Robert O’Neill to Speak on Leading in Crisis at Resilient Together

We are excited to announce that Robert O’Neill will be providing a keynote address at the California JPIA’s Resilient Together, occurring October 14 and 15.

Mr. O’Neill will be speaking on leading in crisis, providing insight and guidance to every public manager and elected official. With public agencies surrounded by so many contemporary issues, there is nothing more important for our local government leaders.

Read More

Robert is the former executive director of ICMA (International City/County Management Association), which advances professional local government worldwide, a position he held from 2002 to 2016.

Mr. O’Neill earned his BA in political science from Old Dominion University and his master’s in public administration from the Maxwell School of Citizenship & Public Administration, Syracuse University.

Mr. O’Neill is joining an amazing program of presentations and speakers during our two-day digital event. For information about Resilient Together or to register, click here. For questions, email us at forum@cjpia.org.

Annual Meeting of the Board of Directors

This year’s Annual Meeting of the Board of Directors will be held on Wednesday, October 28, 2020 at 6:00 p.m. Due to the ongoing COVID-19 pandemic and the resulting recommendations that public health officials and federal, state, and local governments have issued in response, the Annual Meeting of the Board of Directors will take place virtually.

The Authority’s membership is governed by an appointed Board of Directors and an elected, nine-member Executive Committee. The Board of Directors consists of one representative from the legislative body of each member of the Authority.

Read More

“The Board of Directors is a vital aspect of the organization,” says Jon Shull, Chief Executive Officer. “Through the composition of our Board of Directors, elected officials from our member agencies, we ensure that the Authority remains a member-focused organization that makes decisions for the benefit of the entire membership.”

The Annual Meeting will include adoption of the budgets for fiscal years 2020-21 and 2021-22, election of vice president and four Executive Committee members, and a presentation by chief executive officer, Jon Shull.

On an annual basis the California JPIA asks members to certify a designated California JPIA Director and Alternate(s) prior to the annual Board of Directors meeting. Please click here to complete the certification. A $100 stipend will be provided to the voting delegate or alternate of each member agency attending the meeting.

Registration for the Annual Meeting of the Board of Directors will open in the coming weeks. For questions or assistance please contact Veronica Ruiz, Agency Clerk.

California SB 1159 – Presumption of Workers’ Compensation Liability for COVID-19 Illness Claims

On September 17, 2020, Governor Newsom signed SB 1159 into law. This law creates a rebuttable presumption for COVID-19 that bears some similarity to Executive Order 62-20, which Governor Newsom signed back on May 6, 2020.

Here are some of the pertinent facts to know about SB 1159:

Read More

Who is covered by this new presumption?
The law covers the following employees for exposures sustained while at their place of work:

• Firefighters
• Peace officers
• Emergency medical technicians
• Fire and rescue service coordinators
• Registered nurses
• Home health agency employees who provide “direct patient care”
• health facility employees (both those providing “direct patient care” and custodial employees)
• Health facility employees (other than those described above) who have been exposed to a COVID-19 positive patient within the preceding 14 days
• In-home supportive service employees providing care outside of their own home

Additionally, all employees at a workplace where a COVID-19 outbreak has occurred are also eligible for this presumption. An outbreak is defined as follows:

• 4% of the workforce (for employers with more than 100 employees) have tested positive in the preceding 14-day period.
• Four co-workers (for employers with 5-100 employees) have tested positive in the preceding 14-day period.
• Any workplace closed by local or state health departments, Cal/OSHA, or a school superintendent.

When does the presumption apply?
It applies from July 6, 2020 (the date after Executive Order 62-20 expired) through January 1, 2023.

When does the law take effect?

The bill was marked as an urgency measure in the closing days of the legislative session, so the bill took effect when it was signed by Governor Newsom on September 17, 2020.

How long does an employer have to investigate a claim that’s eligible for this presumption?
For the specific groups of employees noted above, a decision must be made in 30 days.  For those employees whose workplace experiences an outbreak, the decision must be made within 45 days.

What type of testing must be performed?
A polymerase chain reaction test approved for use or approved for emergency use by the United States Food and Drug Administration but not serologic or antibody testing.

