybercriminals can use automated means to test your credentials against other websites. This means a single hacked password could lead to a cybercriminal potentially taking control of your email account and online bank accounts.

Step 6: Alert family and friends!

Because Equifax is not notifying those affected through direct mail or email, some people will be left without the resources to protect their identities or find out if they were compromised. Consider notifying your loved ones – especially the elderly without computer access – of the above steps.

While increased cyber risk is a downside of the technological revolution, Hierl can help keep you safe. For more information on cyber security or to speak with an expert to assess your existing cyber-policy.

Download PDF version here.


Risk Insights: Donating to Disasters and Avoiding Scams

Hurricane Harvey is the strongest storm to make landfall in the United States since Hurricane Charley in 2004. News of the damage it has caused to southeastern Texas is prompting people to help in whatever ways they can. Unfortunately, there are dishonest people who prey upon people’s good intentions, creating fake charity campaigns to exploit victims and take advantage of those who want to help.

How to Avoid Scams

Despite the sense of urgency to help when disaster strikes, it is important to do some research before donating. Consider the following best practices to ensure that your resources go to a legitimate charity with experience in disaster relief:

  • Never wire money to someone who claims to be a charity. Legitimate charities do not ask for wire transfers. Once you wire the money, you’ll probably never get it back.
  • Be cautious about bloggers and social media posts that provide charity suggestions. Don’t assume that the person recommending the charity has fully researched the organization’s credibility.
  • Only donate through a charity’s official website, never through emails. Scammers have a knack for creating fake email accounts that seem legitimate.
  • Ensure that the charity explains on its website how your money will be used.
  • Be wary of charities that claim to give 100 percent of donations to victims. That is often a false claim, as well-structured organizations need to use some of their donations to cover administrative costs.
  • Never offer unnecessary personal information, such as your Social Security number or a copy of your driver’s license. However, it is common for legitimate charities to ask for your mailing address, and it is safe for you to provide it.

How to Choose a Charity

Even legitimate charities need to be considered with care. The Federal Trade Commission suggests avoiding new charities because, despite their legitimacy, they may not have the resources needed to get your money to its intended recipients.

Donors looking for a worthy charity can access an unbiased, objective list on a website called Charity Navigator. The site receives a Form 990 for all of its charities directly from the IRS, so it knows exactly how the charities spend their money and use their donations. It also rates charities based on their location, tax status, length of operation, accountability, transparency and public support.

Gaining popularity for charitable donations is a crowdfunding website called GoFundMe, which allows people to raise money for a wide variety of circumstances. Despite its popularity, visitors to the site should be cautious about the campaigns to which they donate. Visitors can report suspicious campaigns directly to GoFundMe via its official website or to their state’s consumer protection hotline.

National Organizations

The following national organizations have long-standing reputations for providing disaster relief and accepting donations:

  • The American Red Cross provides shelter, food, emotional support and other necessities to people affected by disasters.
  • AmeriCares takes medicine and supplies to survivors.
  • Catholic Charities USA supports disaster response and recovery efforts that include direct assistance, rebuilding and health care services.
  • The Salvation Army provides shelter and emergency services to displaced individuals.

Remember that there are other ways to provide disaster relief that don’t involve monetary donations, especially if you live near the affected area. Local food banks and blood centers commonly ask for donations during relief efforts.

To download the full article click here.


3 takeaways from the 2017 Cost of Data Breach Study

IBM has just released their findings on their cost of data breaches study. Check out this great by Denny Jacob from Property & Casualty 360 and find out what they key findings from IBM research means for you.

As companies continue to infuse technology into their business models, they must also keep up with an ever-changing digital landscape. In 2017 and beyond, companies need to consider their cybersecurity practices.

As cyber attacks continue to rise in frequency and sophistication, companies should also consider where data breaches are occurring. For those looking to understand data breaches by country, the latest report from IBM Security and Ponemon Institute sheds light on such a topic.

Sponsored by IBM Security and conducted by Ponemon Institute, the study found that the average cost of a data breach is $3.62 million globally, a 10% decline since 2016.

To explore the complete report, visit the IBM Security Data Breach Calculator, an interactive tool that allows you to manipulate report data and visualize the cost of a data breach across locations and industries, and understand how different factors affect breach costs.

Or, keep reading for highlights from the study's key findings.

The costs by region.

In the 2017 global study, the overall cost of a data breach decreased to $3.62 million, which is down 10% from $4 million last year. While global costs decreased, many regions experienced an increase.

In the U.S., the cost of a data breach was $7.35 million, a 5% increase compared to last year. When compared to other regions, U.S. organizations experienced the most expensive data breaches in the 2017 report. In the Middle East, organizations saw the second highest average cost of a data breach at $4.94 million  an uptick of 10% compared with the previous year. Canada ranked third with data breaches costing organizations $4.31 million on average.

