Recently, Facebook announced that nearly 50 million user accounts were compromised in a data breach. The breach, which can be traced back to July 2017, is one of the largest in the company’s 14-year history.
While investigations are ongoing, the company said hackers exploited a software vulnerability in Facebook’s "View As" feature to steal access tokens and gain control of user accounts. Access tokens are effectively digital keys to specific accounts, and stealing them allows attackers to view private posts or compose status updates without the knowledge of the affected user.
In addition, the attack allowed the hackers to see anything that users can see on their own profile, including the names and birthdates of friends and family members. Such information could be used in future phishing attacks.
In response to the attack, Facebook reset 90 million logins automatically, fixed the software vulnerability and informed law enforcement officials. While the company says that users do not need to change their passwords, individuals experiencing login issues should navigate to Facebook’s Help Center.
As a safety precaution, users are encouraged to log in and out of all of their accounts on every device. Users can see all of the devices they’re currently signed into here.
To learn more about the breach, read Facebook’s official blog post.
Read more
Several big names in food retail—like Trader Joe’s, Whole Foods and Walmart—are pulling millions of pounds of premade products off their shelves following a massive nationwide recall due to possible listeria and salmonella contamination.
Major food manufacturers, including Bakkavor Foods and Ruiz Food Products, issued the recalls after notifying the U.S. Department of Agriculture’s Food Safety Inspection Service on Oct. 17 that their products may include possibly tainted corn, onions and other vegetables sourced from McCain Foods.
The recall has been classified as a Class I recall, meaning there is a "reasonable probability that the use of the product will cause serious, adverse health consequences or death." This means that if you’ve purchased any of the contaminated products, you should throw them away immediately and not consume them.
What products are recalled?
The list of products being recalled is vast, but popular products that were pulled off the shelves include Whole Foods’ Santa Fe Style Salad with chicken and Trader Joe’s BBQ flavored chicken salad. Click here to see a full list of recalled products as detailed per manufacturer.
What is salmonella?
Salmonella is a bacteria that causes intestinal illness. If you experience the following symptoms, seek medical attention for possible salmonella infection:
- Diarrhea, fever and abdominal cramps
- Symptoms beginning 12 to 72 hours after suspected ingestion
- Symptoms lasting four to seven days
What is listeria?
Listeria is a bacteria that causes listeriosis, a serious bacterial infection that primarily affects older adults, pregnant women, newborns and those with weakened immune systems. The most common symptoms of listeriosis are fever, muscle aches, diarrhea and other gastrointestinal symptoms. If you experience flu-like symptoms within two months of eating contaminated food, contact your doctor right away so you can be properly treated.
What can I do?
To protect yourself, you’re urged to review the massive list of recalled products to ensure you don’t consume the possibly contaminated ingredients. If you exhibit any symptoms of either a salmonella infection or listeriosis, contact your doctor immediately.
Read more
As with any cooking tool, it’s important to take caution when using a turkey fryer as it can be extremely dangerous. Here are some tips to consider when frying a turkey:
- Stay in the area where you are cooking. Leaving the turkey unattended may cause the fryer to overheat, resulting in a fire.
- Use your turkey fryer on a level surface. Anything that might cause the fryer to tip over may result in a hot oil spill.
- Thaw your turkey before cooking. Water from a still-frozen turkey can cause the oil to bubble or splash over the pot.
- Keep small children and animals away from the fryer while it is in use. There is a great risk that a child or pet could run into the fryer, knocking it down and causing serious injury. A safe distance of three to 10 feet away is recommended.
- Have safety equipment ready. Use oven mitts, goggles and an apron while cooking. Have a fire extinguisher nearby in case of emergency, and keep flammable items away from the fryer.
Your Safety Matters!
For your safety, only use a turkey fryer outside and away from your home. Never use a turkey fryer in a garage or on a porch. Also, be sure to keep some distance between yourself and the fryer as you monitor it—you wouldn’t want to accidentally get splashed with hot oil.
Did You Know?
The U.S. Fire Administration states that Thanksgiving is the peak day for home cooking fires. While preparing your Thanksgiving turkey can be a timeless tradition, it’s important to keep cooking safety measures in mind to protect yourself, your guests and your home.