How do workers’ compensation benefits interact with those provided by the Families First Coronavirus Recovery Act (FFCRA)?
If an employee is entitled to FFCRA, those benefits must be exhausted before any temporary disability benefits or Labor Code Section 4850 benefits are paid. If an employee is unable to return to work upon exhaustion of FFCRA benefits and their claim has been accepted, they would be eligible for temporary disability or Labor Code Section 4850 benefits

What additional responsibilities does an employer have a result of SB 1159?
This law now requires an employer to notify its claims administrator (Sedgwick) within three days of the following:

• When an employee has tested positive.
• The date the employee’s specimen was collected for testing.
• The address (or addresses) where the employee was working for the preceding 14 days.
• The highest number of employees who reported to work at the employee’s place (or places) of employment during the preceding 45 days.

The bill also notes that failure to provide this information or the provision of false information may result in a $10,000 penalty.

What additional duties does the claims administrator have as part of this process?
The claims administrator is responsible for gathering the data referenced above to determine if an outbreak has occurred.  As noted, in instances of an outbreak, all impacted employees are eligible for a presumption so the claims administrator needs to be aware if this standard should be applied to a particular claim.

Companies Need Strict COVID Rules to Avoid Third-Party Lawsuits, Experts Say

Employers that fail to implement and enforce recommended COVID-19 guidelines could open themselves up to potentially expensive litigation, including third-party claims, insurance experts say.

EPIC Insurance Brokers & Consultants and employment law firm Fisher Phillips co-hosted a webinar Friday to advise companies on how to keep their workplaces free of COVID-19 and how to defend themselves against claims and lawsuits if an employee says he got sick on the job.

“It doesn’t take much to kind of know where we’re at in terms of the tremendous burden being placed on your companies right now,” said Bob Yonowitz, partner at the Irvine, California, office of Fisher Phillips. “It is impacting every component of our daily existence.”

While most instances of employees falling ill are handled by workers’ compensation systems, the COVID-19 pandemic has ushered in third-party claims that could circumvent the normal process and catch some companies off guard, Yonowitz said.

Read More

Yonowitz said there are two types of emerging third-party claims:

• Claims for wrongful death by families of COVID-infected employees alleging that employers failed to keep their loved ones safe at work.
• Claims by family members of COVID-infected employees who catch the virus themselves claiming employers failed to keep their family members safe while at work.

An individual worker’s claim against an employer would fall under exclusive remedy within the workers’ comp system. But a third-party claim would fall outside of the normal process, especially if the claimant alleges the company’s behavior directly contributed to a worker or family member contracting the virus, Yonowitz said.

In that case, the claimant would have to show the employer was “wanton and reckless” in putting workers at risk, an extremely high bar to clear.

But companies still should be diligent and transparent in their efforts to prevent outbreaks from occurring, which will help in court, Yonowitz said.

“It’s important to show that the company was exercising reasonable care,” he said.

Yonowitz said he expects more COVID-related litigation to pour in as the pandemic continues. He said claimants’ attorneys will pick through everything a company did – or didn’t do – that may have led to workers contracting the virus. If they can show an employer’s behavior rose to a level beyond normal negligence, it’s possible to advance and even win such cases.

“They’re going to try and see: Did you have posters? Did you have training? Did you do proper cleaning and disinfection? Did you inform others in the workforce when there was a positive case?” Yonowitz said. “Were you following all those steps in trying to maintain a safe workplace?”

Common allegations seen in third-party cases include companies failing to implement policies that conform to state directives and failing to provide appropriate safety equipment and adequate training resources.

Employers should also maintain social distancing measures and consistently advise workers of the dangers of COVID-19 and how to avoid them, Yonowitz said.

“It’s about training,” he said. “It’s about making sure that there’s adequate masks, that there’s adequate protective equipment, that employees are trained on how to use them and when to use them. All these areas can create a greater zone of risks for companies.”

Yonowitz said employees could be called to testify as to whether the company had COVID-19 policies and if workers were following them. Plaintiffs’ attorneys won’t wait to pounce if they see holes in companies’ safety procedures, he said.

“They’re waiting for you to not follow the protocols so they can go ahead and create a whole new cottage industry for themselves on these third-party liability claims,” Yonowitz said.

There are a number of ways companies can be proactive, even after a worker tells them they might have caught the virus, said Daniel Kanter, a California attorney who serves as a member of Fisher Phillips’ COVID-19 Taskforce.

When a worker says he was exposed to COVID-19, employers should first ask him where he got it, Kanter said. If he says it was probably outside of work, the employer should immediately tell its workers’ comp carrier. If the employee can’t say for sure where he might have been exposed, the company should ask him to recount the places he has recently been. If the employee recently took a vacation, the company needs to find out where he went and where his normal workstation is in case testing will be necessary, Kanter said.

The more information an employer can learn upfront, the easier it will be to mount a defense to a claim or lawsuit, he said.

