Risk Management Bulletin

Exposure to mold remains a hot topic in workplace safety and health. Experts recommend these guidelines for handling this widespread exposure:

• You can’t avoid it! Mold is present on all types of surfaces, and even in the air. Because mold is a living organism (fungus), it’s in a constant state of flux: Growing, reproducing, and dying.
• Dry out the problem. Because a lack of moisture will limit the growth of mold inside buildings, removing excess water in your facility can eliminate the fungus.
• Don’t sample from the get-go. This can get expensive if you’re not sure you have a mold problem — and most mold problems require multiple samples. Ask yourself: Can you see mold? Smell it? Do you have a water problem? Are you susceptible to flooding or water damage? What are the seasonal variations of your area? Do you live by a body of water that puts excessive moisture in the air? Do you have a poor or outdated ventilation system in your facility? If you come up with any “yes” answers, talk to an expert about sampling.
• There are no exposure levels for mold. Because humans are exposed to such immunosuppressive drugs as prednisone and chemotherapy and disorders like diabetes, no permissible exposure levels have been set for mold. There’s no proven correlation between mold exposure and health effects.
• Don’t waste your time with bleach! Although bleach will kill actively growing fungi, including the spores, the dead spores can still cause an allergic response.
• Don’t terminate a sick employee because of a mold-related illness. If a worker is convinced that they have a workplace mold allergy and a doctor supports them, it might be more cost-effective to accommodate them. Terminating the employee might leave you wide open to a lawsuit. Because there’s little legislation on mold, a claim can easily get down to a “battle of the experts” that could get pricey. If possible, offer such options as telecommuting to accommodate the worker. If you can’t reach an accommodation, have a competent expert combat the claim and speak to your attorney before terminating them.

Our risk management specialists would be happy to help you develop a mold control program — just give us a call.

The most sophisticated security systems can often be breached by rummaging through the company trash for a discarded password. Banks sometimes find customers’ ATM cards with the “secret” PIN code written on the card itself. And how often have you overheard a supposedly “confidential” conversation by someone shouting into their cell phone in public?

Have you ever considered how much of your customers’ private information might be left lying around the office? Fellow employees, cleaning crews, other customers, and repair people can easily walk by an absent employee’s desk and see confidential information scattered about or left on the computer screen. While you’re spending thousands on software barriers to protect files against hackers, those same files could be sitting open in your office for all to see. And don’t overlook the most obvious and massive security breach in any business — human error

Walk through your office after hours or while employees are at lunch and see for yourself how much information is left openly accessible. For example, you might be surprised by how many employees put their passwords on Post-it notes attached to their computer screen. Sit in the middle of the office (or at the next booth or table at lunch) and listen for how much of your employee’s conversations (and possible confidential customer information) you can overhear.

Then decide what you can do to minimize this risk. Make sure that desktops are clear at night; add password-protected screen savers to your computers (and change the passwords often); and remind employees to be sensitive about what they reveal in public conversations.

It’s far better to clean up this problem now than to have it clean you out later.

If you’d like our risk management professionals to review your information privacy protection plan, just give us a call.

High turnover, sexual harassment, violence in the workplace, employee theft — when you hire the wrong person, you’re risking a lot of problems. Avoid these common errors:

1. Failing to Identify Company Needs
   Define requirements for the position in terms of skills, character, competency, and experience. Test the assumption that you need a certain type of employee
2. Failing to Test Employee Skills
   Unless you assess an applicant’s skills, you’re gambling that they can perform — a bet you might well lose.
3. Hiring out of Desperation
   Hire in haste — and end with waste. If you can’t hire in a timely manner, bring in a temporary or leased employee, or borrow a worker from another company.
4. Hiring out of Laziness
   If you don’t like to hire people, outsource this function to a reliable professional third party.
5. Hiring out of Infatuation
   Just because someone “looks” right for a job doesn’t mean that they will be. To avoid infatuation, use follow-up meetings and joint interviews.
6. Letting Baggage Get in the Way
   The best and brightest don’t always look and act the way you think they should. Seeking diversity is not only important to placate the EEOC — it’s essential in today’s competitive economy.
7. Hiring Based on Recommendations
   Just because someone thinks somebody they know is a great worker doesn’t mean they are. Go through the same hiring process with every potential employee.
8. Blindly Using Internal Promotion
   Promoting solely from within can create inbreeding and stagnation. Fill at least one third of your new positions from the outside.
9. Skimping on Background and Reference Checks
   Don’t let concern for EEOC and legislative privacy guidelines keep you from investigating backgrounds extensively. Poor hiring decisions are caused by not asking the right questions.
10. Failing to Recognize a Poor Hiring Decision

Do your best to keep bad hires on their feet by putting them in at least the same position that you found them. Help them with outplacement and a small severance package, so you don’t end up with a bitter ex-employee or, even worse, a lawsuit.

Every business needs to maintain a secure workplace. To protect yourself against a wide variety of potential dangers — from armed and deranged employees to the threat of a terrorist act in the post-9/11 environment — means integrating a comprehensive security policy into your daily operations, rather than seeing it as an afterthought.

