In the latest issue of The Wright Toolbox:
- Federal Contractors Get Ready for Government Snooping – read now
- When Should You Tell An Employee to “Suck It Up”? – read now
On September 20, 2018, the President issued a National Cyber Strategy (the “Strategy”) which follows up Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, issued last year. In addition, the Department of Defense also issued its 2018 DoD Cyber Strategy. Cleary, cyber defense is a top priority for the administration and the new Strategy is expressly aimed at:
• Defending the homeland by protecting networks, systems, functions, and data;
• Promoting American prosperity by nurturing a secure, thriving digital economy and fostering strong domestic innovation;
• Preserving peace and security by strengthening the ability of the United States to deter and, if necessary, punish those who use cyber tools for malicious purposes; and
• Expand American influence abroad to extend the key tenets of an open, interoperable, reliable, and secure Internet.
One of the interesting components of the Strategy for federal government contractors is the stated intent to “Strengthen Federal Contractor Cybersecurity” and “Improve Federal Supply Chain Risk Management.” The Strategy states “[t]he United States cannot afford to have sensitive government information or systems inadequately secured by contractors.” Thus, the Strategy refers to the government being more proactively involved in protecting government information on contractors’ computer systems. Specifically, the Strategy provides:
Going forward, the Federal Government will be able to assess the security of its data by reviewing contractor risk management practices and adequately testing, hunting, sensoring, and responding to incidents on contractor systems. Contracts with Federal departments and agencies will be drafted to authorize such activities for the purpose of improving cybersecurity.
If this policy is implemented, the government may soon be able to access and test a federal contractors’ computer systems. The current cyber protection policy relies on the federal contractors to evaluate and test their own systems. Another relevant aspect of the new Strategy for federal contractors includes addressing deficiencies in the Federal acquisition system, by providing more streamlined authorities to “exclude risky vendors, products, and services when justified.” The Strategy does not define what “risky vendors”, “risky products” or “risky services” are or how they will be determined or excluded. Of course, no federal contractor or its products or services will want to be deemed “risky.” All federal contractors must closely monitor how the government intends to implement this new Strategy over the coming months and take all steps necessary to participate in the process and ultimately to comply with any new requirements.
Answer: Probably never. Particularly not in response to an employee’s request for time off due to mental health issues. Unfortunately, one Wegmans supervisor didn’t have the luxury of such great advice.
Recently, Wegmans was served with a lawsuit filed by an ex-employee. The employee claimed that she asked her manager for time off under the Family Medical Leave Act (“FMLA”) to get help for her chronic depression and anxiety. In response, her manager told her to “suck it up,” denied the leave and chastised her for being a burden on the rest of the staff. Following the denial, the employee claimed her condition worsened, resulting in a greater need for leave and more harassment by her supervisor. Wegmans eventually terminated the employee for “chronic absences, tardiness, and failure to follow [call-in] procedures.”
The escalation of the situation may have been due to the manager’s lack of training on common personnel policies. Generally speaking, the FMLA applies to companies with 50 or more employees. When an employee seeks leave for the first time for a FMLA-qualifying reason, the employee need not specifically assert his or her rights under FMLA, or even mention FMLA. Rather, the employee is only obligated to provide “sufficient information” to make the employer aware of the need for FMLA leave and the anticipated timing and duration of the leave.
In all cases, an employer should seek information as necessary to ascertain eligibility and determine whether FMLA leave will be granted, including supporting documentation from a medical provider. To reduce liability, train front-line managers on the employee benefits provided by your business, and teach them how to speak to staff civilly, particularly about sensitive personal matters. As a default, the manager should have consulted either Human Resources or the business owner for better guidance to address the employee’s request for a leave of absence. And, of course, if you need help in navigating this path, it is never too soon to get your attorney involved to help guide you.
To browse past issues, visit The Wright Toolbox page.