Kanter also recommended that companies should give employees health-screening questionnaires.

“Those types of questions are a good tool for keeping potentially infected workers out of the workplace,” he said.

If an employee does test positive, his closest-proximity coworkers need to be informed. Privacy concerns should prohibit companies from naming the worker, but coworkers should be told that someone was infected, when it happened, where it happened, whether testing will be necessary and whether the business may face short- or long-term closure, Kanter said.

Department of Labor Updates FFCRA FAQs

The Department of Labor (“DOL”) has issued a variety of updates to the FAQs on the Families First Coronavirus Response Act (“FFCRA”).  This article will address the changes that were implemented to respond to questions employers and employees had regarding the FFCRA for school leave during distance learning and “hybrid” learning, as well as updates that were issued in response to a federal district court decision that invalidated four aspects of the FFCRA.

FFCRA During Distance and Hybrid Learning

With schools returning for the fall term, the Department of Labor issued new FAQs on August 27, 2020 regarding the interplay of the FFCRA with distance learning and “hybrid” models of instruction (a “hybrid” instruction model involves a combination of in-person and distance learning). Eligibility to take childcare/school closure-related leave under the FFCRA will depend largely on the options that the child’s school or school district offers. In short, if the student could attend school in person, but the employee opts out of in-person instruction, then the employee is not eligible for FFCRA leave.

Read More

• If the school offers the option of a regular schedule with in-person instruction, then the school is not “closed” due to COVID-19 related reasons, and the employee is not eligible for FFCRA leave.
• If the school offers multiple options, and one of them is in-person instruction, and the employee elects another instruction model, then the school is not “closed” due to COVID-19 related reasons and the employee is not eligible for FFCRA leave. Note that if the child is under a quarantine order or has been advised by a health care provider to self-isolate or self-quarantine, the employee may be eligible for the 80 hours of Emergency Paid Sick Leave (“EPSL”).
• If the school is operating on a “hybrid” model as the only in-person option, then the employee is eligible to take FFCRA leave on the days (or, for some hybrid models, portions of days) that the student is required to participate in distance learning.
• While the FAQs do not clearly address the situation where a school offers three options (complete in-person, hybrid, or complete distance learning), the FAQs imply that an employee would be ineligible for FFCRA leave if they chose hybrid learning because the school is not “closed” to the student on the distance learning days.

Employers are encouraged to communicate with employees about this guidance and to inform employees regarding their specific options for each situation. Employers also may choose to be more generous with their leave policies than the FFCRA requires, and to allow employees to take leave when they are not eligible for the FFCRA. Any such leave should be set forth in a written policy that articulates the parameters of the program. Employers opting to provide enhanced leave benefits to employees should also be mindful that the leave given solely under employer policy does not count against the employee’s EPSL or Emergency Family Medical Leave Act (“EFMLA”) time.

FFCRA Changes Following State of New York v. United States Department of Labor, et al. [1] 

On August 3, 2020, a Federal Judge for the Southern District of New York invalidated four aspects of the DOL’s temporary rules implementing the leaves available under the FFCRA.  The Court found that the DOL had exceeded its authority in enacting certain provisions of the temporary rules under the FFCRA.  Following the Court’s ruling, the DOL published a new temporary rule on September 11, 2020. The new DOL rule largely reaffirmed, partially revised, and provided a further explanation for its position regarding its temporary regulations implementing the FFCRA.

A. The Work Availability Requirement

In the original DOL temporary rule, the DOL required a “but for” requirement for three of the six qualifying leave reasons under the FFCRA.  Essentially, the “but for” requirement mandates that “but for” the employee’s qualifying reason for taking a leave under the FFCRA, the employee would have had available work.  The practical effect of this requirement was that an employee was not eligible for FFCRA leave if the employer did not otherwise have work available for the employee.  The Court’s decision stated that under the DOL rules, it was not clear that the “but for” requirement applied to all six qualifying leave reasons.

Additionally, the Court found that the DOL did not provide sufficient reasoning for its imposition of the “but for” requirement. However, in its recent release following the Court’s decision, the DOL reiterated that when applying the traditional interpretation of “because” and “due to,” which are the terms used in the FFCRA, the only reasonable outcome based on longstanding Supreme Court interpretations of other statutes is that this implies a “but for” requirement.  In other words, but for the employee’s qualifying reason for taking a leave under the FFCRA, the employee would be working. Hence, if an employee is not expected or required to work, such as in a situation of a temporary worksite closure, then the employee is not taking a leave.

