Department of Labor Releases Final Rule Regarding Overtime Exemptions under the Fair Labor Standards Act

DOLRecently, the Department of Labor (DOL) released its final regulations making changes to Part 541, governing overtime exemptions under the Fair Labor Standards Act (FLSA).

Here are the key elements of the new regulation that you need to know now:

1. Salary Threshold Changed to $913/week ($47,476 per year)
This threshold doubles the current salary threshold level. While this level is slightly lower than the threshold in the proposed rule, it still encompasses many employees that are currently classified as exempt.

2. Automatic Salary Threshold Increases Every 3 Years (Not Annually) to Maintain Level at 40th Percentile in Lowest-Wage Census Region
Automatically updating the salary threshold, however, does not allow the government to take into account changing economic conditions, specific impact on certain industries, or regional differences. It also denies the public the ability to have input on the threshold as required by the regulatory process.

3. Duties Test is Unchanged
DOL did not make changes to the standard duties test.

4. Effective Date is December 1, 2016.
With the rule going into effect on December 1, 2016, employers should review their current workforce immediately to determine which employees are affected, whether to re-classify those employees, and to execute a communications strategy. Employers should keep in mind the periodic adjustments and set a regular review process.

5. Highly Compensated Employee (HCE) Exemption Is now $134,004 per year
The final rule retains the methodology in the proposed rule setting the threshold at the 90th percentile of full-time salaried workers nationally.


Intentional Acts and Weapons Liability

There is nothing new about a business owner keeping weapons under the store counter or in the vehicle used to take deposits to the bank. The laws, however, raise questions about liability insurance for weapons-related incidents, so it’s a good time to brush up on coverage issues.
There are at least three ways an insured can injure someone with a weapon:
Accidental discharge of the weapon,
Intentional shooting with an intent to injure the person (shooting a criminal), or
Intentional shooting with accidental consequences (shooting an innocent person standing behind the criminal).

There’s no coverage problem with the accidental discharge. The commercial general liability policy covers the insured’s legal responsibility for bodily injury or property damage to others as the result of an accident. Costs for defense and payment of any subsequent judgment or settlement are provided.

For the other two types of incidents, however, the intentional acts exclusion in the policy presents a problem for the individual or commercial insured seeking defense or indemnity following a shooting incident.
The intentional acts exclusion in the CGL policy reads as follows:

2. Exclusions

This insurance does not apply to:

a. Expected or Intended Injury

“Bodily injury” or “property damage” expected or intended from the standpoint of the insured.

This exclusion does not apply to “bodily injury” resulting from the use of reasonable force by an “insured” to protect persons or property.

Most courts have treated this exclusion narrowly, so that not only must the action which causes the damage be intentional (striking a difficult customer), but the damages must be reasonably expected (broken jaw vs. paralysis). In an auto-related case (Tanner vs. Nationwide), the Texas Supreme Court said a similar exclusion in the personal auto policy is “effect-focused and cause-focused, voiding coverage when the resulting injury was intentional, not merely when the insured’s conduct was intentional.” According to the decision, if the exclusion were to preclude coverage for reckless acts that didn’t result in deliberate injury, insurance coverage would disappear for many accidents.
The exclusion applies to “the insured” who intentionally causes the damage, and not to all insureds who may be sued as a result of the damages. Thus, the named insured business would be protected in a suit brought by a customer who was intentionally injured by a third party or an employee of the insured.

The exception to the exclusion applies to bodily injury only, and permits the use of “reasonable force” by the insured to protect persons or property, such as when a store owner grabs a customer suspected of shoplifting or shoots a burglar or robber, and the customer or criminal later sues the insured as a result.

Cyber Checklist for Risk Managers

checklistIf the value of personal information makes us vulnerable, the value of health care information exponentially expands the bullseye. According to Reuters, medical records are worth up to 10 times more than credit card numbers on the black market.

As a health care organization, it is our responsibility to protect the integrity of our patient’s records, and we take this responsibility very seriously.

