Daily Archives: November 3, 2014

Update: Ebola-Related Disruptions in West Africa

Since December 2013, when the first Ebola Virus Disease (EVD) case is believed to have occurred in Guinea, the West African countries of Guinea, Liberia, and Sierra Leone have struggled with the region’s first known EVD outbreak. After identifying the outbreak in March 2014, the situation improved during April, when disease activity was contained in Liberia and transmission declined dramatically in Guinea. However, persistent transmission in rural southeast Guinea in May led to the first sustained transmission in Sierra Leone and a second outbreak in Liberia. Since that time, cases have steadily risen – particularly in Liberia – and have spread to two nearby nations – Nigeria and Senegal – despite attempted containment measures at international borders and points of entry. Traveler and consumer confidence has greatly diminished in West Africa. As affected governments and international health agencies struggle to contain the EVD outbreak, the continent faces the threat of a declining tourism industry and loss in its appeal as a rich venue of emerging markets.

Ebola Virus Disease (EVD)

Although the risk of actually contracting EVD remains extremely low for most travelers and expatriates, serious ancillary risks have created significant travel and business disruptions -particularly in Guinea, Liberia, and Sierra Leone – for which many nations now recommend against nonessential travel. Other concerned African countries have taken additional measures to attempt to prevent importation of the disease by refusing entry to any traveler who has been in countries experiencing EVD outbreak within the previous 21 days.

Specific concerns are two-fold. The first concern is the rapidly increasing number of cases, which appear to be undeterred by extensive attempts at control measures (e.g., intense world health response; quarantine and isolation of confirmed patients, suspected cases, and contacts of those confirmed and suspected cases; treatment of the infected; intense screening activity at borders and points of entry/exit; application of experimental treatments; etc.), coupled with the continued circulation of rumors among local populations that medical practitioners are actually seeking to harm those at risk or infected, causing the sick to hide, flee, or even riot in some cases, thereby spreading the disease – potentially across borders. The second concern is that the operational and travel threat matrix in West Africa has increased exponentially, as those operating in the region may encounter border closures, strict security and health screenings when attempting to cross borders, a lack of goods and services as personnel – especially healthcare professionals – vacate for what they believe are “safer” areas, and the potential for quarantine. Additionally, many global and regional commercial air carriers have begun to suspend travel to the most affected areas. Recent guidelines provided by global health authorities and international partners, as well as nations who have implemented internal EVD protocols, have eased medical evacuations some, but air carrier service for providers, as well as intensive permissions necessary for transporting patients, are still a hindrance in many areas.

West Africa EVD Outbreak

Summary

As of Sept. 5, international authorities have reported at least 3,970 EVD cases and more than 2,030 EVD deaths in West Africa. These include 823 EVD cases and 522 deaths in Guinea, including 621 confirmed cases; 1,839 EVD cases and 1,051 EVD deaths in Liberia, including 606 confirmed cases; 1,292 EVD cases and 452 EVD deaths in Sierra Leone, including 1,174 confirmed cases; 21 EVD cases and seven deaths in Nigeria, including 16 confirmed cases; and one confirmed case in Dakar, Senegal. As these figures demonstrate, the focus of EVD activity has shifted to Liberia and Sierra Leone since May, and persistent disease activity has finally led to the international exportation of infections to additional countries.

Whereas disease activity during the first wave of the outbreak March-May was centered in rural areas of southeast Guinea and northwest Liberia – with a significant focus in the city of Conakry with epidemiological links to southeast Guinea – disease activity has now shifted to include significant urban centers such as Freetown, Sierra Leone and Monrovia, Liberia, where quarantine facilities and treatment centers have been erected to render management options to a growing number of cases. Additionally, the Nigerian foci in Lagos and Port Harcourt – both populous centers of business – via the travel of infected individuals highlight the enormous challenges to the tracing of all contacts of potentially infected individuals and the prolonged isolation of potentially exposed individuals to prevent further spread of disease. In some locations, armed military escorts have been called upon to accompany the transport of high-risk patients to quarantine centers and to ensure the safety of healthcare personnel at these locations.

Media have reported significant numbers of healthcare workers abandoning their posts due to EVD concerns. For example, nurses at JFK Hospital in Monrovia called a strike Sept. 3 over lack of appropriate personal protective equipment (PPE). Although the Nigerian Ministry of Health was able to end the long-standing physician strike in Nigeria in an effort to address staffing needs in the wake of hundreds of isolated patient contacts and other clinical requirements, Guinea, Liberia, and Sierra Leone have not been as fortunate. The infection of several prominent physicians volunteering with aid organizations in the course of this crisis – as well as multiple local national doctors, nurses, and ancillary staff – has led to several violent incidents targeting local government offices and hospitals treating EVD patients. Increased security has been provided to facilities and towns to discourage protests and mass gatherings, which can also facilitate disease spread, and governmental and non-governmental officials have promised increased protection through more personal protective equipment (PPE) and cleansing materials. However, after a UN staff member contracted EVD and necessitated medical evacuation to Germany, the WHO removed more than 60 staff members from Sierra Leone, which has hampered efforts there to accurately diagnose and adequately treat the disease. Many aid organizations are calling for global assistance from any provider with expertise in infectious disease processes and handling special virus samples, as fatigued crews and staff shortages not only underserve the afflicted but create room for error while working and may be partially a cause of the heightened rate of healthcare worker infections, despite careful protocols.

The shortages are not only affecting healthcare workers. Shortages of food and clean water are increasing dangerously due to a number of secondary economic effects: businesses closing due to the outbreak or the repatriation of expatriate workers, farmers being unable to tend to their crops, and cargo vessels refusing to dock at ports where the virus may be present. Disease control efforts at international borders further restrict the delivery of food and other products. Economic recovery in Guinea, Liberia, and Sierra Leone may be slow, even when EVD is finally controlled – which experts have projected to take at least six to nine months.

These infections have also prompted several foreign missions, including the US Peace Corps, to suspend operations in Guinea, Liberia, and Sierra Leone and to repatriate personnel operating in the region. Other organizations, such as mining, extraction, and financial organizations, have reduced staff to essential personnel or have vacated entirely. Nigeria may be able to cope better due to its more fully established infrastructure and more coordinated response efforts, but international authorities have expressed concern that the cluster of EVD cases in Port Harcourt could surge following that index patient’s many contacts with coworkers, friends, and family members. So far, few nations have recommended against travel to Nigeria. However, media have reported that some hospitals in Lagos are rejecting patients with non-EVD-related complaints due to fears that healthcare personnel may be unknowingly exposed to EVD.

Analysis

In both scope and scale, this outbreak has become the largest recorded EVD outbreak in history. Previous EVD outbreaks largely occurred in extremely remote areas that prevented the geographic spread of disease activity. However, this outbreak has affected nearly the entirety of three neighboring countries, including significant areas of urban and peri-urban transmission. Prior to this outbreak, the largest known Ebola epidemic occurred in Uganda in 2000, when officials reported 425 confirmed, probable, or suspected cases. In this epidemic, though, officials have identified nearly 4,000 suspected, probable, and confirmed EVD cases, and some experts anticipate up to 20,000 cases before the end of the outbreak.