Consequently, under the revised DOL temporary rule, the DOL provided explicit clarification that the “but for” requirement does apply to all six qualifying reasons for taking a leave under the FFCRA.

B. The Employer-Approval Requirement

The DOL’s original temporary rule enacted on April 1, 2020, stated that employer approval is required to take intermittent FFCRA leave.  The Court found that the DOL’s  original rule did not adequately explain the rationale for this requirement. Following the Court’s ruling, the DOL reaffirmed that where intermittent FFCRA leave is permitted by regulations, employees must obtain the employer’s approval.  The DOL provided additional rationale for its policy by elaborating that the employer approval requirement will provide assurances that the FFCRA’s spirit of containing COVID-19 is followed.  Essentially, if an employee is able to take intermittent leave on the employee’s own terms for the employee’s own COVID-19 illness, that would run afoul the FFCRA’s spirit since an infected employee would potentially be going into the workplace while still infectious.

The DOL reaffirmed that employer approval is also required to take intermittent leave (whether under EMLA or EPSL) due to a child’s school closure. Importantly, however, the DOL also said that leave taken for hybrid school is not being taken intermittently:

[t]he employer-approval condition would not apply to employees who take FFCRA leave in full-day increments to care for their children whose schools are operating on an alternate day (or other hybrid-attendance) basis because such leave would not be intermittent. . . . For the purposes of the FFCRA, each day of school closure constitutes a separate reason for FFCRA leave that ends when the school opens the next day. The employee may take leave due to a school closure until that qualifying reason ends (i.e., the school opened the next day), and then take leave again when a new qualifying reason arises (i.e., school closes again the day after that).

While the DOL added some additional rationale for its rule to comply with the Court’s decision and provided guidance regarding hybrid learning, the newly revised temporary rule did not change in a practical sense; requests for intermittent leave under the FFCRA are still subject to employer approval.

C. Health Care Provider Redefined

The FFCRA gives employers the option to exclude “Health Care Providers” from leave under the act.  The reason for providing this option to employers is ensuring that there is not a shortage of health care providers during a pandemic.

The DOL’s original temporary rule provided an expansive definition for “Health Care Provider.” The definition largely focused on the employer’s place of business rather than on the employee’s job duties. For instance, the definition included employees that are employed at any doctor’s office, or any facility that performs laboratory or medical testing.  During the litigation, the DOL conceded that a librarian working at a university with a medical school would actually fall within the “Health Care Provider” definition. The Court’s decision invalidated this definition on the basis that the DOL exceeded its authority by promulgating such an overly broad definition.

Following the Court’s ruling, the DOL revised its definition of a “Health Care Provider” to cover all employees who are employed to provide diagnostic services, preventative services, treatment services, or other services that are integrated with and necessary to provide patient care.  This revision implements the Court’s decision requiring a focus on the employee’s job duties rather than the employer’s business.

D. Notice of Leave for the EPSLA and EFMLA

In the original temporary rule, the DOL required that, prior to taking the leave, employees submit to their employers documentation providing notice of their reason for leave, duration of the leave, and if the employee is taking the leave due to a quarantine or isolation order, the authority qualifying them for the leave.  The Court’s decision stated that the original rule for notice requirement was more onerous than the statute itself and on that basis it invalidated the rule. The Court highlighted that the FFCRA states where a leave is foreseeable, the employee shall provide notice of leave as such notice is practicable.  This is a much more lenient standard than the notice standard the DOL originally adopted.

Accordingly, the DOL revised the notice requirement the EPSL to provide for employee notice “as soon as practicable.” The DOL revised the notice standard for the EFMLA to clarify that advanced notice of leave under the EFMLA is required as soon as practicable.  Additionally, if the need for leave is foreseeable, the notice should be provided before taking leave.

The FFCRA continues to evolve as it works its way through implementation and the court system. Keeping up with the changes can be challenging.  This is another reason why it is so important to check with your legal counsel and/or your regional Risk Manager at any point you encounter FFCRA-related questions.