European nations experienced the most significant decrease in costs. Germany, France, Italy and the U.K. experienced significant decreases compared to the four-year average costs. Australia, Canada and Brazil also experienced decreased costs compared to the four-year average cost of a data breach.

Time is money when you're containing a data breach.

For the third year in a row, the study found that having an Incident Response (IR) Team in place significantly reduced the cost of a data breach. IR teams, along with a formal incident response plan, can assist organizations to navigate the complicated aspects of containing a data breach to mitigate further losses.

According to the study, the cost of a data breach was nearly $1 million lower on average for organizations that were able to contain a data breach in less than 30 days compared to those that took longer than 30 days. The speed of response will be increasingly critical as General Data Protection Regulation (GDPR) is implemented in May 2018, which will require organizations doing business in Europe to report data breaches within 72 hours or risk facing fines of up to 4% of their global annual turnover.

There's still room for improvement for organizations when it comes to the time to identify and respond to a breach. On average, organizations took more than six months to identify a breach, and more than 66 additional days to contain a breach once discovered.

Additional key findings.

  • For the seventh year in a row, healthcare topped the list as the most expensive industry for data breaches. Healthcare data breaches cost organizations $380 per record, more than 2.5 times the global average overall cost at $141 per record.
  • Close to half of all data breaches (47%) were caused by malicious or criminal attacks, resulting in an average of $156 per record to resolve.
  • Data breaches resulting from third party involvement were the top contributing factor that led to an increase in the cost of a data breach, increasing the cost $17 per record. The takeaway: Organizations need to evaluate the security posture of their third-party providers  including payroll, cloud providers and CRM software  to ensure the security of employee and customer data.
  • Incident response, encryption and education were the factors shown to have the most impact on reducing the cost of a data breach. Having an incident response team in place resulted in $19 reduction in cost per lost or stolen record, followed by extensive use of encryption ($16 reduction per record) and employee training ($12.5 reduction per record).

See the original article Here.

Source:

Jacob D. (2017 August 8). 3 takeways from the 2017 cost of data breach study[Web blog post]. Retrieved from address http://www.propertycasualty360.com/2017/07/05/3-takeaways-from-the-2017-cost-of-data-breach-stud?ref=rss&_lrsc=05d8112f-7bfb-4c4d-916f-0e2085debd9a&slreturn=1502379703&page_all=1


Safety Focused August 2017

When traveling for work, even for short periods of time, it is important to take precautions to protect yourself from cyber criminals.

Cyber Tips for Traveling

Staying safe while traveling involves more than simply locking your valuables in a hotel safe. Today, cyber crime is just as prevalent as conventional crime. In fact, your digital property may be more valuable to criminals than your personal property. Before packing for your next business trip, take the following precautions to protect yourself and your belongings while away:

  • Turn off home and work computers before you leave. Computers that are always left on are more vulnerable to hacks.
  • Back up all data. Store sensitive files either on a removable storage device locked in a safe or in a secure facility in the cloud.
  • Be cautious when using public Wi-Fi. If it is necessary to go online in public, use a secured connection. If you have to use an unsecured connection, avoid checking bank balances or visiting any site that asks you for personal information, which can be easily stolen.
  • Enable a pass code on your smartphone. This can prevent hackers from accessing sensitive information should you lose your phone.
  • Use a credit card instead of a debit card for purchases. A cyber criminal can deplete your bank account with your debit card.

How to Avoid Distractions While Driving

Driver distractions have joined alcohol and speeding as leading factors in crashes that cause fatal and serious injuries. However, cellphones aren’t solely to blame. Anything that takes 100 percent of your attention away from driving is a distraction. There are three main types of distractions:

  • Visual—Taking your eyes off the road
  • Manual—Taking your hands off the wheel
  • Cognitive—Taking your mind off of driving

Whether driving for work or for personal reasons, it is important to remember that any activity that you engage in while driving is a potential distraction that increases your risk of crashing. Taking the following precautions can help you avoid distractions while driving:

  • Silence your mobile devices and keep them away from you while driving to avoid being distracted by incoming calls or texts. If you must receive phone calls while on the road, pull over before answering, even if using a hands-free device.
  • Set destinations in navigational devices before you depart.
  • Make a playlist on your smartphone before you leave to avoid the temptation to change radio stations.
  • Avoid eating while driving. Take proper breaks to allow yourself time for meals.
  • Speak up if you’re a passenger of a distracted driver. Offer to take over the driving responsibilities if possible.
  • Review ’s safe driving policy to ensure that you are fully aware of the best practices when it comes to road safety and know what to do in an emergency.

To download the full article click here.


Beyond the Basics: Snapchat "Snap Map" Safety

Did You Know?