One of the primary explanations for the severity of EVD activity in Guinea, Liberia, and Sierra Leone relates to widespread community resistance to disease control measures. This outbreak is the first known incidence of EVD activity in West Africa, and – unlike populations living in countries such as Uganda or the DRC – communities in Guinea, Sierra Leone, and Liberia were largely unfamiliar with the measures necessary to control this disease. Even after more than six months of disease activity and response efforts, local populations remain suspicious of authorities. In at least one instance, a community rioted when officials sprayed disinfectant, because local residents believed that they were being sprayed with the disease and intentionally infected. Although many teams are making headway with cultural relations and communications, it is generally accepted that more connection is needed for wider messaging. Recently, the government of Uganda and the African Union had both pledged assistance in durable goods, personnel, and financing to aid in control measures. As Uganda has vast experience in EVD outbreaks, this may assist quite a bit in cultural sensitivity and processing.

Many communities are also deeply distrusting of international medical teams. In some cases, local communities blame these teams for bringing the disease into their country; at other times, communities merely believe that infected individuals will receive better care at home. In either case, media have reported many instances in which community members have forcibly removed confirmed or probable EVD patients from isolation, or patients have eloped quarantine to return home. For example, the EVD cluster in Lagos, Nigeria was caused by an EVD-infected traveler, who may have been seeking more advanced medical care outside Liberia, according to his wife. Furthermore, the EVD cluster in Port Harcourt, Nigeria was caused by a companion of that traveler, who fled quarantine in Lagos to seek care elsewhere.

Unrelated to the cases in West Africa, the Democratic Republic of the Congo (DRC) notified the WHO of a confirmed case of EVD on Aug. 26. In the midst of a hemorrhagic gastroenteritis outbreak not caused by EVD in or near the Equateur Province, the Ministry of Health was able to delineate that a separate strain of EVD had, in fact, occurred in a woman from Ikanamongo Village near Boende and spread to family members and healthcare workers who were caring for her. In total, 58 suspected and confirmed cases and 31 deaths from EVD have been reported as of Sept. 4. Experts from the DRC and WHO have isolated the area, and other expert aid partners have been called to manage the outbreak, which so far appears confined to that specific area.

With disease projections continuing to increase in Guinea, Liberia, and Sierra Leone, the risk profile for most travelers and expatriates remains unchanged: individuals should strongly consider deferring nonessential travel to these areas. The risk of EVD is highest for healthcare workers, family members caring for ill patients, those attending traditional funerals or burials, and the consumption or proximity to processing primate or bat bushmeat, which has since been ruled illegal in the affected areas. However, even individuals not involved in such activities – for whom EVD risk is low – are at risk of increasingly severe healthcare shortages and increasing potential for civil unrest in disease-affected areas. Furthermore, individuals requiring medical evacuation, even for non-EVD-related issues, face extreme challenges when leaving outbreak zones.

Disease response efforts continue in Lagos and River State, Nigeria. Impacts to travelers or expatriates in these areas should be nominal, and the risk of spread outside of these areas is generally low to moderate given the current climate. The one case identified in Dakar, Senegal, with multiple contacts under surveillance, should not pose any significant risk to travelers or expatriates. However, the general reaction of other countries to nations having had EVD has so far been significant. The WHO has still not instituted any travel or trade restrictions on any of the affected countries, but many countries have implemented enhanced health screenings at borders or international airports and restricted flights or border crossings from affected countries. Individuals and organizations should review risk tolerance levels in anticipation of sudden changes in security and travel impact. Furthermore, individuals in or near EVD-affected areas should practice diligent personal health precautions, keeping in mind the following EVD-specific information:

•  Although EVD is considered “highly contagious,” it is not highly transmissible. The risk of transmission among people not involved in healthcare or funeral settings is small.Local hospitals in the three most affected areas are at overcapacity, and personnel operating in the area and requiring nonemergency care may consider soliciting provider care at a hotel in lieu of a clinic. Many times, intravenous fluids, respiratory therapy, and other types of care can be administered by healthcare professionals in quality hotels. However, durable medical equipment, fluids, and medications are in short supply.

»  Healthcare workers currently operating in the area are most at risk, since EVD is passed                      through blood, organs, tissues, bodily fluids, and close personal contact with infected                        individuals.

•  Occupations with personnel at risk of trauma need to consider their proximity to appropriate care facilities and the possibility of exposure to EVD or other diseases while being treated.

•  Managers charged with site safety and health should be able to recognize the signs of EVD and other hemorrhagic fevers: headache behind the eyes, flu-like symptoms, high fevers, diarrhea, and petechiae – a red or purple “rash” that may appear under areas with pressure.

»  Bleeding, which may only be a late symptom in EVD and also appears in a number of other                  infections, cannot be relied upon for identification.

•  Frequent and thorough hand-washing with soap and water may reduce the incidence of disease. If soap and water is unavailable, use of a hand sanitizer with at least 60-percent alcohol is an adequate substitution.Do not consume “bushmeat” or the meat from any primate, rodent, dog, or bat in the affected areas.

»  Social distancing and avoidance of crowded venues may reduce risk of disease transmission,                and in some areas, it is now mandated.

•  Be aware of increasing travel disruptions related to this outbreak

»  Plan ahead for increased processing times at borders and international airports as countries                implement health screenings of travelers from affected areas.

»  Consider deferring nonessential travel to Guinea, Liberia, and Sierra Leone due to                              infrastructure difficulties and significant travel and medical evacuation restrictions.

»  Be very aware of recent updates in travel restrictions and take these into your risk threshold              matrix.

»  Consider the potential supply chain difficulty as borders become restricted, inspections become          more thorough, and transit times become more cumbersome. Some goods and services may                take longer than others to arrive.

»  Check with your insurance provider and assistance/response company prior to your departure            to understand your level(s) of service, their policies and protocols, and their threshold for                  rapid decision making. Maintain contact with these partners during your trip and keep abreast            of the current information for your decision making.

Bear in mind that some restrictions may not apply only to Guinea, Liberia, and Sierra Leone. Some West African nations may be seen as “at risk” and treated with similar precautions of screening by other nations upon arrival. Certain facilities and laboratories throughout the world have been designated by their respective countries to receive and isolate any “suspected” EVD cases upon screening at points of entry. Special guidance and precautions have been sent out through many health ministries regarding the signs and symptoms of the disease, as well as the potential areas of exposures. There are a various other diseases that may mimic the initial phases of EVD. Fever, headache, nausea, vomiting, aches, and fatigue are seen in a plethora of West African ailments, including malaria, dengue, influenza, and others. Taking appropriate precautions against these diseases will lessen your chance of being identified and potentially quarantined by health personnel when entering or exiting a country.

