August 4, 2020

Volume X, Number 217

August 03, 2020

Subscribe to Latest Legal News and Analysis

Privacy Concerns Lead OSHA to Rescind its Electronic Filing Requirement

In response to concerns raised by employers and to protect worker privacy, the Occupational Health & Safety Administration (OSHA) recently amended its recordkeeping regulations to eliminate the requirement that larger employers submit certain information electronically. The final rule rescinds the mandate that establishments with 250 or more employees had to electronically submit information from OSHA Form 300 (Log of Work-Related Injuries and Illnesses) and OSHA Form 301 (Injury and Illness Incident Report) to OSHA each year.

OSHA’s electronic recordkeeping rule, enacted during the Obama administration, required large employers to submit a wide range of sensitive data, including descriptions of workers’ injuries and body parts affected, that might be traced back to identify particular employees. Employers raised numerous concerns about how the data might be used if it were to become publicly available either intentionally, inadvertently, or  under the Freedom of Information Act (FOIA), noting that the disclosure of such information would pose a serious breach of employees’ privacy. Many of these concerns were expressed in comments submitted by the E-Recordkeeping Coalition, a group of employers and trade associations. Indeed, data security concerns were validated during a test run of OSHA’s injury tracking application when the Department of Homeland Security informed OSHA of a possible breach of the system. While that potential security issue has since been resolved, it gave credence to the Coalition’s belief that such a large collection of sensitive data would inevitably encounter malware or incentivize cyber-attacks on the U.S. Department of Labor’s IT system.

As OSHA itself acknowledged, by preventing routine government collection of information that may be quite sensitive, OSHA is avoiding the risk that such information might be publicly disclosed under FOIA or otherwise. While the new rule does not address all of the concerns that have been raised, it will better protect personally identifiable information or data that could be traced back to specific individuals. The final rule does not alter an employer’s duty to maintain OSHA Forms 300 and 301 on-site, and OSHA will continue to obtain these forms as needed through inspections and enforcement actions.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 35


About this Author

Jean Tomasco, Robinson Cole Law Firm, Hartford, Labor and Employment, Litigation Law Attorney

Jean Tomasco's practice involves employer counseling and employment litigation, with an emphasis on the Employee Retirement Income Security Act (ERISA) and benefits litigation. She is a member of the firm’s Health + Benefits Litigation Team and its Labor, Employment, Benefits + Immigration Group.

Employee Benefits and Compensation Litigation

Jean has more than two decades of experience handling benefit claims litigation. She represents insurers, managed care organizations, and employers in benefit...