A recent survey of people who said they were victims of bullying at work found that most of the self-identified victims blamed the bullies, and not the targets, for the incidents. Respondents to the survey, conducted by the Workplace Bullying Institute, selected “bullies were threatened by target's technical skills” as the most common answer to the question of why they, or people whose bullying they witnessed, were bullied. One in five respondents, who could each chose two answers, selected that as a reason.
When an employee reports misconduct or unsafe working conditions, employers should know how to conduct an effective investigation. Investigations promote ethical conduct by assisting in the enforcement of applicable laws and policies.
Popular perception seems to be that individuals and entities decide to engage in insider trading based entirely on a risk vs. reward analysis without regard for the law. The alleged insider-trading scheme involving Steven Cohen and Mathew Martoma of SAC Capital may have netted $276 million in illicit profits and averted trading losses for the company. Numbers like that can certainly fuel speculation about motivations for insider trading and raise the question of whether the risks associated with violating the law are large enough to act as a deterrent.
The Department of Labor (DOL) recently expanded the definition of “son or daughter” under the Family and Medical Leave Act (FMLA) to include adult children. The new interpretation allows employees to take up to 12 workweeks of leave per year to care for any children who are 18 years of age or older and unable to care for themselves because of mental or physical disability. Previously, the FMLA limited the definition of “son or daughter” to children age 17 and under who have serious health conditions.
The United States Department of Labor (DOL) appears to be reviving the “Right to Know” initiative first proposed in 2010. This initiative is aimed at reducing worker misclassification by requiring employers to reveal more information about how they classify employees. The DOL recently announced its intention to collect information about “employers' experiences and workers' knowledge of basic employment laws and rules so as to better understand employees' experience with worker misclassification.” The DOL may ultimately use this information in crafting and implementing a new Right-to-Know rule.
The severity of this year’s flu season is prompting legislators in some U.S. cities and states to consider passing mandatory paid sick-leave laws. In New York City, Councilwoman Gale Brewer has proposed a bill that would require businesses with five or more employees to offer five paid sick days a year. If the bill becomes law, NYC would become only the fifth place to have passed such legislation, joining Connecticut, San Francisco, Washington D.C. and Seattle. Connecticut has a law similar to the one proposed in NYC that requires private employers to grant full-time employees five paid sick days a year, while Seattle has implemented a tiered system of paid sick leave that varies based on the size of the business.
A review of the performance of the U.S. Department of Justice’s Antitrust Division for 2012 shows a continued increase in the successful enforcement of antitrust laws. The EU successfully enforced its competition laws as well.
The Department of Health and Human Services (HHS) Office of Civil Rights (OCS) recently announced that a small non-profit hospice has agreed to pay $50,000 to settle potential HIPAA-HITECH security-rule violations arising from a breach affecting 441 patients. The settlement is notable for being the first that involves a data breach affecting fewer than 500 individuals. The settlement appears a signal that OCS intends to enforce HIPAA-HITECH security rules against covered entities regardless of the size of the breach. As the healthcare industry transitions to entirely electronic recordkeeping, it is a high priority for HHS to ensure that covered entities of all sizes implement adequate protections for electronic protected health information (ePHI).
Recent cases of corporate fraud highlight the need for employers to train their employees in fraud detection.
In today’s work environment, organizations face three types of data-security risks: internal, external and human error. According to a recent study by Rapid7, a security intelligence company, human error is the most common cause of data breaches. From January 2009 to May 2012, organizations reported a total of 268 data breaches, which affected approximately 94 million people. Negligence and clerical errors were responsible for 78 of the incidents, and loss of data storage devices resulted in another 51 incidents. Surprisingly, hacking was the least frequent cause of data breaches, contributing to only 15% of the reported incidents.