There currently remain no definitive preventive vaccines or treatment options for EVD. Although recent research and efforts into several unique pharmaceuticals have shown promise in nonhuman primates and have been used experimentally during this crisis, it remains to be seen whether or not these are effective or safe treatments or preventive measures. Data from the field during an epidemic – which lacks supporting data or controls – is extremely difficult to assess. Numerous variables may account for the apparent success or failure of such an agent in any given individual. For example, the administration and subsequent recovery of two American patients from EVD after receiving one such medication may be due to the effectiveness of the medicine, may be coincidental, or may also be dependent on other factors. Likewise, the death of a Spanish missionary after receiving the same experimental treatment may or may not be indicative of that drug’s efficacy. Conclusions as to the effectiveness of these drugs are extremely premature at this juncture.

How to Avoid the EEOC’s Radar

The Equal Employment Opportunity Commission’s (EEOC’s) statistics about employment discrimination continue to demonstrate a trend of increased charge filing and litigation with the agency. And, in the wake of the EEOC’s increased focus and expanding budget to execute its Strategic Enforcement Plan, the employment discrimination lawsuit trend is expected to continue.

The most effective action an employer can take to avoid an EEOC claim is to create a culture and environment that encourages workforce diversity and discourages employment discrimination in any form. However, even when or if those measures don’t insulate the employer from being named as a respondent in an EEOC charge filing, there are still other effective strategies that can help defend the claim and avoid litigation.

  • Auditing policies to ensure compliance with antidiscrimination laws demonstrates cognizant recognition.

A robust policy that explicitly prohibits discrimination, harassment and other related conduct is a key step in the employer’s defense. A policy that: 1) specifies the classes protected under state and federal laws, 2) defines the prohibited conduct, 3) delineates a complaint procedure, 4) promotes confidentiality, and 5) identifies disciplinary action for policy violations, not only educates the workforce about, but also demonstrates the employer’s understanding of, the law.

The policy should also include a strong anti-retaliation statement, encouraging employees to report complaints of unlawful conduct without fear of reprisal and providing employees an avenue to report acts of retaliation.

  • Regular, effective training of managers and nonsupervisory employees on antidiscrimination policies establishes expectations.

Providing comprehensive training to managers on how to, first, recognize the signs and symptoms of discrimination and, second, effectively address the prohibited behavior, demonstrates the employer’s commitment to prevention. Likewise, mandating employee training that is thorough and detailed and that provides realistic examples of prohibited conduct and reporting requirements, signifies the employer’s commitment to awareness. Employers should take care to reemphasize the commitment by reflecting the import of the training in performance reviews and discipline.

  • A timely and remedial investigation of complaints reflects a steadfast resolve.

Responding to an employee complaint in a timely manner affirms the gravity of the concern and signals the employer’s seriousness about addressing the issues. Fashioning discipline that is not only appropriate but corrective and potent, where warranted, emphasizes that the employer’s remedial actions are designed to be effective and not merely antiseptic. Also, an important step often missed is the communication of the investigation outcome to the complainant. While confidentiality considerations exist at this stage, the employee should still be notified that the investigation has been concluded and that appropriate action is being taken, without identifying the specific disciplinary decision.

  • When internal complaints are made, protect the complainant from retaliation.

Once an employee complains, the employer must exercise “super-human restraint” to avoid negative treatment of the complainant. While there is a natural tendency for one accused of misconduct to strike back at the persons who attack them and accuse them of wrongdoing, the law prohibits this action. Instead, the employer should be proactive and engage with the complainant, explain its prohibition against retaliation, and follow up with the employee later to ensure there have been no problems. Additionally, subsequent employment actions taken against the employee should be closely monitored to avoid the appearance of retribution. The EEOC will certainly scrutinize the extent to which proposed employment action against the complainant is consistent, when compared with similar conduct with actual practices and supported by documentation.  

  • Protect and preserve your lawfully made decisions by documenting the investigation and its results.

Throughout the process, the employer will have identified key witnesses and documents pertinent to the investigation. Maintaining a written record of the witnesses interviewed and documents reviewed validates the investigation. Preparing summaries of findings from the investigation can provide a corroborating source of information. Documenting the investigation can also prove important when necessary to confirm the frequency and duration of time spent interviewing the complainant, especially when presented with objections challenging the thoroughness of the investigation. Also, before taking any disciplinary action, make sure all the reasons for the action are documented, and there is objective evidence supporting the reasons and not contradicted by any other documentation.

  • If an EEOC claim is pursued, respond with diligence.

While a quick response to an EEOC claim is often tempting—fueled primarily by the need for focus on the employer’s daily operations—avoid the temptation. A well-reasoned response, supported by proper documentation, is always a better defense. The EEOC is more likely to dismiss a claim where evidence is presented that the employer interviewed relevant witnesses, reviewed and analyzed pertinent documentation, assessed the facts and their relationship to the EEO laws at issue, and made sound employment decisions based on legitimate business factors such as poor job performance or workplace misconduct.

Also remember, regular and interactive discussions with the EEOC investigator can be an effective, but oftentimes forgotten, practice. Contact the investigator and discuss the claim—take every opportunity available to plead the employer’s case and argue its position.

  • Be receptive to the prospect of early resolution in the event of a charge filing.

Even when these strategies have been implemented, sometimes employers are faced with problematic facts demonstrating the potential for monetary exposure from an EEOC claim. In those instances, the employer is prudent to consider the risk/reward analysis of resolving the EEOC claim sooner rather than later. When balancing the scales, oftentimes the cost to resolve the EEOC claim at the early stage is more favorable than the ultimate cost to the employer’s organization, should litigation ensue. Litigation can involve the immeasurable cost of distractions to the employer’s key staff involved in the underlying conduct, who will inevitably have to invest time and resources unrelated to the company’s daily operations to fight the claim, and can negatively impact employee morale, cause poor productivity and create publicity that can potentially harm the employer’s reputation.

Even if the employer effectively prevents employees from discriminating against co-workers and never bases an employment decision on an employee’s protected characteristic, there may still be instances where the EEOC remains unsatisfied. Nonetheless, utilizing these good-faith efforts to prevent and remedy employment discrimination could still serve the employer well in avoiding the EEOC’s radar.

Hospitality Industry Risks: Data Security and Privacy

Most hospitality businesses allocate time and capital to efficiently collect and process data in order to improve sales, customer service and loyalty, and operations efficiency. They also allocate resources to data security. Technological advances have made it easier to manage a wide range of information about customers, vendors, and employees. Virtually all businesses that use computer systems are to some extent vulnerable to costly exposures associated with system breaches.

Hotels and restaurants are no exception and, in fact, have much higher levels of exposure because they collect vast amounts of private data from customers as a part of their day-to-day operations through credit card transactions, online reservations, and rewards programs. Private data may be both personal (names, physical addresses, email addresses, social security numbers) and financial (credit card and banking). While technology helps your business run more efficiently, it also increases your risk for data privacy and security breaches, as well your liability to affected customers. Unfortunately, many hospitality companies have not upgraded their risk management plans to address the inherent exposures associated with today’s sophisticated data management. A breach can severely impact the financial stability and continuing success of a company, and so it’s important to understand the risks associated with data breaches and to develop plans to mitigate them.