Business expert and motivational speaker John Di Frances stresses the need for companies to “ruffle complacency feathers [and] realize that catastrophic events are all too possible.” Di Frances advises business to create an “organizational awareness” of security issues by setting procedures to identify and deter everything from maliciously planted computer programs to embezzlement. Training managers to heighten their security awareness should play a key role in this process.

How much are you doing? To assess your readiness, and what your business needs to do to become and remain prepared, use this checklist:

• Do you have written policies covering employee theft, workplace violence, drug trafficking, and other criminal activities that might occur in the workplace?
• Do you check references and conduct background checks when hiring new employees?
• Are employees told to report any strangers they see in the facility or on company property?
• Are employees instructed never to lend their security badge, keys, access cards, etc. to anyone?
• Do you use surveillance cameras to monitor high-risk areas of your facility, such as loading docks, warehouses, and outdoor storage areas?
• Are keys and access codes or cards given only to company employees and only to employees who need them to gain access to their work area(s)?

Security risks aren’t likely to disappear; face this new reality and plan for it!

Our risk management experts would be happy to help you and your employees keep your business safe. Just give us a call.

The U.S. Bureau of Labor Statistics reports that in 2006 (latest year data) there were 4,085,400 non-fatal workplace injuries, 5,703 fatalities, and 1,183,500 days away from work due to injury. Since then, medical expenses have continued to rise, leading to an explosive growth in the human and economic costs of workplace injuries.

To help keep these costs under control, now’s the time to implement a comprehensive accident prevention and injury mitigation program by taking these 10 steps:

1. Create a safety/loss control department run by an experienced and credentialed safety/loss control or contract with an independent consultant.
2. Have the safety department do a detailed inspection with written results of your company’s facilities and exposures.
3. Direct the safety department to review all written safety material for compliance with regulations, costs of safety equipment and facilities, and training documents and sessions.
4. Support the safety department in all its activities, including mandatory access to key department heads, managers, and supervisors.
5. Review all safety recommendations and make safety part of the budgeting process.
6. Creating a user-friendly, non-technical, written safety program for all employees.
7. Stress training and annual refreshers in safety/loss control.
8. Require all job training to be on going, documented, and tested.
9. Have the safety department investigate all accidents and “near-misses” and require all department heads to participate in meetings on the causes, costs, corrections, and mitigation of accidents.
10. Create a safety culture throughout the company as a permanent and essential part of your organization’s success.

Following this path will lead to a safer, more efficient — and more profitable — workplace.

As the number of people over age 55 increases in the workplace, so does overall workplace safety and productivity, according to a study by risk management consultant Ken Nogan of PMA Insurance Group (Belle Glade, PA).

That’s good news because there are more of them: The number of employees 65 and older has tripled during the past 30 years — and the size of workers in this age group is estimated to grow more than 80%. The white paper, “Capitalizing on an Aging Workforce,” found that older workers have lower absenteeism, greater job satisfaction and fewer on-the-job accidents and injury claims than their younger counterparts because they tend to be more experienced, careful and focused on the tasks they perform.

However, the study also concluded that as workers age, their skills and faculties (such as strength, range of motion, motor skills, sensory acuity and ability to heal) decrease, leaving them more vulnerable to severe injury and higher fatality rates.

The paper recommends that businesses modify workplaces to prevent, and limit the severity of, injuries common to senior workers by taking risk management steps to:

• Prevent slips and falls by looking for accident trends and causes related to floor surfaces and walking surfaces; repair loose tiles and torn carpet; secure rugs that don’t lay flat. Also, put two handrails on stairs with color-accented steps, minimize light glare and require shoes with good tread.
• Use task rotation to avoid ergonomic injuries. Conduct ergonomic evaluations of workstations and workspaces to identify causes of fatigue and strain.
• Focus on safe driving because drivers 55 and above are more likely than younger motorist to crash at an intersection or when merging or changing lanes on a highway.
• Employ highly responsive return-to-work efforts for older workers, who take longer to heal.

For more information on the white paper, go to http://www.pmagroup.com/news090304.htm

Thousands of businesses are storing terabytes of confidential business and personal information on personal electronic devices (PEDs), such as laptops, PDAs, removable disk drives, flash memory cards, etc. — leading to a spate of highly publicized security breaches involving the loss or theft of equipment containing customer records, Social Security numbers, drivers license numbers, and more. Could your organization be next?

Both federal legislation (such as the ADA, FMLA, and HIPAA) and a variety of state laws require companies to keep customer and client information confidential and to report the disclosure or theft of this data. To protect themselves against liability for such leaks and to manage the risk, more and more businesses are tailoring security policies for their personal electronic devices (PEDs).

Such a policy should:

• Require encryption of all data on PEDs that carry confidential records.
• Implement pass phrases containing letters, numbers, and symbols — and change them frequently.
• Secure wireless networks with firewalls and passwords.
• Create a two-step authentication process when using a PED for remote access.
• Use a cable lock for laptops and place them and other PEDs in locked storage when not in use.
• Have a “time-out” function for mobile devices that requires user re-authentication after 10 minutes of inactivity.
• When feasible, require that the PED be marked as company property.
• Have your IT department record the model number and serial number of all PEDs and store digital photographs of each device.
• Create an automatic login to access to the PED and its confidential data.
• Allow copying or extracting access only with two-factor authentication.

