Legal Report January 2004

Strategic Security
Legal Report January 2004
 

U.S. JUDICIAL DECISIONS

Drug testing. An appellate court has ruled that an airline employee’s state lawsuit against a drug testing lab is not preempted by federal law. The case, in which a lab was found negligent in analyzing a urine sample, was consistent with federal law and could not be preempted, according to the court.

Yasuko Ishikawa, a Delta flight attendant, was flying from Japan to Portland, Oregon, on September 20, 1999. During the flight, Ishikawa was notified that she would be required to take a random drug test when the plane landed. Over the course of the nine-hour flight, Ishikawa drank several liters of water and tea. When the plane landed, she provided a urine sample for the drug test.

The drug testing laboratory, LabOne determined that the creatinine level in Ishikawa’s urine was too low (at 5 mg/dL) and was not consistent with human urine. The lab reported that the sample had been diluted or substituted. Delta, in accordance with company policy, considered this a failure to submit to a drug test and fired Ishikawa.

The urine sample Ishikawa gave had been split so the second half of the sample was tested by another laboratory. The new test found that while the specimen was diluted, it was not substituted or invalid. The test found the creatinine level to be 5.3 mg/dL.

Ishikawa was rehired by Delta and the company paid her $68,920 in lost pay. Ishikawa then sued LabOne for negligence in handling her drug testing sample.

At the jury trial, evidence indicated that LabOne’s computer system rounded the creatinine levels to an integer so the 5.3 level became 5. This was critical because a level 5 indicated substitution but 5.3 did not. The jury found that LabOne was negligent and awarded Ishikawa $400,000 in damages.

In appealing the decision, LabOne argued that Ishikawa could not bring suit in state court at all because federal law—the Omnibus Transportation Employee Testing Act of 1991—preempted any state claim.

The court found in favor of Ishikawa, finding that federal law prohibits state tort claims that are inconsistent with federal law. However, the court ruled LabOne did not provide evidence that Ishikawa was pursuing a lawsuit based on an inconsistent standard. In the written opinion of the case, the court noted: “We cannot see how the duty the state common law imposed, that LabOne test urine and report the results with due care, could be inconsistent with the federal guidelines, which require the same thing with more specificity. It is not as though the state law had one creatinine standard, the federal government another.” (Ishikawa v. Delta Airlines, Inc., and LabOne, Inc., U.S. Court of Appeals for the Ninth Circuit, No. 01-35863, 2003)

Negligent training. The Mississippi Supreme Court has ruled that a retail store can be held liable for the acts of an untrained employee. In the case, a store manager pursued and assaulted a would-be shoplifter.

On March 19, 1999, Heather Gamble stopped by the Dollar General Store in Purvis, Mississippi, in order, she told the court, to purchase a new shirt. Gamble, a 19-year-old college student, said she looked around the store but didn’t find anything she liked. Gamble then left the store and got into her car. As she was driving away, Gamble saw a Dollar General employee, Sheri Thornton, running up behind her car and writing something down.

When Gamble arrived at the Family Dollar store to continue her search for a shirt, she noticed that the individual from the Dollar General store had followed her and parked directly behind her car. Gamble asked Thornton what was going on. Thornton approached Gamble and asked what the girl had in her pants. Gamble patted her pockets but could find nothing wrong. Then, Thornton grabbed Gamble’s underwear from the back and pulled them up. According to court testimony, Gamble realized at this point that she was being accused of shoplifting. Gamble denied the allegation and Thornton left, saying that she was satisfied that Gamble had not stolen anything.

Gamble went to the police station to report the incident. The officers who took the report noted that Gamble was upset and crying. Gamble told the police that she felt she had been assaulted and humiliated by the incident.

On April 6, 1999, Gamble filed a lawsuit against Dollar General store for assault, negligent training, intentional infliction of emotional distress, and punitive damages. The jury found in favor of Gamble and awarded her $75,000 in actual damages and $100,000 in punitive damages. Dollar General appealed the decision.

In the hearing before the Mississippi Supreme Court, Dollar General argued that it had a written shoplifting policy that stated that no employee should leave a store to pursue a shoplifter. The policy also warned that no employee should ever touch a suspected shoplifter. The store noted that Thornton read the policy and signed a release saying that she understood the policy. Attorneys for Gamble argued that Thornton had not received any training on the policy. Thornton, a regional manager, was required to go to other stores to train employees on shoplifting prevention. However, Thornton herself had not been trained. The court ruled that the jury verdict was reasonable “based on Dollar General’s failure to show any training provided to Thornton other than handing her a manual.”