[1]  Case 1:20-cv-03020-JPO (S.D.N.Y)

EEOC Issues Updates to COVID-19 Technical Guidance

Since the passage of the Families First Coronavirus Relief Act (“FFCRA”), the Equal Employment Opportunities Commission (“EEOC”) has been providing ongoing guidance to the public to assist in interpreting the various complexities of the FFCRA. As part of those efforts, the EEOC’s What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and other EEO Laws (“Guidance”) guidance has been updated several times over the past few months. The EEOC provided another update to the Guidance on September 8, 2020.[1]  The following provides a summary of the recent key updates to the Guidance. Employers should be mindful that this is only a summary of the EEOC Guidance. California employers must simultaneously adhere to California law as well. The Department of Fair Employment and Housing (“DFEH”) has previously issued guidance under the Fair Employment and Housing Act (“FEHA”).[2] 

Read More

COVID-19 Testing of Employees

Many employers have implemented various workplace safety protocols as employees return to the workplace. Some employers have opted for a COVID-19 testing requirement as a key feature of their workplace protocols. While normally such tests would potentially violate employee’s privacy and certain provisions of the Americans with Disabilities Act (“ADA”), the Guidance clarifies that we are in anything but normal times. Citing recommendations from the Center of Disease Control (“CDC”) and other public health authorities regarding testing and screening, the Guidance reiterates that the ADA does not interfere with testing administered consistent with current CDC guidance. The Guidance explains that since an individual with the virus poses a direct threat to the health of others, employers may take screening steps to eradicate that threat. Essentially, the threat of virus transmission solidifies the job relatedness of the test itself, and administering the test consistent with CDC guidelines will meet the ADA’s “business necessity standard.” Further, the most recent updates to the Guidance permit employers to “periodically” test employees to determine if their “continued presence” poses a direct threat to others.

As a practical matter, employers should ensure that they are using tests and protocols approved by public health authorities. Moreover, employers should maintain a reasonable policy that allows for re-testing in certain circumstances to account for the incidence of false-positives or false-negatives.

Inquiry Regarding Symptoms and Temperature Screening

One of the most commonly-used return to work protocols is a symptom screening and/or a temperature screening. Many workplaces have a symptom questionnaire and/or a touch-free thermometer to determine if an individual has a fever. The Guidance unequivocally provides that employers may ask all employees returning to the workplace if they have COVID-19 or symptoms associated with it, and ask if they have been tested for COVID-19. This questionnaire-style screening is strictly applicable to employees who are returning to work in person and does not extend to employees who continue work remotely.

In some circumstances, an employer may be inclined to perform symptom screening on a specific employee rather than the entire workforce. The EEOC stated that such approach is permissible so long as the employer has “a reasonable belief based on objective evidence” that the employee might have COVID-19. One example would be if an employer does not have a broad screening policy, but an employee is exhibiting COVID-19 symptoms. The Guidance again reiterates that the ADA does not constrain employers when following public health authorities’ recommendations.

As a practical matter, employers should take reasonable steps to protect the privacy of the employee during any screening, and should also take reasonable steps to protect the privacy of any medical information collected from the employee.

The Guidance also addresses the appropriateness of an employer inquiring about COVID-19 symptoms of an employee’s family members. The Genetic Information Nondiscrimination Act (“GINA”) prohibits an employer from asking such a question about family members specifically, an employer is nevertheless permitted to ask employees more generally whether they have had contact with anyone recently diagnosed with COVID-19 or with anyone who has had symptoms associated with COVID-19.

The Guidance recognizes that some employees may not be cooperative when it comes to symptom screening. Recognizing the seemingly intrusive nature of these and other workplace protocols, employers may want to consider an empathetic approach to start the conversation with such employees. Employers should ask employees about their concerns regarding symptom screening. Employers may provide employees with reassurances regarding the privacy of their health information, and share the overall benefits of having a cohesive workplace where everyone strives for optimal health and safety for each other. However, if the employee remains uncooperative, the Guidance explicitly states that the employer may exclude an uncooperative employee from the workplace. Employers may continue to offer such employees the option to telework, if feasible.

The Guidance also advises employers that they have the ability to ask each employee returning from travel about their whereabouts and screen those employees for symptoms. Public health authorities may recommend that individuals traveling to certain areas self-isolate for a specific period of time upon returning from such locations. An employer is then entitled to ask an employee if the employee traveled to such location, and request the employee to not report to the workplace consistent with guidance from public health authorities.

Confidentiality of Medical Information

Confidentiality issues are atop the list of concerns regarding workplace protocols. Whether it is a COVID-19 test or a symptom screening, employers and employees both have concerns regarding custody of such detailed medical records. The Guidance reminds employers that they are required to follow ADA guidelines and maintain strict confidentiality of all medical information. However, a manager is entitled to report a positive test or a positive screening questionnaire to appropriate employer officials so that they can take action consistent with guidelines from public health authorities. As an employer, documenting who is the custodian of such information will help eliminate confusion and minimize liability.