Hospitality: A Targeted Industry

According to Nicholas J. Percoco, hospitality businesses often proves to be an easy target for criminals who are looking for high transaction volume, a large database of customer records, and low barriers to entry. In fact, organizations analyzing data breach trends consistently cite hospitality as the single most vulnerable industry:

Percoco, head of Trustwave Spider Labs, believes that the criminal element targets the food and beverage industry because of high transaction volume, which makes it possible to turn criminal activities into money very quickly. Trustwave Spider Labs found that food and beverage companies not only have systems that are vulnerable to infiltration, but often fail to detect a breach until long after it has occurred. Their study revealed that criminals stay undetected in a breached food and beverage system for an average of 173.5 days. The combination of high transaction volume and undetected breach time can prove devastating to a business.

A common misconception is that only large organizations need to worry about protecting against data breaches. In Verizon’s 2012 Report, two-thirds of the 855 investigated incidents occurred at businesses with 11 to 100 employees, a common size for many hospitality enterprises. However, no hospitality company is immune. Smaller, independent enterprises are vulnerable because they are small and may have systems that are easily breached. On the other hand, franchise operations often share a regional, national, or international data system that, once breached, can affect all or most of the individual franchisees.

Most businesses today have data privacy and security exposures, which may include 1) a presence on the Internet, 2) data on servers connected to the Internet, 3) file maintenance that contains personal and/or financial information, and 4) transmission, storage, or processing of data such as credit card payments. Businesses in the hospitality industry need to be particularly cognizant of these exposures. It is important to develop programs to reduce the possibility of a breach and take steps to mitigate the impact of a breach before one occurs.

Costs of a Data Breach

A company that experiences a breach can incur a range of costs that quickly add up to a substantial loss. When private data is compromised, your expenses could include notification and claims processing, credit monitoring services for affected individuals (to lessen the potential for civil suits), and employment of a public relations team (to assist with damage control and preservation of your reputation). There may be additional costs associated with finding and fixing the root cause of the breach, and recovery of lost data. Finally, you may have liability claims for failure to have reasonable safeguards in place to protect personal and financial data.

In the event of a breach, you are responsible for notifying the affected individuals. In fact, 46 states have enacted broad privacy laws pertaining to notification whenever personal or financial information might have been compromised, lost, or stolen. Furthermore, if private data of individuals from other states is affected, you must comply with each applicable state’s laws. For those in the hospitality industry, compliance can be costly and time consuming because it entails research into the privacy laws of the state of residency for every potential affected customer. Since many hotels and restaurants depend upon customers from all over the United States (as well as other countries), notification requirements and the related costs are of particular importance. The possibility of regulatory violations and fines can be drastically reduced if you have an adequate plan in place ahead of time.

Estimates of the average incurred cost for a breach vary between the studies, but one thing is evident: it’s expensive. According to the Ponemon Institute’s 2011 report

, the average cost of a data breach in 2009 was $6.75 million per incident and $204 per individual record. The immediate financial cost of a data breach is only part of the story. It can cause a loss of customer trust and a tarnished reputation, which can be extremely difficult and expensive to rehabilitate. This is especially true for hotels and restaurants, which usually have high public profiles.

Data Security and Risk Management Basics

There is no doubt that the risks associated with data retention and transfer are real and significant. For a hospitality organization, it is of paramount importance to identify areas of exposure and develop adequate risk management programs that address data privacy and security. To help you get started, here is a list of questions (from Cyber insurance specialist Swett & Crawford) with my added commentary:

Is the corporation aware of all applicable state and federal privacy laws and notification requirements pertaining to customer data?

  • Due to the wide geographic dispersion of your clients, it is best to do this research upfront. If a breach occurs, you may not have adequate time to research and comply with state laws, which may be time sensitive. Missed deadlines could lead to costly regulatory fines and penalties.
  • Make sure that your organization is compliant with The Payment Card Industry Data Security Standards (PCI DSS) and any other standards that apply to your organization. Helpful information on PCI DSS can be found here.
Is any personal identifiable information (PII) or client confidential information stored on computers or in paper files on premises? If so, where specifically is the data stored, how is it secured, who has access and how many PII data files are there?

  • PII is often defined as unique information that can be used to identify, contact or locate a single person. In Washington state, PII is defined as an individual’s first name (or initial) and last name combined with one of the following: social security number, bank account number, credit or debit card number (including security code access code or password), driver’s license number, or a Washington identification card number.
  • Track personal data throughout your entire information infrastructure and identify all parties that have access to this data. Conduct an audit that gauges employee access to and use of personal data.
  • Make information security a written workplace policy.
Are all of the companies laptops encrypted? Are portable media devices like thumb drives prohibited or at lease encrypted?

  • Devices such as laptops, smart phones, external hard drives and flash drives all present possible data security threats if lost, stolen, or hacked. While most people assume that system hackers are the greatest threat, recent studies show that lost or stolen portable devices are the most common cause of data breaches.
Has the company implemented strong internal password controls and training to all employees?

  • Make sure passwords are strong. It is also a good practice to reset passwords periodically—90 days is a good timeline—and never duplicate passwords. It’s also a good idea to reset default passwords.
Are the company’s firewalls current and all security patches regularly updated?

  • A firewall can be the best defense when trying to isolate and contain breaches. Despite the expense, it is beneficial to invest in a robust set of firewalls that require user authentication.
Does the company outsource any services to third party vendors that may involve a client’s information? If so, do these vendors provide hold harmless and indemnification agreements with regards to any data breach involving personal identifiable information?

  • It’s a common misconception that outsourcing automatically transfers liability for data breaches to the vendor. It is vital that you have favorable hold harmless agreements and indemnification provisions in place with vendors, but even with these agreements in place, data owners can still be held responsible for compromised information.
Does the company have in force a detailed plan in case of a data breach?

  • In addition to developing and implementing a risk management program for data breach, risk transfer via insurance can be a cost effective risk management mechanism.

Data Breach Insurance Coverage Basics

Over 30 insurance carriers provide coverage that is tailored to specifically address exposures related to data breach. Naming conventions vary by insurance carrier, but some of the more common ones are Data Security, Data and Privacy, Cyber Liability, and Data Breach insurance. Coverage may be written on a standalone basis or combined with your Professional Liability or Media policy.

A properly structured policy will provide both first and third party coverage. First party coverage pays for direct losses incurred as a result of a breach including (but not necessarily limited to) notification costs, recovery of lost and destroyed data, forensic investigation expenses, credit monitoring and call center services for affected customers, business interruption losses, extortion demands, and public relations expenses. Third-party coverage protects companies from liability suits filed by individual customers, credit card companies, regulators, and various other third parties. Coverage should extend to defense costs as well as damages. Depending upon the carrier and insurability from a legal standpoint, it may also cover regulatory defense, fines, and penalties.

As a hospitality business, your financial stability and continuing success depend upon a proactive approach to data security risk management. Lax security practices or a security gap could result in a breach that encompasses massive amounts of stolen data, creating financial loss for your customers, vendors, and employees, as well as your business. It’s important to do all that you can to protect yourself from a breach. It’s equally important to devise a solid risk management plan, including insurance coverage, to mitigate the severity of loss when one occurs. If you have not yet done so, consult with your insurance professional about your data exposure and risk management solutions.