Snapchat is one of the top five social media platforms among young people, with approximately 150 million daily active users. While Snapchat is designed to be a fun photo, video and text messaging app, a number of features—particularly the Snap Map function—pose serious safety concerns.

What is Snap Map?

Introduced in a June 2017 update, Snap Map allows users to share their exact location with their friends within the Snapchat app. Snap Map gathers location data using a smartphone's GPS sensor and displays the time of day an individual is at a specific location and his or her speed of travel. This information is shown on a map that can be accessed when a user first opens Snapchat and pinches the screen to zoom out.

While Snapchat users can choose to share their location with selected friends, any posts users share on Snapchat’s “Our Story” feature will appear on the global map regardless of their privacy or location settings.

Safety Concerns

As with many apps that use geolocation features, privacy is a major concern. Many fear the Snap Map feature opens users up to the risk of stalking, burglary or kidnapping, particularly because locations in Snap Map can be viewed down to exact addresses.

Safety Tips

  • Edit your location settings by clicking the gear icon in the Snapchat app. From there, scroll down to the “See My Location” tab and turn on “Ghost Mode.” This will prevent others from seeing your location.
  • Be mindful of what you’re sharing on Snapchat, and avoid providing your exact location online.

Safety First

Snapchat is a popular app for young children. As such, it’s important for parents to speak with their kids about online safety. Children should be instructed to avoid sharing their location on any social media app, even if they think the information is only viewable by friends and family.

If you have other safety concerns related to Snapchat, you can submit them to the company here.

To download the full article click Here.


P&C Profile: July 2017

New Study Demonstrates the Dangers of Talking While Driving

It’s commonly known that smartphones, entertainment systems and other electronics can be a dangerous distraction to drivers. However, a new study from the University of Iowa found that simple conversations can also cause unsafe driving conditions.

The study used eye tracking equipment to analyze where subjects were looking and how long it took them to focus on a new object. Some subjects were also asked true or false questions at the same time in order to simulate a simple conversation. Data collected from the study found that subjects who answered questions took twice as long to focus on a new object than those who were asked no questions.

Although engaging in conversation seems simple, it involves a number of complex tasks that the brain must handle simultaneously. Even if the topic of conversation is straightforward, the brain has to absorb information, overlay what a person already knows and prepare to a construct a reply. And, although this process is done extremely quickly, it can also slow down reaction times and lead to a dangerous accident on the road.

The best way to keep your employees safe while driving is to encourage them to eliminate or turn off all potential distractions, including their cellphones and any hands-free accessories they may use to make a call. You can also consider including language about safe driving practices in your workplace safety policies.

Preventing Workplace Violence

As reports of shootings and other violent incidents become more common, workplace violence is a topic than no business can ignore. According to the U.S. Bureau of Labor Statistics, workplace homicides rose 2 percent in 2015, the latest year for which data is available. Additionally, the number of workplace shootings increased by 15 percent.

The best way to address potential acts of violence at your business is to be prepared to act before, during and after an act of violence occurs. Here are some programs you can use to ensure the safety of your employees and customers:

  • Pre-employment screenings—Background checks can help identify candidates who have violent histories.
  • Security—Security systems can ensure that only employees have access to certain areas.
  • Alternative dispute resolutions—Techniques like facilitation and mediation can help solve a conflict before it escalates.
  • Threat assessment teams—A designated team can work with management to assess the potential for violence and develop an action plan.

Congress Considers Flood Insurance Reforms

The National Flood Insurance Program (NFIP) is one of the few ways to get insurance coverage for flood risks, and the program is set to expire later this year. However, Congress is currently examining a number of possible changes to the NFIP before it’s reauthorized.

One of the most important topics regarding the NFIP is its financial stability. The program is currently $24 billion in debt as a result of rising claims costs and severe weather events, and some lawmakers believe that the program needs substantial reforms in order to remain viable.

The following are some of the changes that are being considered to the NFIP:

  • Making private flood insurance more available to consumers
  • Limiting payments to properties that flood repeatedly
  • Reducing taxpayer subsidies for flood insurance
  • Creating financial incentives for flood mitigation

DOL Withdraws Joint Employment and Worker Classification Guidance

The U.S. Department of Labor (DOL) recently withdrew administrative interpretations regarding joint employment and the classification of workers as employees or independent contractors. These withdrawals can have significant consequences on legal protections for employees and eligibility for benefits.

  • Worker classification—Employers will need to satisfy tests established by the courts—such as the economic realities test—when classifying workers.
  • Joint employment—Joint employment can only be established when an employer has direct control over another employer’s workplace.

To learn more about what these withdrawals could mean for you, contact Hierl Insurance Inc. and ask to see our comprehensive compliance bulletins, “DOL Withdraws Joint Employer Guidance” and “DOL Withdraws Worker Classification Guidance.”