Our risk management professionals stand ready to offer you advice on creating a PED security policy. Just e-mail or call us.

Thousands of workers are being abused at home — and all too often, this abuse spills over into the workplace. According to the American Bar Association Commission on Domestic Violence, there are 30,000 to 40,000 incidents of on-the-job violence in which the victims knew their attackers intimately. More than seven in ten (71%) of human resources and security personnel surveyed have seen an incident of domestic violence on company property.

A violent episode at work can easily endanger co-workers, as well as the victim. What’s more, female workers who are abused at home have higher rates of absenteeism, drug abuse, and depression that increase Health insurance costs and lower productivity — costing businesses more than $4.5 billion a year.

Federal and state law requires employers to provide a safe workplace for all employees. Failure to act on the knowledge that an incident of domestic violence could threaten workers on the job places a huge potential liability on your company.

In deciding whether an employee might be a victim might be a victim of domestic violence, beware if the worker:

• Has unexplained bruises that don’t seem to fit their injuries
• Wears inappropriate clothing that might be covering up injuries
• Seems distracted at work
• Has a high rate of absenteeism
• Appears anxious, upset, or depressed
• Receives repeated, upsetting telephone calls during the work shift

If you notice any of these signs, talk to your employee privately, telling them what signs you noticed and expressing concern about possible abuse. Be supportive and keep this information confidential, except for individuals who need to know, such as security personnel. Offer company and community support and be flexible with the employee’s working arrangements.

According to the Family Violence Prevention Fund, supervisors are usually the first people to become aware of an employee who might be a domestic violence victim. The fund recommends that supervisors refer potential victims to your company’s Employee Assistance Program (EAP) or a community domestic violence program. The National Domestic Violence Hotline number is (800) 799-SAFE (7233).

With the stock market tanking, layoffs skyrocketing, and businesses cutting back, here are seven recommendations to help keep your Workers Compensation premiums under control until the tide turns:

1. Because layoffs and less work might mean you have vehicles that are out of service, see if you can adjust the premium or get a credit.
2. If your actual payroll and revenue are less than the “expected premium” on your Comp policy, try to get your audit as soon as possible. Schedule it now to take place right after policy expiration.
3. Remember that lower industry payrolls will impact modifier calculations for your state and class codes. And don’t forget that lower worked hours can affect your OSHA Incident rates. Because it might take a year or so for things to equal out in the “numbers” at the NCCI and Department of Labor, plan for changes.
4. Bear in mind that less work will mean fewer total Comp claims. This is already occurring in medical-only claims. As their caseload has decreased, attorneys for injured employees are getting more aggressive and working harder on smaller claims. Also, less work could lead to be an eventual increase in fraudulent claims.
5. Make sure your insurance carrier understands that there’s less work for you to put injured employees back to work or on light duty.
6. Be on the lookout for changes in the policies of your independent contractors, subcontractors, and other business partners. They might change insurers and coverages to lower their own costs. Be sure to secure insurance certificates and additional insured endorsements from them. Find out what changes, if any, need your attention and action.
7. Watch for cutbacks on safety. Already in tight times, safety and risk management personnel may be some of the first to go.

As risk management professionals, we’d be happy to provide a complimentary review of your Workers Comp program — as well as your other coverages. Feel free to get in touch with us at any time.

Failing to investigate the activities of an employee whose company computer contains pornography could leave your business wide open to a lawsuit.

A 2005 New Jersey case, Jane Doe v. XYC Corp., involved an employer who became aware that one of its workers was using his company computer to visit pornographic Web sites and share images with fellow employees. After the worker was tried and convicted of videotaping his stepdaughter nude and partially clad, the victim’s mother sued the company, arguing that its negligence in failing to investigate and report that the employee was viewing, downloading, and distributing child porn on his work computer led to the girl’s victimization. The state appellate court held that because viewing child pornography is a federal and state crime, the employer’s knowledge of this activity should have triggered a duty to investigate and report this misconduct to the authorities. Viewing online porn in the workplace is all too common. Consider these facts:

• Approximately 70% of Web traffic to pornographic sites occurs during work hours ( 9:00 a.m. to 5:00 p.m.).
• Some 2.8 billion pornographic e-mails go out every day.
• More than 75% of workers report having visited a pornographic Web site “accidentally” at least once, while 15 % admitted to 10 or more such visits.

Although possession of pornography is not a crime, possession of child pornography — including computer-stored images — is. At least seven states require technicians to report child pornography detected on workplace computers to law enforcement officials or risk facing individual criminal charges.

To remove employees’ expectations of privacy in their computer activities, we’d recommend putting them on notice that the company is free to inspect or monitor such equipment, and requiring employees to sign an acknowledgement that they’ve read and understand this policy.

What’s more, other courts might well rule that the Doe decision could cover other illegal activities by employees using their employers’ computers in ways that cause physical, financial, or other harm to third parties.