Danger in the Grass: Landscape Hazards

Authored by Joe Samnik

At today’s business meetings, conventions, and trade shows, the destination venue plays a key role in attracting attendees—sometimes as much as the agenda. The first thing at a prime hotel or meeting venue to grab your attention is the landscape: beautiful flowers that you only wish were in your home or office, gorgeous palm trees whose trunks look like they were hand-cut into the shape of diamonds, green rolling hedges, flowering trees, variegated shrubs, and a carefully-manicured carpet of green grass. What a sight! You feel compelled to walk upon it, smell it, and touch it, connecting with your instinctual imperative to bond with nature. However, be warned: There are hidden dangers posing landscape hazards lurking in such a pristine landscape. The following real-life cases serve as cautionary tales for those who would dismiss or ignore these landscape hazards.

Examples of Landscape Hazards

Thirty-One Flavors

After finally making up his young mind on which flavor of ice cream he desires, a little boy and his father must now decide where they will sit to enjoy their culinary delight. Wait, there’s the perfect spot! As the boy and his dad bond over their ice cream, nestled in the shade of a multi-stemmed palm tree, an invisible lack of structural strength is eroding the ability of the palm trunk to support itself. Without warning, the tree falls and lands on the little boy. During the investigation that followed this tragedy, the trunk remnant reveals a very specific variety of mushroom: a basidiocarp, the fruiting flower of the disease that caused the tree to fall, and a very obvious sign of trouble in a palm tree for the knowing eye.

Action Plan: In addition to periodic inspections by qualified professionals, make certain that all staff members are charged with the responsibility of noting and reporting any abnormalities or unusual, if not obvious, tree problems.

 To Build a Fire

Few can deny the joy of camping in the woods. There are some basic decisions to be made, like where to place the camping chairs so that the smoke from the camp fire does not disrupt the enjoyment. In this case, the loud and sharp cracking noise of the decayed trunk buckling under its own weight was not understood soon enough as the 70 foot monster-sized tree crashed upon a chair’s occupant. A cavity was found in the trunk measuring four feet in length and at least eight inches in depth.

Action Plan: Have all staff on constant lookout for cavities, dead branches, or other open and obvious problems. In addition, hire qualified professionals to inspect any abnormalities found by the
staff.

 When It Rains, It Pours

A woman in the midst of a brilliant career decided to make a run for it during a monsoon instead of staying in the gift shop and waiting it out. After a newly-installed palm tree fell and crushed the woman (who survived but was seriously injured), a number of experts testified that the problem was the number of temporary stakes propping up the palm tree. One expert opined that three stakes is enough to provide structural support. Another expert stated categorically that four stakes provided no more strength than three stakes. Yet another noted it did not make a difference because one of the nails, whose job was to be affixed to the support stakes, completely missed the target for which it was intended. Under the ground and out of sight, yet another phenomenon was occurring. Due to the heavy rains and perhaps a failed irrigation line or two, the sandy soils failed to hold onto the root system and simply let go of the tree. No external support system could have held the palm tree in an upright position.

Action Plan: Have your registered landscape architect or landscape designer specify at which date the braces may be removed in their sealed landscape plans. As an added precaution, have your landscape architect inspect the barricades prior to brace removal, accompanied by a written report authorizing the removal.

How do you occupy yourself while waiting in the lobby for check-in? Read, people-watch, check your email, or go to the bar? One woman from Michigan decided to spend this time investigating some attractive lobby plants. She cut off a piece of one plant she particularly liked, only to find her hand covered in smelly white sap afterwards. She immediately tried to wipe the sap onto a nearby couch cushion. When that didn’t work, she opted to smell the substance on her hand, and when this yielded no answers, she tried tasting the sap and promptly fell into the initial stages of anaphylactic shock. She then tore through the lobby, grasping wildly at her throat, jumping up and down, and manhandling anyone or anything that crossed her path. Emergency services were quickly summoned, but paramedics initially met with little success as they tried CPR and the Heimlich maneuver. Then they noticed the plant cutting and immediately administered an anaphylactic remedy. Later, the dangerously curious guest checked into her room after a brief stint in the ER.

Action Plan: Have your Interiorscape designer or landscape architect cross-reference their plant selections with several lists of poisonous plants.

Of course some folks cannot go on vacation without their best friend. In the guise of a service animal, but not fooling anyone in management of the Presidential room she reserved, this prized Afghan hound looked the part of the blue ribbon winner at the Westminster Dog Show, with her long and lovely pure white coat. This regal K9 eventually had to do her business, and nothing short of the finest display of turf grass would suffice for this necessity of life. No attention is paid to the sign posted on the lawn: Pesticide Treatment-Stay Off. This is a very unique animal, and the chelated iron, still dripping from the blades of grass to which it was applied for instant green-up results, stained the impeccably coiffed long white coat. I’m guessing here that the owner went for one of those new short hair cuts that are such the rage among the coterie of elite dog owners.

Action Plan: Have your certified pest control operator apply chemicals at zero or low traffic times of day.

Have you noticed the lengths to which corporate America will go to demonstrate that it is green? Not to be outdone, one resort mass-planted a ground cover of Japanese xeriscape foliage known as Euphorbia milli, or ‘crown-of-thorns’–with an emphasis on the word “thorns.” To be sure, this is a beautiful plant, with small green leaves and beautiful pink blooms. It does not grow much higher than eight or ten inches and will survive on rainfall alone. It has few, if any, insect problems and doesn’t tend to host diseases. But there are those pesky thorns, lots of them, long and very sharp. And, as a lady from Michigan discovered, its sap can truly do a number on you, especially when the sap gets into your eyes. Along the pathway leading to the children’s pool, a child attempted to pick a flower for his mom. After impaling his finger on the thorns, he instinctively reacted by jerking his hand away from the plant. Out came the sap. Then, in the midst of screaming and crying, the child wiped his eyes with the finger covered with sap and at least two protruding thorns. The child unfortunately will now wear a patch over one eye for the rest of his life.

Action Plan: Specify to your landscape architect that armed/poisonous plants should be kept away from traffic areas. Please learn from these tragedies! Hire the right professionals who can assess what is planted and where it is planted. Have your staff be on the lookout for abnormalities and unusual problems with trees.

Cyber Crime Fighting Against Cyber Attacks

As personal, commercial, and government activities continue to migrate to the digital realm, so do criminals. Large-scale cyber attacks are becoming more frequent and more costly for businesses in the United States. Attackers are better funded, more sophisticated, and better organized than in the past, often representing criminal networks or states. Dozens of US banks have suffered cyber attacks over the last year at the hands of foreign attackers. Cyber crooks stole 3.6 million social security numbers and nearly 400,000 credit card numbers and tax data from South Carolina Department of Revenue computers, saddling the state with $20 million in cleanup costs so far.¹ Better security is not going to come cheap. According to Bloomberg, financial services firms will have to boost annual average cyber security spending 13-fold to nearly $300 million each to fend off 95 percent of cyber attacks.²

As enterprises and government agencies increasingly adopt cloud, mobile, and social computing, information technology (IT) environments are becoming more difficult to defend. Increasingly, organizations need to accept that security breaches are inevitable. Security strategies need to go beyond defense to include detection, response, and recovery. All this gives rise to a need for new skills and approaches and specialized tools and services, including continuous monitoring and threat forensics powered by analytics.