Read more
As of Sept. 21, 2018, employers that conduct credit background checks to screen job applicants or employees must use updated notices to comply with the Fair Credit Reporting Act (FCRA). On Sept. 12, 2018, the U.S. Bureau of Consumer Financial Protection (Bureau) issued an interim final rule that includes new models for these required notices. The new models reflect changes to the FCRA that were enacted in May 2018. Specifically, the Economic Growth, Regulatory Relief, and Consumer Protection Act amended the FCRA to:
- Provide consumers the right to place “national security freezes” on their credit reports without charge; and
- Require that consumers be notified of this new right as part of a credit background check process.
Employers that conduct credit background checks to screen applicants or employees must ensure that they (and the credit reporting agencies they use to conduct the credit checks) use the updated models or substantially similar notices.
Background
The FCRA is a federal law that restricts how consumer credit information may be gathered, shared and used. While one of its main purposes is to promote accuracy in consumer credit reports maintained by consumer reporting agencies, the FCRA also:
- Regulates entities that use consumer credit information (such as employers); and
- Requires that certain notices be provided to individuals who undergo consumer credit background checks by their employers or prospective employers.
On May 24, 2018, Congress passed the Economic Growth, Regulatory Relief, and Consumer Protection Act to amend the FCRA as follows, effective Sept. 21, 2018:
- Nationwide consumer reporting agencies must provide national security freezes (which protect against identity theft by restricting prospective lenders’ access to a consumer’s credit report) free of charge to consumers who request them; and
- Whenever the FCRA requires that a consumer receive either the Summary of Consumer Rights or the Summary of Consumer Identity Theft Rights, a notice regarding the new security freeze right must also be provided.
The changes also extend the amount of time a “fraud alert” must remain in a consumer’s file with a nationwide credit reporting agency, from 90 days to one year. A fraud alert informs prospective lenders that a consumer may have been an identity theft victim and requires them to take steps to verify the identity of anyone seeking credit in the consumer’s name.
New Model Notices
On Sept. 12, 2018, the Bureau issued model notices that incorporate the newly required information about national security freezes. Employers must use these new models, or notices that are substantially similar to them, as of Sept. 21, 2018. The table below lists the new models and provides an overview of the events that trigger the requirement to provide them to a consumer.
|
Updated Model |
Must be provided: |
| Summary of Consumer Rights (also available in Spanish) |
- Before a background credit check is conducted; and
- When considering any potential adverse action based on the background credit check.
|
| Summary of Consumer Identity Theft Rights (also available in Spanish) |
Any time a consumer notifies a consumer reporting agency that he or she is a victim of identity theft (although the requirement to provide this notice does not apply to employers in general, an employer that uses a credit reporting agency to conduct credit checks should ensure that the agency uses the updated notice). |
Substantially Similar Forms
According to the Bureau’s interim final rule, an alternative form for either of the two notices listed above will be considered substantially similar to the new models (and therefore compliant with the FCRA) if it includes all the same information shown on the appropriate new model form but has the security freeze notice placed in a location that is different from where it is located on the new model form.
In addition, an alternative form for the Summary of Consumer Rights will be considered substantially similar to the new model (and therefore compliant with the FCRA) if it includes both:
- The Bureau’s old model form (published on Nov. 14, 2012) or a substantially similar form; and
- A separate page that includes the notice of security freeze rights (as stated on the new model form).
These two conditions also apply to an alternative form for the Summary of Consumer Identity Theft Rights, except that, for this notice, the separate page must also state the following before or after the notice of security freeze rights: “The minimum duration of initial fraud alerts changed from 90 days to one year effective September 21, 2018.” The interim final rule also allows an alternative form for the Summary of Consumer Identity Theft Rights to exclude the following sentence, which appears before the security freeze notice on the new model form: “The following FCRA right applies with respect to nationwide consumer reporting agencies.”
Considerations for Employers
Because both of the new models include updated contact information for certain FCRA enforcement agencies, employers that use alternative forms should also ensure that they update that information on their forms.
Furthermore, employers should consider any requirements that may apply to them under state consumer protection laws that are similar to the FCRA.
Read more
On Sept. 30, 2018, California enacted a series of laws that strengthen the state’s protections against workplace harassment. Effective Jan. 1, 2019, these new laws:
- Require employers with five or more employees in the state to provide sexual harassment prevention training to all employees;
- Expand and clarify employer liability for workplace harassment; and
- Prohibit employers from entering certain agreements related to sexual harassment and other unlawful acts in the workplace.
ACTION STEPS
All California employers should become familiar with the new laws. Those with five or more employees should review the new training requirements and monitor the California Department of Fair Employment and Housing’s (DFEH) website for training courses and additional guidance.
