Data Security: The New Safety-Sensitive

This information is provided for educational purposes only. Reader retains full responsibility for the use of the information contained herein.  

In today’s technology-centric world, the value of most companies lies in their data. The security of this data is paramount both to the company and to its customers. Much of this security relies upon the actions and decision-making of the company’s employees.   

If data security is vital, are these employee positions the new safety-sensitive? Safety-sensitive employees are held to higher standards in the workplace because their failure to perform can cause harm to others. Drug and alcohol use by safety-sensitive employees is a much more serious offense due to the risks inherent in their job responsibilities. Given today’s data-driven world, it may be time to expand the definition of a safety-sensitive employee.  

What is at risk in a data breach?  

Breaches to data privacy can cost a company and its customers big. In 2013-2014 Target experienced a major data breach of customer information that resulted in huge losses for the company. Target reported $202 million in expenses due to the breach, and it additionally settled a multistate lawsuit related to the breach for $18.5 million. Sixty million customers were affected, causing unknown amounts of fraud and identity theft.     
                                                   
Experts blame the Target data breach on multiple communications breakdowns and negligence, as the hack was not especially sophisticated. Warning signs went unnoticed, and when security employees did notice problems, corporate staff was very slow to respond.   

Employees’ practices are at the center of cyber security. The FCC’s recommendations for preventing data breaches list training employees on security principles as its number one precaution. But training will only prevent breaches if employees abide by what they are trained to do. Employees must make clear-headed and judicious decisions while on the job in order to safeguard data security. Employees must act quickly to respond to data safety concerns and must be able to identify the subtle warning signs of a breach. Impairment to decision-making faculties will necessarily affect data security.  

What is the definition of a safety-sensitive employee?   

What is a “safety-sensitive” employee? The name can have different definitions, some more specific and some more broad, across different contexts and jurisdictions. In general, a safety-sensitive employee is one whose responsibilities require a constant state of awareness to prevent harm. There is a nexus between the employee’s job duties and a safety risk.   

The Equal Employment Opportunity Commission (EEOC) adopts an extremely narrow definition of safety-sensitive employee. The EEOC even goes so far as to claim city bus drivers are not in safety-sensitive positions. Fortunately, the EEOC guidelines of safety-sensitive will only govern situations with disabled individuals, or when an employer seeks medical information about employees. Very few employees are governed by the EEOC’s definition of safety-sensitive because they have no legal disability. The EEOC will oftentimes apply to an employee’s prescription medication use, but under current law will never apply to an employee’s medical marijuana use.  

In contrast to the EEOC, the state of Tennessee adopts a more broad definition of safety-sensitive that can clearly include employees who handle data security or sensitive data. Tennessee Code 50-9-103 includes in its definition of safety-sensitive position “a position in which a drug or alcohol impairment constitutes an immediate and direct threat to public health or safety, such as a position that requires the employee to … work with confidential information ….” An employee who works with confidential information is specifically listed as a safety-sensitive position.  

Utah uses a definition of safety-sensitive that is middle of the road between Tennessee and the EEOC. It does not specifically mention employees who work with confidential information, but neither does it narrowly limit what employees are considered safety-sensitive. Utah Code 34-41-101 defines safety-sensitive as a position “involving duties which directly affect the safety of governmental employees, the general public, or positions where there is access to controlled substances.” Some companies may feel very comfortable with defining data security as directly affecting the safety of the public, and other companies may wish to adopt a more conservative definition.  

Most states allow employers to craft their own definitions and requirements for safety-sensitive employees. However, be sure you are up to date on the laws and requirements of your state for safety-sensitive designations.  

Data Security Is the New Safety-Sensitive   
​
Safety is no longer solely about bodily harm. With digital work and commerce replacing paperwork and brick-and-mortar at an ever-increasing rate, the necessity of secure data will also grow at an ever-increasing rate. Sophisticated technology will not be enough to protect a company’s data and its customers’ information if its employees are not functioning with alertness and a high degree of care. Companies must be clear that data security is a very high priority, and must adjust all workplace policies across the board to reflect this priority.  
​

© DrugPak – No portion of this article may be reproduced, retransmitted, posted on a website, or used in any manner without the written consent of DrugPak. When permission is granted to reproduce this article in any way, full attribution to the author and copyright holder is required.