Cyber security is increasingly becoming a concern among corporate leadership, including boards of directors. A biennial study of enterprise security governance practices by the Carnegie Mellon University CyLab found a sharp rise in board-level attention to the topic. Among companies surveyed in 2012, 48 percent have a board-level risk committee responsible for privacy and security, up from just 8 percent in 2008.³

Ten Things to Consider when Terminating an Employee

Back to school, back to work, back to serious decisions — now is a good time to recall key considerations before terminating an employee or employees.

1. Consider the Reason: Position Elimination vs. Performance Issues

As a fundamental proposition, the employer must be able to articulate the reason for terminating an employee. A good exercise for employers is to summarize the reason for the action in a paragraph. Is the decision economically motivated as a position elimination or reduction in workforce, or is it based on the employee’s poor performance? If based on the employee’s less-than-acceptable performance, the employer hopefully can establish a paper trail in terms of performance evaluations and prior warnings to support the decision. Will the employee be replaced? Generally speaking, position eliminations (i.e., no replacements) may be easier to defend. However, if there are multiple employees in the position, the employer should be prepared to justify the employee’s termination, e.g., seniority, performance, etc.

2. Consider Whether the Employee Falls Under Protected Status

The employer should consider whether the affected employee falls into a category that is protected by federal, state or local law. Employees may not be discriminated against on the basis of race, religion, age, citizenship, sex, sexual orientation, national origin, marital status, disability and certain other factors. Essentially, all employees except for white males under the age of 40 likely fall into some class that is protected by law. Of course, this is not to suggest that such protected employees are insulated against employer action. Rather, the employer should be cognizant of a potential discrimination claim, underscoring the need to be able to articulate the legitimate business reason for taking action against an employee in a protected classification. Employers should also consider whether a termination or series of prior terminations has a disparate impact on a particular group.

3. Consider Any Applicable Collective Bargaining or Individual Employment Agreements

Most employees are employed “at will,” meaning they are not guaranteed a job for any fixed period, and may be terminated at any time for a good reason, a bad reason or no reason at all, as long as it is not an illegal reason, such as discrimination. Many employers have employment handbooks or other written policies that reiterate such employment-at-will status. Two very notable exceptions to “at will” employment status are collective bargaining and individual employment agreements. Union agreements typically limit a termination to a showing of “cause” or “misconduct.” Economically motivated actions may be strictly limited on the basis of seniority and create “bumping” rights for affected employees. Individual employment contracts may limit terminations without a showing of “cause,” and/or impose significant severance payments. Employers must always take into account the presence of a union or individual employment agreement before acting.

4. Consider Possible Retaliation Allegations

Employers are often annoyed when an employee voices concerns or files a written complaint about discrimination, harassment, wage-hour violations, or requests an accommodation for a disability or religious belief and related issues. Their first instinct sometimes is to “get rid of” the problem employee. Be careful: A myriad of laws protect employees who have either “opposed” discrimination or “participated” in some sort of proceeding. Even where the underlying claim of discrimination or other employment violation lacks merit, the employee may indeed have a bona fide retaliation claim if terminated or subjected to other negative employment action soon after lodging a complaint. While such employees are not necessarily insulated from termination, employers should be aware that they may assume an additional burden to justify their decisions against a possible retaliation claim, especially if taken within approximately six months of an employee’s complaint.

5. Consider the Need for Advance Notice of Group Actions

If the employer’s action constitutes a plant closing or mass layoff under the Worker Adjustment and Retraining Notification (WARN) Act and parallel state mini-WARN laws, the employer should be aware of strict rules requiring advance written notice before the employment terminations can be implemented. Under the federal WARN Act, 60 days advance written notice generally is required where the action affects 50 or more full-time employees. Limited exceptions may apply, e.g., natural disasters or unforeseen business circumstances. State laws may require longer advance notice (e.g., 90 days) or provide broader protections (e.g., actions affecting 25 or more employees.)

6. Consider the Need to Protect Confidential Information

Certain employees may have particular access to confidential and sensitive information about the employer and/or its clients. It may be harmful to the employer if the employee is able to remove or utilize such information post-employment. The employer should take care to ensure that the employee has returned all confidential information company property, and has not downloaded confidential and sensitive information. Employers may, for example, wish to consider disabling the employee’s access to its computer systems and other property just as the termination is being implemented.

7. Consider the Competition and the Need to Protect Clients

Employers are well advised to review and analyze any restrictions already in place to prevent the employee from soliciting clients (and employees), and/or from engaging in a competing business following employment termination. Such “restrictive covenants” typically are found in employment agreements, or separate confidentiality and non-competition agreements. These may have been created at the commencement of or during the employment relationship.

If such restrictions do exist, we believe it is advisable to write the employee a letter providing a gentle reminder of these post-employment restrictions on solicitation and/or competition. Alternatively, such a non-compete provision may be negotiated at the time of separation in exchange for a severance payment or other consideration.

8. Consider Final Compensation and Vacation Pay Due

As a general proposition, employees must receive payment for work performed through the termination date regardless of the reason for termination. Sometimes, employers may elect, for reasons of security or employee morale, to pay the employee “through the end of the month,” although the employee will neither be expected nor required to report to work after the notice of termination is delivered. Employers also need to be mindful of whether the employee is owed any compensation for overtime worked. In California, for example, failing to provide for loss of accrued time is strictly forbidden.

Similarly, employees are generally entitled, under the employer’s policy and/or most state laws, to receive payment for accrued but unused vacation pay through termination date. Some states, such as New York, allow that employers may lawfully adopt “use it or lose it“ vacation policies, which provide that unused vacation time is not payable upon termination. By contrast, in California, for example, a policy or practice providing for forfeiture of accrued time is strictly forbidden. It also should be noted that final termination pay and accrued but unused vacation pay typically must be paid promptly, generally by the next regular payroll date.

9. Consider Unemployment Benefits

In most states, terminated employees are eligible to receive unemployment insurance benefits for an extended period of time unless they (1) leave employment voluntarily or (2) are terminated for misconduct. Conversely, loss of employment due to layoff, lack of work or economic retrenchment typically qualifies the individual for benefits. If the termination is the result of misconduct, employers are encouraged to oppose the claim for unemployment benefits in order to control their “experience rating” and tax rate.

10. Consider the Use of Releases

Because of the potential of liability and associated litigation costs to an employer associated with its termination of an employee in one of the protected classifications, employers should strongly consider requiring employees to sign releases in exchange for receiving severance pay and/or other benefits and consideration in connection with their termination. Although regulations take care to protect employees who agree to waive their rights (i.e., releases must be “knowing” and “voluntary”), when designed and executed carefully, release agreements can provide a valuable protection to employers. The cost can be more than offset by the avoidance of litigation.

What You Can Stipulate: A release agreement usually stipulates that employees will not sue their employers for discrimination or any other claim related to their employment and termination. In addition, employees are typically asked not to disclose confidential information about the employers, not to disparage the employers, or not to disclose the details of the release to anyone other than their spouse, attorney, and financial adviser.