The employee’s identity must remain confidential when sharing required information with the workforce. Even in small workplaces where other employees may deduce the employee’s identity, the employer must not confirm the employee’s identity if asked by other employees. A reasonable approach for employers is to provide generic information such as “someone in the building” or “someone on this floor” tested positive or reported symptoms.

Another key point in the confidentiality section of the Guidance addresses whether employees are permitted to report colleagues who have symptoms but fail to disclose such symptoms during the screening process. The Guidance states that the ADA does not prevent employees from sharing this type of information with their supervisors. After receiving such reports, the supervisor should then follow the appropriate steps in the employer’s return to work protocols to ensure the health and safety of all other employees in the workplace.

Reasonable Accommodation for Disability

One situation that employers will likely encounter as more workplaces reopen is the employee who wishes to continue working remotely. Employers may have granted employees the option to work remotely when the employer needed to decrease the number of employees in the workplace or during a government-mandated shut down. Some employees may view this temporary arrangement as an invitation to request a permanent remote work arrangement. However, employers are not required to grant permission to all employees who request to continue remote work arrangements once the employer reopens the workplace.

As an important exception, under the ADA, employers would be obligated to consider whether remote working is a potential reasonable accommodation for an employee with a disability.  In those circumstances, an employer is entitled to learn of any disability-related restrictions before granting any reasonable accommodation. If the employee does not have a disability that necessitates a remote working arrangement, the employer does not have to grant such requests under the ADA.

A key point in this scenario is that some employers may have temporarily modified an employee’s job duties during the pandemic. Once an employer reopens the workplace, the employer is entitled to restore its workplace operations to previous levels. On that basis, some employees may not be able to perform their essential job functions remotely, and thus they must report physically to the workplace. Accordingly, upon receiving a request to work remotely, the employer should determine the reason for the request.  If it is because of disability-related concerns, the employer is obligated to engage the employee in a good faith interactive process to determine what accommodation(s), if any, are reasonable to allow the employee to perform their essential job functions.

In closing, the Guidance continues to expand and provide additional details to both employers and employees. As the pandemic continues and government emergency orders remain in place in many jurisdictions, it is imperative to stay in touch with your labor and employment counsel or regional risk manager to ensure your compliance with this rapidly changing and growing area of law.

[1] The most recent version of the Guide is available here: https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws?utm_content=&utm_medium=email&utm_name=&utm_source=govdelivery&utm_term

[2] https://www.dfeh.ca.gov/wp-content/uploads/sites/32/2020/03/DFEH-Employment-Information-on-COVID-19-FAQ_ENG.pdf

City of La Quinta Resolves Ransomware Attack on Vendor

When a service provider for the City of La Quinta experienced a ransomware attack this August, administrators reached out to the California JPIA for support.

Senior Risk Manager Alex Mellor and Insurance Programs Manager Jim Thyden immediately assisted with identifying data that may have been compromised and connected the city with the cyber incident hotline hosted by the Authority’s new cyber liability insurance carrier, Chubb. Legal counsel then reviewed the information and provided guidance to the city.

Read More

“We worked with the California JPIA to reinstate services and mitigate any liability while the vendor resolved the technical difficulties,” said Martha Mendez, public safety manager for the City of La Quinta. “We truly appreciate Alex Mellor’s accessibility and willingness to help. He guided us through the process and ensured the city covered all risks.”

“Through enhanced resources offered by Chubb,” said Thyden, “members may now report incidents and claims through calls, emails, and an app, as well as access a suite of advanced tools to help secure and control online information.”

Other assets associated with the new carrier include a cybersecurity rating service for security performance, employee education, and a solution for preventing ransomware.

“The most effective thing La Quinta did in this situation was to let us know that the incident occurred,” said Mellor. “That allowed us to quickly mobilize resources to assist them.”

Mellor observed that the incident also reinforces the need for member agencies to require cyber liability insurance from vendors who are storing or have access to personal information for which the member is responsible, in accordance with the California Consumer Privacy Act (CCPA). While the CCPA applies to for-profit entities, public agencies should be aware of its provisions and be prepared to address the liability risks posed when contracting with a private entity collecting information from constituents.

La Quinta’s proactive, prompt response to the ransomware attack is indicative of a larger culture of risk management among staff members, said Mendez. “Our executive team places risk awareness, mitigation, and training as a top priority for the organization. Our collaborative, cross-departmental leads support risk management services and help ensure that the city’s systems and operations keep it a priority.”

October is National Cybersecurity Awareness Month. Please contact your senior risk manager for more information and resources.