However, in considering whether punitive damages should be awarded, the court noted that Dollar General did have a written policy and Thornton ignored this policy. The court ruled that because Thornton ignored the policy and pursued Gamble on her own initiative, punitive damages against Dollar General were inappropriate. (Gamble v. Dollar General Store, Mississippi Supreme Court, No. 2000-CA-01545-SCT, 2003)

U.S. REGULATORY ISSUES

SAFETY Act. The Department of Homeland Security (DHS) has issued a second interim rule that would implement the Support Anti-Terrorism by Fostering Effective Technologies Act of 2002, also known as the SAFETY Act. The act is designed to encourage the development and rapid deployment of life-saving antiterrorism technologies by providing manufacturers or sellers with limited liability risks. Under the act, companies will have to submit plans for antiterrorism technology to the government for review to be eligible for liability protection.

The first interim rule took effect on October 16, 2003, and the Department of Homeland Security issued the second interim rule in response to the comments made about the previous rule. This rule answers questions about the conditions under which companies would be protected, the protection of intellectual property, and liability protections for contractors and vendors as well as sellers.

Of the 50 comments to the first rule received by the DHS, several expressed concerns over the lack of a definition of the term “act of terrorism” in the regulations. Without a specific definition, many commenters interpreted an act of terrorism as the “design or intent to cause mass destruction, injury, or other loss to citizens.” This could exclude smaller attacks such as car bombs and could prevent products designed to deter smaller-scale terrorist acts from coming to market because the liability protection would not be there. In response to this concern, DHS included the statutory definition of an act of terrorism in the new interim rule. Under this broad definition, terrorism is defined as any act causing harm within the United States or to U.S. citizens in other countries. The definition also covers any “use or attempt to use weapons or other methods designed or intended to cause mass destruction, injury, or other loss.”

Similarly, letter writers took issue with language in the regulations that provides protection to companies that sell products that would be deployed during an act of terrorism. This definition excludes products that are designed to prevent terrorist attacks. In the new interim rule, DHS expanded the definition of qualified antiterrorism technology to include “any product, equipment, service, device, or technology designed, developed, modified, or procured for the specific purpose of preventing, detecting, identifying, or deterring acts of terrorism or limiting the harm such acts might otherwise cause.” This new definition makes it clear that companies developing bioterrorism countermeasures such as vaccines could be covered under the act.

Several comments addressed the protection of intellectual property and trade secrets. Some commenters noted that the regulation does not explore the various laws that govern the disclosure of information given to the government. While federal law does protect proprietary information presented to the government, it was unclear what rules would apply to project evaluations submitted to the DHS. In response, DHS pointed out that various federal laws, including the Trade Secrets Act, protect the information provided by sellers to the government. Also, the new interim rule mandates that all contractors of other agents of the government sign nondisclosure agreements. Applications will be inspected individually to ensure that the government agents assigned to the technology have no conflicts of interest.

Other commenters expressed concern that the proposed regulations do not define sellers broadly enough, leaving others in the supply chain such as contractors, subcontractors, suppliers, and vendors unprotected. In response, DHS noted that, under the SAFETY Act, only the seller is protected from liability. The new interim rule defines “seller” as the actual recipient of the designation for a qualified antiterrorism technology.

U.S. CONGRESSIONAL LEGISLATION

Discrimination. A bill (S. 1053) that would make it illegal to discriminate against someone on the basis of genetic information has been approved by the Senate and has been received in the House of Representatives. For the bill to move forward it must now be considered by the House of Representatives and either sent to a committee for discussion or brought to a vote before the entire House.

S. 1053 would prohibit discriminatory acts by health insurance companies and employers. The bill would make it illegal to refuse to hire or to discharge anyone or discriminate against anyone in terms of compensation, terms, conditions, or privileges of employment because of genetic information about that individual. A health insurer would be prohibited from refusing coverage or raising premiums for anyone based on genetic information.

Computer security. Two bills (H.R. 1303 and H.R. 3159) currently under consideration by lawmakers would enhance computer security at government facilities.

H.R. 1303 would authorize the Judicial Conference of the United States to enact rules to protect the privacy and security of documents that are filed electronically with the government. The bill has been approved by the House of Representatives and has been referred to the Senate Governmental Affairs Committee.

H.R. 3159 would require that government agencies take steps to protect their computer systems from peer-to-peer networking within six months of enactment. The bill is designed to protect government information and sensitive documents that might be compromised if peer-to-peer sharing were allowed. The bill has been approved by the House of Representatives and has been referred to the Senate Governmental Affairs Committee.