Background
The California Fair Employment and Housing Act (FEHA) broadly prohibits workplace harassment. All employers in the state are prohibited from harassing individuals or allowing harassment based on any of the protected traits listed below. Employees, applicants, unpaid interns, unpaid volunteers and anyone providing services under a contract in the workplace are all protected under the law.
| FEHA Protected Traits |
| Race |
Disability/medical condition |
Sex |
| Color |
Genetic information |
Gender |
| Religion |
Marital status |
Gender identity |
| National origin |
Age (40 and older) |
Gender expression |
| Ancestry |
Military/veteran status |
Sexual orientation |
Under the FEHA, any employer, regardless of size, may be held liable for sexual harassment committed in its workplace, even if the harasser is not an employee. The FEHA also requires employers with 50 or more employees in the state to provide sexual harassment prevention training to all supervisory employees every two years.
Overview of Changes Effective Jan. 1, 2019
Effective Jan. 1, 2019, the FEHA is expanded as follows:
- The current requirements for supervisor training on sexual harassment are expanded to employers with five or more employees. These employers must also provide one hour of sexual harassment training to all nonsupervisory employees.
- Employers may be held liable for workplace harassment that is based on any protected trait (not just sexual harassment) committed by nonemployees in the workplace. The rules on what an employee must prove in a harassment claim have also been clarified.
- Employers may not require an employee to sign any agreement that waives a claim or right for workplace discrimination or harassment, or that prevents disclosure of any information about unlawful acts in the workplace.
California law has also been changed to prohibit confidentiality requirements in sexual harassment claim settlements and sex discrimination claim settlements.
New Training Requirements
Effective Jan. 1, 2019, every California employer with five or more employees must provide:
- Each supervisory employee with at least two hours of sexual harassment training; and
- Each nonsupervisory employee with at least one hour of sexual harassment training.
The appropriate training must be completed by each employee within six months of assuming his or her job. Each employee must receive the appropriate training once every two years. The deadline for initial compliance with these requirements is Jan. 1, 2020. Employers must provide the initial training after Jan. 1, 2019, in order to meet this deadline.
As of Jan. 1, 2020, special requirements will apply for seasonal employees, temporary employees and any employees who are hired to work for less than six months. For these employees, employers must provide the required training within 30 calendar days after the employees’ hire dates or before the employees have worked 100 hours, whichever comes first.
The DFEH plans to develop two online training courses that employers may use to satisfy the training requirements. Employers should monitor the DFEH website for these courses and additional guidance.
Expanded Employer Liability for Workplace Harassment
The FEHA allows an employer to be held liable for acts of workplace sexual harassment committed by nonemployees under certain circumstances. Effective Jan. 1, 2019, employers may also be held liable for nonemployees’ acts of any type of unlawful workplace harassment. An employer may be held liable if:
- A nonemployee commits harassment against any of the employers’ employees, applicants, unpaid interns, unpaid volunteers or people providing services pursuant to a contract in the workplace;
- The harassment is based on any FEHA-protected trait;
- The employer (or its agents or supervisors) knows or should have known of the conduct; and
- The employer fails to take immediate and appropriate corrective action.
Prohibited Waivers and Confidentiality Agreements
An employer may not require an employee to sign either of the following in exchange for a raise or bonus, or as a condition of employment or continued employment:
- A release of a claim or right against the employer for employment practices that violate the FEHA; or
- A non-disparagement agreement or other document that prevents the employee from disclosing information about unlawful or potentially unlawful acts in the workplace.
These rules apply to agreements executed on or after Jan. 1, 2019.
These rules do not apply to agreements to settle claims involving unlawful acts in the workplace that have been filed by an employee either in court, with an administrative agency, in an alternative dispute resolution forum or through an employer’s internal complaint process. However, there are new restrictions on settlement agreements involving claims of:
- Workplace sexual harassment;
- Employment discrimination based on sex; or
- Retaliation related to claims of sex discrimination or sexual harassment in the workplace.
Effective Jan. 1, 2019, these settlement agreements may not include any provision that prevents the disclosure of factual information related to the underlying claim. Settlement agreements executed on or after Jan. 1, 2019, that violate this prohibition are void and unenforceable. The bill also prohibits courts from issuing any order or stipulation that restricts this type of disclosure in sex discrimination or sexual harassment cases.
