OSHA announced yesterday that it was temporarily shutting down a portal for employers to report injuries and illnesses while the agency investigates a “potential compromise” of a company’s electronic data. Apparently the cyber-sleuths at Homeland Security came up with something:
The Homeland Security Department informed the Occupational Safety and Health Administration on Aug. 14 that “there is a potential compromise of user information for OSHA’s Injury Tracking Application,” according to the DOL official. “At this time, one company appears to have been affected and that company has been notified of the issue. Access to the ITA has been temporarily suspended as OSHA works with the system developer to examine the issue to determine the extent of the problem.”
A few observations:
- Really? The government has hardly been immune to security breaches, but one company? Sounds, uh, curious…. One observer seems suspicious: “Portal security issues shouldn’t affect the agency’s decision on rolling back the rule, Jamie LaPlante, who represents employers at Porter Wright in Columbus, Ohio, told Bloomberg BNA. “I do think it underscores the risks of the portal and may be cited as one reason for rescinding the rule if that’s what OSHA eventually does,” LaPlante said in an email.
- Even if it’s true, who cares? The submission of information due on December 1 (postponed from July 1) doesn’t contain any confidential information. It’s just the OSHA 300A Form, a summary of injuries and illnesses suffered by employees. It doesn’t contain any employee names or personally identifiable information.
This whole standard has been plagued with delay and incompetence under the Trump administration. This website was supposed to be rolled out by the end of February and employers were required to submit the information by July 1, but DOL hemmed and hawed for a few months, finally announcing that the submission date would delayed until December 1, and the web portal was finally posted on August 1. Meanwhile, OSHA is considering rolling back other parts of the regulation, possibly a future requirement to submit more detailed injury data, or the regulation’s prohibition against retaliation against workers for reporting injuries or illnesses.
The website current says it’s shut down due to “technical difficulties.” Stay tuned…..
4 thoughts on “OSHA Shuts Down Recordkeeping Webpage Due To Alleged Security Breach”
When you talk about the 300 log not containing an employee’s name or any private information, what about:
– Column B, entitled “Employee’s Name”
– Columns D, E, and F, for the when, where, and what happened on the injury or illness?
Or did you really mean to say the 300A Form?
300 A Form. Thanks. Changed it.
[…] Jordan Barab, a former acting head of OSHA and now the publisher of Confined Space, wrote that the posted information isn’t confidential. The website was originally supposed to go live in February, but that was pushed back to Aug. 1. […]
[…] which was supposed to be up by the end of February. Then there came false accusations of a data breach, and finally a delay in issuing the final change in the required submission […]