All too often the effort has been focused on preventing and managing massive cyber-attacks. However, it is critically important that we be mindful of the exposure the individual employee represents in our cyber security.

This could be the employee who inadvertently faxes data to the wrong person, leaves their computer unattended and at risk, or the employee who intentionally sets out to hurt the organization as a retaliatory measure.  This is a real exposure that is often overlooked.

It’s important that you act in lock step with network security and organizational teams in order to detect, stop, and address the untoward event appropriately.  Cyber threats can be overwhelming and a contributor to sleepless nights.

To help us break this threat apart into manageable steps we have created a checklist for the risk manager.

Checklist for Risk Managers

    • Work with board and executive leadership to ensure support for cyber initiatives.
    • Provide for strong data breach identification and management policies and procedures creating a zero tolerance culture for data breaches.
    • Ensure that education and training occurs at all levels of the organization at least annually to include basic definitions, policy content and zero tolerance culture.
    • Create a breach response team in partnership with Organizational Integrity, Finance, Legal, Risk, IT security, Human Resources, and Communications to ensure are all working together for immediate detection, response and action when a breach occurs.
    • Negotiate a robust cyber insurance policy that has breach response, liability coverages, as well as coverage for regulatory actions, fines, and penalties.
    • Create data breach preparedness planning opportunities.
    • Leverage insurance carrier for education and loss prevention opportunities.
    • Appreciate the regulatory landscape through education and training.
    • Develop contracts with external partners including forensic firms, law firms, and public relations firms to assist during a large breach event.
    • Train, test, revise, train, test, and revise!

The answer to many cyber threats is having the force of an integrated cyber security and breach response team as your shield.

Your Cyber Security Rests on Your Weakest Link and Your Lawyers

According to the Association of Corporate Counsel, “employee error” is the most common cause of data security breaches for employers.

Other common causes of security breaches included insiders stealing company data and phishing attacks.

The survey of 1,000 in-house lawyers for organizations in 30 countries found that most respondents anticipate that their role in cybersecurity, which was traditionally the domain of IT departments, will increase in the coming year.

However, only 10 percent of lawyers surveyed said they have a budget for addressing cybersecurity. Although half of respondents said their organizations carry cybersecurity insurance, only 19 percent of those who experienced a breach said their insurance policy fully covered their losses.

According to the report, health care is the industry most at risk for a cyber attack, followed by insurance and manufacturing/retail. Nicole Hong “Employee Error Leading Cause of Data Breaches, New Survey Says,” (Dec. 9, 2015).


Attorneys are becoming more involved in data security, as this survey shows, because cybersecurity is a legal and liability issue as much as an IT issue.

When personal information is compromised as a result of poor cybersecurity, customers, employees, or other victims can file a class action lawsuit against the organization for jeopardizing their confidential information. As more class actions occur, so will legal involvement.

Data breach lawsuits can be extremely costly. One of the most notable recent cybersecurity failures was the 2013 Target breach of up to 110 million customers’ credit and debit card information. In 2015 Target settled a resulting class action lawsuit for $10 million. In addition, Target agreed to reimburse thousands of financial institutions as much as $67 million for costs incurred from the breach.

In 2013, health insurance company, AvMed Inc., agreed to pay $3 million to settle a class action lawsuit for maintaining inadequate data security because of the 2009 theft of laptop computers containing the personal information of 1.2 million customers.

Although attacks by international hackers garner more attention, this report shows that employee negligence actually poses the greatest risk to an organization’s cybersecurity.