However, settlements for sex discrimination or sexual harassment may shield the claimant’s identity and all facts that could lead to the discovery of his or her identity (including pleadings filed in court), as long as the claimant is the one who requests it (and as long as no government agencies or public officials are parties to the settlement agreement). In addition, settlement provisions may prevent parties from disclosing the amount paid for a claim settlement.
- The harassment is based on any FEHA-protected trait;
- The employer (or its agents or supervisors) knows or should have known of the conduct; and
- The employer fails to take immediate and appropriate corrective action.
Prohibited Waivers and Confidentiality Agreements
An employer may not require an employee to sign either of the following in exchange for a raise or bonus, or as a condition of employment or continued employment:
- A release of a claim or right against the employer for employment practices that violate the FEHA; or
- A non-disparagement agreement or other document that prevents the employee from disclosing information about unlawful or potentially unlawful acts in the workplace.
These rules apply to agreements executed on or after Jan. 1, 2019.
These rules do not apply to agreements to settle claims involving unlawful acts in the workplace that have been filed by an employee either in court, with an administrative agency, in an alternative dispute resolution forum or through an employer’s internal complaint process. However, there are new restrictions on settlement agreements involving claims of:
- Workplace sexual harassment;
- Employment discrimination based on sex; or
- Retaliation related to claims of sex discrimination or sexual harassment in the workplace.
Effective Jan. 1, 2019, these settlement agreements may not include any provision that prevents the disclosure of factual information related to the underlying claim. Settlement agreements executed on or after Jan. 1, 2019, that violate this prohibition are void and unenforceable. The bill also prohibits courts from issuing any order or stipulation that restricts this type of disclosure in sex discrimination or sexual harassment cases.
However, settlements for sex discrimination or sexual harassment may shield the claimant’s identity and all facts that could lead to the discovery of his or her identity (including pleadings filed in court), as long as the claimant is the one who requests it (and as long as no government agencies or public officials are parties to the settlement agreement). In addition, settlement provisions may prevent parties from disclosing the amount paid for a claim settlement.
Read more
The International Risk Management Institute’s Construction Risk Conference (CRC), held from November 4-7, 2018, in Houston, Texas, is designed for construction professionals like you. If you decide to invest in your business and attend this conference, here’s what you need to know.
What is the CRC?
Held annually, the CRC brings together a variety of experts who share up-to-date information about construction industry risks, insurance trends, and strategies and tactics you can take to avoid risks. This year’s sessions include:
- Kathy Antonello, Chief Actuary at the National Council on Compensation Insurance, will discuss “Workers Compensation Trends and Challenges in Construction.” You’ll learn about trends, challenges and ways to manage your Workers’ Compensation program.
- The View from My Seat offers tools you can use to manage new technologies, labor shortages, law and regulation changes, and other evolving construction risks.
- Jim “The Rookie” Morris shares his inspirational and motivational story.
- Breakout Sessions and Snap Talks dive into topics like contracts, design liability, construction delays, and your supply chain.
Who Attends CRC?
The CRC is designed for a variety of people who work in the construction industry. It’s important for:
- General contractors.
- Subcontractors.
- Project owners and managers.
- Developers.
- Construction lawyers.
- Insurance agents, brokers, underwriters, and adjusters.
- Consultants and service providers.
Why should you Attend CRC?
Consider attending the CRC to gain five benefits.
- Gain knowledge about emerging risks, trends and solutions. As you understand new threats in your industry and to your business, you’ll also learn how to manage these challenges in ways that protect your company.
- Position yourself as an expert. Attending a conference will enhance your knowledge and understanding. Use the information you gain to improve your business offerings and reputation as an expert.
- Expand your network. Meet and collaborate with other construction professionals as you strengthen valuable relationships and share advice and support.
- Identify your insurance needs. After learning more about your risks, you can identify and purchase the right insurance coverage for your business.
- Rejuvenate your mind and body. While you’ll listen to experts and network with peers, you also have time to rest and relax, which allows you to return to work mentally and physically refreshed.
How do you Register?
Registration is open until November 7. However, you can take advantage of the Standard rate and save $400 when you register before October 12. Save even more with the discounted rate that’s available to project owners and contractors. Also, remember the IRMI Conference Guarantee. You can request a registration fee refund if you don’t get your money’s worth from the CRC.
Invest in yourself and your construction business when you attend the 2018 IRMI Construction Risk Conference. It’s good for business.
Read more