The release agreement should also contain a clause that says the employer, by entering into the release agreement, has not conceded liability in any way. In addition, there should also be provisions whereby employees will forfeit the enhancements from the agreement if they breach it.

Consideration/Enhancement: To make the release agreement binding, employees must be offered some type of consideration. The typical consideration is severance pay over and above what may already be required. For example, if the employer has no severance policy, any severance should suffice; if the employer has a policy that pays one week’s severance for each year any employee works, then the consideration for the release has to be in addition to that. Severance is typically paid out either as a lump sum or salary continuation. Other types of consideration could include directly paying or reimbursing the employee for COBRA (Consolidated Omnibus Budget Reconciliation Act) health care continuation coverage, outplacement counseling, an agreement not to contest unemployment benefits or allowing the employee to keep the company car.

The Over 40 Crowd

The Older Workers Benefit Protection Act (OWBPA) has added safeguards for workers over age 40 when it comes to release agreements. First and foremost, OWBPA requires that the release be “knowing and voluntary.” In other words, the release has to be in clear language and has to spell out exactly what the employee is receiving. In addition, it must tell employees that they have the right to consult an attorney before they signthe agreement.

Employees over 40 also have a minimum of 21 days to consider the release agreement, and even after signing it, they still have a seven-day revocation period.

Conclusion

Overall, the most important thing employers can do to avoid liability and protect themselves when terminating an employee or employees is to plan ahead and be aware of the potential legal implications of their decision, particularly for legally protected employees. The key point to remember: terminations are not accidents, but planned events. Hopefully the 10 considerations outlined above will help to guide employers and help to protect them from liability.

Lodging Industry Survey on Reasonable Accommodations

Dear Hospitality Professional: HELLO!  The Mid-Atlantic ADA Center at TransCen, Inc., and researchers at the University of Maryland at College Park, are conducting a survey of your experiences with providing reasonable accommodations to employees with disabilities in the hotel and lodging industry. We hope our study’s findings will guide development of training and technical assistance activities for aiding personnel in the hotel and lodging industry to more effectively handle requests for reasonable accommodations from employees with disabilities.

We welcome your participation in this 12 to 15-minute electronic survey. As a token of appreciation for completing the survey, we are offering a voluntary opportunity to enter a lottery to win a $10.00 VISA gift card. You have a 1 in 5 chance of winning a card.

If you are interested, please click on the link below. If you have other colleagues who might be interested, please feel free to distribute this invitation email to them.

We appreciate your time!

LINK TO Reasonable Accommodations Survey on SurveyGizmo:

http://www.surveygizmo.com/s3/1747298/Reasonable-accommodations-in-the-Lodging-Sector

An Employer Should Never Ask About Religion or Disability

Everybody knows that an employer should never, ever, ever ask an applicant about religion or disability until after a conditional offer of employment has been made. And maybe not even then. Right?

Right?

Well, mostly right. But, as a couple of EEOC lawsuits show, there may be times when you have to make an exception to this rule.(Otherwise, it would be too easy for employers to stay our to legal trouble.)

The general rule, of course, is that you don’t get into these topics during the hiring process, and in fact it is usually against the law to get into these topics. But here are two situations — admittedly, rare — when you may be legally required to talk about religion or disability pre-offer.

The general rule, of course, is that you don’t get into these topics during the hiring process, and in fact it is usually against the law to get into these topics. But here are two situations — admittedly, rare — when you may be legally required to talk about religion or disability pre-offer.

1. The religion (or disability) is obvious to anyone with eyes to see, and it appears to disqualify the candidate. Last year, I blogged about EEOC v. Abercrombie & Fitch. The store had a “Look Policy” with a fairly strict set of rules about how store employees (called “models”) were expected to dress at work. The policy prohibited anything on the head. Well, hair was ok, but that was it.

(Abercrombie has since amended its Look Policy to specifically allow for reasonable accommodations.)

One day, Samantha Elauf, a Muslim, applied for a “model” job at an Abercrombie’s in Tulsa, Oklahoma, wearing a hijab (head scarf), which violated Abercrombie’s “Look Policy.”

The hiring manager made the assumption that Ms. Elauf was wearing her hijab for religious reasons but still gave her scores high enough to make her eligible for hire. However, when the hiring manager consulted with her boss about it, he told her to lower Ms. Elauf’s scores so that she would be ineligible. Ms. Elauf was not hired, and she filed an EEOC charge, and the EEOC sued on her behalf and won summary judgment. Abercrombie appealed to the Tenth Circuit, which hears appeals from federal courts in Colorado, Kansas, New Mexico, Oklahoma, Utah, and Wyoming. The Tenth Circuit reversed and found in favor of Abercrombie.

According to two judges on the three-judge Tenth Circuit panel, Abercrombie didn’t break the law because it didn’t know whether Ms. Elauf was wearing her hijab for religious reasons (could have been cultural, the majority said), and didn’t know whether she needed a reasonable accommodation to comply with the Look Policy. If Ms. Elauf wanted a reasonable accommodation, she should have asked for it, the majority said. I disagreed with the Tenth Circuit decision, and now please allow me a moment to dance in the end zone:
Yes, the U.S. Supreme Court agreed yesterday to review the Tenth Circuit decisionAs I told Scott Flaherty of Law360 yesterday, the way the SCOTUS has framed the issue makes me think they may find in favor of the EEOC:


 “Whether an employer can be liable [for discrimination based on an employee’s religious belief or practice] only if the        employer has actual knowledge that a religious accommodation was required and the employer’s actual knowledge    resulted from direct, explicit notice from the applicant or employee.”


(Emphasis is mine.)

If I’d been the Abercrombie hiring managers, and if I had thought the hijab might disqualify Ms. Elauf because of the Look Policy, and if I wasn’t sure whether she was wearing it for religious reasons, I would have asked her in the interview her reason for wearing the hijab. If she said it was a cultural thing (or that she wore it because it was cute, or because her head was cold, etc.), then I would tell her that she couldn’t wear it to work. But if she said she was wearing it for religious reasons, I would have told her in the interview that the store would be able to accommodate the hijab, and I would not have penalized her in the scoring for needing to wear it. (And if there was any question about whether it was “cultural” or “religious,” I would have given her the benefit of the doubt and assumed it was religious.)

Of course, it’s always possible that the Supreme Court will agree with the Tenth Circuit, in which case you can ignore everything I just said.

According to EEOC guidelines on the Americans with Disabilities Act, the same principle applies when a seemingly disqualifying disability is obvious. Let’s say you’re hiring for a maintenance position, and an applicant who looked very qualified on paper shows up for the interview in a wheelchair. This appears to be an obstacle to the performance of a maintenance job, which would require the candidate to climb, crawl, lift, and do all kinds of other physical things. But you can’t just “ignore” the wheelchair and then refuse to hire the applicant. Instead you are supposed to ask how he would perform the job, and at that point you may even end up talking with him in the interview about possible reasonable accommodations. If you can accommodate the disability, then you should hire the individual if he’s the most otherwise-qualified candidate. If you reject him because no reasonable accommodation is possible (based on facts, not assumptions), then you should be on legally solid ground.