In order to protect data security, employees should receive training in the following:
1. Mobile device security, including never leaving mobile devices unattended in public and physically locking them in the office when not in use;

2. Malware prevention, including regularly scanning computers for malware;
3. Identity theft, including not sharing personal information on email or insecure websites;

4. Phishing, including never clicking on links in an email;

5. Passwords, including how to create strong passwords by using pass phrases; and

6. Wi-Fi security, including never using an insecure public network to send confidential information.

The Hyatt Data Breach: What It Means for Employers and Employees

cyberOn November 30th, Hyatt Hotels discovered that hackers “managed to breach its network, access the payment processing system and possibly steal payment-card information belonging to visitors.”
The spokesperson for the hotel chain did not give details about the scope of the attack: how many customers were affected; how many of the company’s 627 hotels were affected; how long the network was infected; and what malware was used to attack the network. The company did state that “the malware was programmed to collect payment information, including card numbers, expiration dates and verification codes.”
Hyatt has assured the public that steps have been taken to strengthen the security of its systems in all of its hotels around the world. The hotel chain has also advised customers to review their payment-card account statements closely and to report all unauthorized charges to their card issuer immediately. Chris Smith, “Hyatt Hotels Chain hit with credit card stealing malware,” (Dec. 25, 2015).

Small & Large Employers Alike Are Feeling the Impact of PPACA

InsuranceA human resource consulting firm recently released the results of its annual survey on employer-sponsored health care plans. One piece of good news from the survey is that average health care costs per employee experienced a smaller increase this year (3.8 percent) as compared to the increase in 2014. This is the third year in a row in which increases have been below four percent.

Unfortunately, small employers, those with 10 to 499 employees, experienced higher average cost increases at 5.9 percent. Large employers with 500 or more employees fared better with an average increase of 2.9 percent.

However, 23 percent of large employers face paying the “Cadillac” tax in 2018 if the coverage they offer is considered high-cost insurance. The number of affected employers is expected to increase to 45 percent by the year 2022.

Employers are looking at a variety of ways they can reduce health care costs. Offering health plans that are consumer directed with a high deductible is their primary strategy. The survey found that 25 percent of covered employees use this type of plan along with an employee savings or reimbursement account.

Even with cost-saving measures, the employers surveyed expect their per-employee health benefit expenses to rise by 4.3 percent in 2016. “Survey: One in four large employers at risk for ‘Cadillac’ tax,” (Nov. 20, 2015).

The Importance of Disconnecting in a 24/7 World

distracted-driving-720Smartphones and other smart devices have become an extension of who we are. Sixty-four percent of American adults own a smartphone, and 67 percent admit to checking them even when they aren’t ringing or buzzing with messages or call notifications.

We’re always on, and we’re always connected. But what is this constant state of connection costing us in terms of workplace concentration, performance and productivity? Here are a few effects of constant connection:

Sleep Loss — Smartphone screens emit a blue light that suppresses the production of melatonin, the hormone that tells your body when it’s time to sleep. When your sleep cycle gets disrupted, your concentration and memory can suffer.
Lack of Concentration — Researchers at Florida State University found that phone notifications alone were enough to significantly disrupt performance on tasks that required high levels of attention. Subjects were three times more likely to make mistakes while their phones were buzzing or ringing. The level of distraction was comparable to that of answering a phone call or text.
Less Creative Thought — Research has shown that some of our most original thoughts come during times of boredom, when our minds are free to wander and make new subconscious connections. But we’re spending so much time on our mobile devices, we’re not giving our minds any free time to roam.
Motivation Lulls — According to research, intuitive thinkers are more likely to turn to their smartphones when faced with a problem rather than use their own brainpower.
Tips for Disconnecting

Use Your Brain — Remember the good old days when you could easily recall phone numbers, home addresses and directions to a new neighborhood? Try doing things the old-fashioned way to keep your mind sharp.
Create a Schedule — Set aside a specific time to deal with smartphone notifications each day. During that period, you can check messages and return calls and emails. Don’t vary from the schedule unless it’s an absolute emergency.
Enjoy Downtime — Make sure your time off is just that. If possible, turn off the smartphone in the evenings and on weekends so you can concentrate on yourself.
Get Some Rest — Put the smartphone away an hour or two before bedtime so your body can properly adjust and prepare for sleep, and don’t forget to turn off the phone while you’re sleeping!