To download the full article click Here.


OSHA Cornerstones: Summer 2017

OSHA Proposes Delay to Electronic Reporting Rule

Last year, OSHA issued a final rule that requires certain employers to electronically submit data from their injury and illness records so they can be posted on the agency’s website. Although employers were initially required to submit this data by July 1, 2017, the agency recently stated that it will not be ready to receive electronic workplace injury and illness reports by the established deadline, and has proposed a new compliance date of Dec. 1, 2017.

OSHA believes that the new rule will encourage employers and researchers to find new and innovative ways to prevent injuries and illnesses at workplaces. However, critics of the rule believe that it will unfairly damage the reputations of businesses by making details of workplace injuries and illnesses available to the public.

Because the electronic reporting rule has not been revoked, employers affected by the rule should continue to record and report workplace injuries as required by law. Although the rule does not change an employer’s requirements to complete and retain regular injury and illness records, some employers will have additional obligations. Here are the requirements for the rule:

  • Establishments with 250 or more employees that are required to keep injury and illness records must electronically submit the following forms:
    • OSHA Form 300: Log of Work-Related Injuries and Illnesses
    • OSHA Form 300A: Summary of Work-Related Injuries and Illnesses
    • OSHA Form 301: Injury and Illnesses Incident Report
  • Establishments with 20 to 249 employees that work in industries with historically high rates of occupational injuries and illnesses must electronically submit information from OSHA Form 300A.

OSHA Withdraws Union Walkaround Policy

OSHA has withdrawn a policy that allowed union officials to participate in inspections at nonunionized workplaces. The agency recently referred to the policy as unnecessary in a memorandum to its regional administrators.

The policy was originally included in OSHA’s 2013 “Walkaround Letter of Interpretation,” and was viewed by many employers as an attempt by the Obama administration to support and expand union representation to nonunion workplaces. Other critics of the letter believed that it allowed individuals who were not a representative of employees to participate in walkaround inspections.

Because the walkaround policy was set without engaging in a formal rule-making process, the procedure to withdraw it was quick and informal. Many experts also believe that the withdrawal was influenced by the Trump administration’s focus on eliminating easily reversible policies.

OSHA compliance officers may still attempt to include third-party outsiders in a walkaround if there is good cause. One example of good cause would be due to the compliance officer lacking technical or language expertise that is necessary to the inspection. Such cases are rare, however, as OSHA usually provides the needed expertise from within the agency.

Proposed OSHA Standards Stalled Under Trump Administration

A number of proposed OSHA standards were introduced just before the inauguration of President Donald Trump. However, the Trump administration’s focus on deregulation has put many of these standards on hold. Additionally, the Office of Information and Regulatory Affairs has yet to publish its Unified Agenda, a semiannual publication that outlines the upcoming regulatory plans for federal agencies.

Several proposed changes are currently in OSHA’s pre-rule stage, including the following:

  • An emergency responder preparedness program
  • Revisions to OSHA’s process safety management program
  • A new federal standard to protect health care and social assistance workers from workplace violence

Supporters of the Trump administration’s emphasis on deregulation believe that businesses will benefit as their compliance responsibilities are reduced. However, opponents argue that public protections may now come second to profit.

OSHA Citation Against Contractor Vacated

An administrative judge for OSHA recently vacated a “willful” violation against Hensel Phelps Construction, a general contractor.

An OSHA inspection of a Hensel Phelps worksite in Texas originally found that the company had not provided a subcontractor’s employees with a system to guard against cave-ins. However, the citation was vacated after a judge found that OSHA regulations protect an employer’s own employees, and in this case did not apply to the subcontractor’s employees who were not protected from cave-in hazards.

To download the full article click Here.


Managing Work-related Stress

It has been estimated that 75-90 percent of all visits to primary care physicians are a result of stress-related health problems, and the leading source of stress for adults comes from their jobs. The most common causes of work-related stress include a heavy workload, job insecurity, tight deadlines, bullying and a lack of support from managers.

Stress affects each individual differently. If it becomes overwhelming, it can lead to illness, injury and poor job performance. To reduce work-related stress and your risk of developing a more serious health condition, consider the following six best practices:

  1. Plan ahead. Start working on tasks well before they are due, and always have an alternative plan in case something falls through.
  2. Prioritize your work. Create a list of tasks that must be done and then break them down into smaller, more manageable assignments so you don’t get overwhelmed.
  3. Slow down. Think before you act to avoid having to repeat tasks.
  4. Use available resources. Ask co-workers for assistance with tasks that you cannot feasibly tackle on your own.
  5. Balance your life. Make sure that there is a balanced focus on your work and your home life to offset work stressors with personal time to yourself.
  6. Resolve conflicts. Develop a conflict resolution plan to solve interpersonal problems with co-workers.

To download the full article click Here.