Deffebach in HR Magazine: OSHA Database Appears Vulnerable


Employers subject to the Occupational Safety and Health Administration's (OSHA's) new electronic reporting requirements are nervous about filing with the government following a potential data breach, HR Magazine reported.

The breach, reported by Bloomberg BNA, resulted in OSHA temporarily suspending its portal for submitting injury data within two weeks of its launch on Aug. 1. While OSHA's portal is now back up, employers distrust the agency's ability to safeguard confidential information from hackers, raising questions about whether the electronic reporting requirements — under review by the Trump administration — should be scrapped. …

Establishments with 250 or more employees must file the Form 300A summary of illnesses and injuries electronically by Dec. 1. By July 2018, they will also have to file the more detailed Forms 300 and 301 in addition to Form 300A, unless the Trump administration revises the requirements.

All employers with 20 to 249 employees in industries that OSHA considers to be highly hazardous also will have to provide the illness and injury information in their OSHA 300A summary reports electronically, HR Magazine reported. … Previously, employers had been required to prepare their OSHA logs, post them at the workplace for employees and unions to examine, and keep them in HR files for five years. … Now under the electronic rule, employers will have to show their data every year, unless the requirements are rescinded. …

Matthew Deffebach, a partner at Haynes and Boone, LLP in Houston, said, "OSHA has promised to scrub personal identifiers from this information, but a data breach could expose such information residing in OSHA's database."

He added that the recent glitch "calls into question OSHA's ability to properly remove the personally identifiable information in the first instance."

Excerpted from HR Magazine. To read the full article, click here.

Related Practices

Email Disclaimer