Security officers. A bill (S. 1743) introduced by Sen. Carl Levin (D-MI) that would allow employers to search the FBI database when doing background checks on security officer applicants has been approved by the Senate Judiciary Committee. The bill has been slated for a vote before the entire Senate.

S. 1743 allows employers to get a background check on an individual applying for work as or serving as a private security officer once a year. Additional background checks can be obtained if the employer presents evidence that another check is warranted.

Under the bill, security officer is defined narrowly and does not include employees whose duties are primarily internal audit or credit functions; it also excludes employees of electronic monitoring companies who act as technicians, and employees whose duties primarily involve the security movement of prisoners.

Chemical facility security. A bill (S. 994) introduced by Sen. Jim Inhofe (R-OK) that would require operators of certain chemical storage facilities to develop security plans has been approved by the Senate Committee on Environment and Public Works. To proceed, the bill must be considered by the full Senate.

Under the bill, certain facilities would be required to implement security plans to prevent the release of dangerous chemicals in the case of a terrorist attack. The bill would mandate that the Department of Homeland Security (DHS) issue regulations identifying the facilities most likely to be attacked, the nature of the substances stored at those facilities, and the potential harm that could occur if those substances were released. Further, the DHS would be required to establish a timetable for the development of security plans, the content of those plans, and the limits on disclosure of sensitive information. Under the bill, the government would be required to present owners or operators of such facilities with relevant terrorist threat information.

Nuclear security. Two bills (H.R. 2708 and H.R. 2951), introduced by Rep. Jim Saxton (R-NJ) and Rep. Nita Lowey (D-NY), respectively, would require enhanced security at nuclear power plants.

H.R. 2708 would require that the government improve security at nuclear power plants. Specifically, the bill would mandate that the government classify threats against such power plants; coordinate federal, state, and local security efforts; review the adequacy of existing security plans; and revise hiring and training standards for private security officers serving at nuclear power plants.

The bill has no cosponsors and has been referred to the House Energy and Commerce Committee’s Subcommittee on Energy and Air Quality and the House Judiciary Committee.

H.R. 2951 would prohibit the operation of any nuclear power plant unless it has a government-certified radiological emergency response plan. Such plans would be required to provide reasonable assurance that public health and safety is not endangered by the operation of the facility.

The bill has two cosponsors and has been referred to the House Energy and Commerce Committee’s Subcommittee on Energy and Air Quality.

Investigations. A bill (H.R. 2622) introduced by Rep. Bachus Spencer (R-AL) that would amend the Fair Credit Reporting Act (FCRA) and implement new protections against identity theft has been approved by both houses of Congress.

Under the bill, information about certain internal investigations need not be communicated to the target of the investigation until the inquiry is completed. This means employers may now hire outside, professional investigators to conduct investigations of suspected workplace misconduct without having to notify the employee being investigated in advance. Moreover, communications made to an employer by the investigator about employee misconduct, employee compliance with laws or regulations, or violations of any preexisting written policies of the employer would be exempt from disclosure.

To be exempt, the investigations must not be made for the purpose of investigating the employee’s credit worthiness, credit standing, or credit capacity. The information gleaned during the investigation must not be provided to any person except the employer or agent of the employer, law enforcement officials, or regulatory authorities.

If the employer takes any adverse action against an employee as a result of such an investigation, the employer is required to give that employee a summary of the nature and substance of the investigation. However, the employer need not reveal the sources of that information.

While employee misconduct investigations are exempted, preemployment screening investigations and other internal inquiries still fall under the FCRA.

The passage of this legislation was strongly advocated by security professionals. ASIS International and other organizations, including the U.S. Chamber of Commerce, the Society for Human Resource Management, and the National Council of Investigation and Security Services, worked together to educate Congress on the need for this legislation as the “Coalition for Fair Workplace Investigations.”

The bill also includes new protections for those affected by identity theft. The bill would allow consumers to place fraud alerts in their credit reports, block false information from being given to a financial institution, and ensure the accuracy of credit reporting procedures. Under the bill, banks would be required to develop policies and procedures to identify potential incidents of identity theft, reconcile potentially fraudulent information such as consumer addresses, and take precautions before extending credit to consumers who have placed a fraud alert on their files.

U.S. STATE LEGISLATION

Louisiana
Licensing. A new law (formerly H.B. 310) recently enacted in Louisiana will require that alarm industry employees and locksmiths be licensed by the state. The bill also requires that employees who install or maintain access control devices and CCTV systems be licensed.

This column should not be construed as legal or legislative advice.