2. The applicant volunteers that he has a disability (or religious need) that you think may disqualify him from the position. Which brings us to the case of EEOC v. Howard University, which a federal judge in Washington, D.C., decided will go to a jury trial. This time we have Clarence Muse, an applicant for a campus security job who disclosed in his job interview that he had end-stage renal failure, and had to go for dialysis three mornings a week. (He was apparently able-bodied otherwise.) The university said that it required employees in the positions to work rotating shifts, but it wasn’t clear that this was required on more than an ad hoc basis.

Anyway, after Mr. Muse mentioned his renal condition, the interview ended, and he was not selected. The university had conflicting explanations for rejecting him, but arguably it was because of his inability to work rotating shifts because of his dialysis appointments.

The university moved for summary judgment, saying that inability to work rotating shifts was a legitimate reason to reject Mr. Muse, and the court agreed that it could be . . . in theory. Unfortunately for the school, though, the EEOC had some evidence that Mr. Muse could have worked the schedule that the school actually required, and even could have adjusted his dialysis schedule as needed, exactly as he had done in his previous job which he had performed well and for which he had received kudos for always being available to sub for others. According to the court, the university should have followed up after Mr. Muse disclosed his condition by asking whether he would be able to handle the schedule, or how he would do it.

In other words, although it would have been illegal for the school to initiate a conversation about Mr. Muse’s medical condition in the job interview, once Mr. Muse brought it up, the school could not reject him because of his condition without doing the necessary follow-up.

The same principle would apply if an applicant disclosed that she had religious beliefs that might present a problem performing the job.

So, there are two morals to this story: (1) occasionally you really ought to ask about disabilities or religion in hiring even though 99.99 percent of the time you should not, and (2) notice how the EEOC just keeps rocking’ along with these lawsuits.

How Leakage Affects Your Travel Program

Despite a travel management company’s (TMCs) daily efforts to create the best possible travel program for your business some bookings are still lost to leakage.

Sometimes travelers won’t book through your preferred channel or they’ll book their own choice of hotel over the internet. When this happens, gaps start to appear in your data and your reporting.

While many corporates with managed travel programs have mandated policies in place, leakage from loss of transactions through your preferred booking channels or supplier can cost your company significantly over the long term.

The Travel Landscape

Almost all corporate travel programs, no matter how large or small, will experience leakage at one point or other. With so many channels now available for travelers to book their flights, accommodation or car hire through, there is always the risk of non-compliant bookings.

At face value, airline or hotel websites can be appealing to a traveler with simple travel needs. There are the perceived benefits of convenience and simplicity, and of course, the perception of ‘lowest rates’. Employees may think they are doing the right thing for their company by bookings themselves if they spot a cheap deal. But by booking outside of policy, the overall cost consequence for a travel program can be significant if leakage is widespread among employees.

What are the Impacts?

Leakage affects the overall performance of your travel program in many ways starting right from the booking stage.

You’ll Pay More in the End

An in-policy booking consisting of flights, hotel and car hire made with FCm, would attract a single booking fee with your travel manager. However a traveler who books flights through FCm, books their own hotel over the internet and then calls a car hire company direct to organize a rental car would more than likely attract three different booking or service fees. And with online travel websites charging anywhere from $4 up to $30 per booking and some suppliers also charging service fees, corporates with leakage to non-preferred booking channels often face a higher fee structure than those customers using a single supplier as part of a consolidated TMC-managed travel program.

If you have booked over the internet and your travel plans change, you generally not only forego flights and room nights, but incur the cost of having to book and pay for them all over again. At the very least, you will probably have to pay penalty fees. And don’t forget the soft cost of your time spent trawling the Internet to find what you believe to be the best rates. Time is money and it all adds up.Book with a TMC or a TMC-provided online booking tool and there is less room for error. FCm has the ability to hold seats, which is generally not an option if you book via the Internet, itineraries are then audited by our consultants before your booking is confirmed and payment made.

There are also cost implications for your future hotel or airline negotiations. If your company has not met volume agreements with your preferred hotel supplier or airline, rate discounts may not be as forthcoming or generous in subsequent contract negotiations.

Visibility Decreases

If leakage is occurring because employees are booking through non-compliant channels (i.e. over the internet or direct with suppliers), spend data is more challenging to reconcile and use for big picture program analysis. It is far easier to control what you can see and capture. If you’re lacking insight into traveler records and spend patterns, your knowledge of your travel expenditure can be compromised.

Supplier Negotiations are Affected

The more knowledge you have of your data the more power you have to negotiate with suppliers for competitive deals. Suppliers look favorably on companies that not only have volume to offer but are able to prove loyalty to their preferred suppliers. If you’re experiencing 30 percent leakage on your hotel program, a company with a total of 11,000 room nights per annum is in effect negotiating a discount for only 7,700 room nights which would have a significant impact on your contracted rate deals.

Expense Reconciliation takes Longer

Bookings made through non-compliant channels mean your accounts department is spending more time manually chasing traveler receipts, itineraries and copies of either, as well as processing receipts from different suppliers. A consolidated travel program with a TMC provides enhanced data in a consolidated format.

Traveler Safety and Security Compromised

If you don’t have visibility into your traveler bookings, it can make it difficult to track where your employees are quickly. If 100 percent of your bookings are made via your TMC or a TMC provided online booking tool – you’ll have one point of contact in an emergency. Speed and efficiency are critical during a crisis so it’s essential you have a full understanding of where your employees are at all times.

Change Management

Enhancing the way you book travel, improving compliance, as well as your attitudes to travel will help mitigate booking leakage. There needs to be a common mindset, and educating employees is a crucial part of this. TMCs help you proactively inform your travelers and travel bookers regarding:

  • your travel policy and how it affects them
  • your company’s travel goals (e.g. What savings you are trying to achieve)
  • the benefits of your travel policy, both company-wide and for individuals
  • what non-compliance measures will be taken if people do not adhere to your policy
  • the savings (i.e. the ‘wins’) that are achieved as a result of compliant travel behavior. Keeping your people informed at all these levels is your key to productive and cost saving travel activity.

Control Leakage by Curbing Rogue Bookings

 Zero in on hotel Bookings

If leakage is occurring because travelers are booking hotels over the web as a last minute decision, ask your TMC if they have an online accommodation website your travelers can use, which offers integrated reporting. If leakage is occurring regularly in a particular city find out if there are broader issues such as inadequate accommodation standards or availability issues.

 Make it convenient

According to a Global Business Travel Association study, the most often-cited reason for not using approved channels was inconvenience (36%), followed by the hotel being a last-minute decision (30%). Almost as many out-of-policy travelers (25%) said booking through preferred hotel channels took too long.

 Keep an eye on key offenders

Pay close attention to new recruits (they may not be across company policy), tech savvy travelers (tendency to book over the web) and managers (who think they’re above company policy) to stem leakage problems.

Focus on technology

Utilize the latest technology for travel apps, online booking tools and expense reconciliation. This ensures your systems are quick and easy, which is what most travelers are looking for.