The Most Dangerous Identity Theft Threat

Originally posted by Adam Levin on August 6, 2015 on

Last weekend, TheUpshot published the most dangerous identity theft threat: the non-expert's tendency to underestimate the magnitude of problem. The piece in question argued that the consequences of most identity theft have been exaggerated (by identity theft experts like me), and that, "only a tiny number of people exposed by leaks end up paying any costs."

The main source for TheUpshot's argument seems to be the 2015 Identity Fraud Report (covering data from 2014) published by Javelin Strategy and Research, which found a dramatic increase in account takeovers (i.e., when a fraudster is able to get through the authentication process on an existing credit account and make charges) but an overall decrease in the amount of money lost to identity-related fraud.

To think that the 2015 Javelin report minimizes the threat of mega data breaches to consumers is to misread it. To suggest that the threat is overstated is both simplistic and harmful to consumers. The article focuses too much on account takeover resulting from big-name hacks like Target (a very common form of identity theft). Meanwhile, it gives nowhere near enough attention to the very real and long-lasting effects of more serious forms of identity theft - the kind that's committed using Social Security numbers - and the equally big-name hacks like Anthem, Premera, and the Office of Personnel Management that exposed millions of records containing that data.

The Buck Doesn't Stop With the Bank

TheUpshot dismisses the consumer cost of most data breaches (beyond lost time and annoyance) because "several laws protect consumers from bearing almost any financial losses related to hackers." TheUpshot continues, "...banks and merchants, like Target, must bear the cost. But even their losses have been dropping in recent years, as data security experts have learned new strategies to prevent intrusions from turning into theft."

First of all, banks do not bear all the costs if they can help it. They pass it along to the company that caused the problem in the form of fines and penalties, and in some cases the company is only alleged to be the cause of the problem. It is very hard for small businesses to fight card companies on these charges. So when it happens, it can be a near extinction-level event, or force price changes. And, of course, that cost often manifests itself at the consumer level.

Additionally, according to at least one recent report, the cost of a data breach to businesses has not been going down, as stated by TheUpshot. On May 27, IBM and the Ponemon Institute jointly reported the cost per breached record had increased by 12% over the preceding year, from $145 to $154, and that the average total cost of a data breach to an enterprise rose a not inconsiderable 23% to $3.79 million.

And it bears repeating: While it's all very populist and fair-weather foppery to say that companies like Target and Home Depot can foot the bill of a breach, the same cannot be said of smaller businesses--after all, breaches are not confined to big companies.

5% Is a Huge Number

TheUpshot's big reveal: "The more troubling identity theft, in which new accounts are opened in an unsuspecting person's name, make up only 5 percent of the total figure given by Javelin."

To the uninitiated eye, 5% sounds like a small number. But it's missing context.

"Although we have no data to support what percentage of breaches turn into identity theft cases," according to Brent Montgomery, Fraud Operations Manager at my company IDT911, "5% is a lot."

In 2014 there were 12.7 million identity fraud victims, according to Javelin. Just 5% of that total is 635,000 consumers--hardly a negligible number.

Montgomery then highlighted the essence of the problem here: "There are so many breaches on a daily basis that information can be pieced together from one breach to another giving a criminal all they need to complete the puzzle."

TheUpshot fails to account for the long tail of identity theft--the fact that scams are pieced together using data harvested from countless individual and corporate compromises oftentimes sold and resold on the data black market. A scam that happens today may use data that was compromised three years ago--especially when Social Security numbers are involved since their only expiration date is when the holder of those nine digits expires.

Another problem with using the Javelin report is that the data is extrapolated from a relatively small sample of the population, whereas the Federal Trade Commission's Consumer Sentinel Network Data Book for January-December 2014 is driven by hundreds of thousands of pieces of consumer-reported data. That matters here because on page 13 of the Sentinel report, you will find a higher incidence of new account creation (12.5%) than fraud on existing accounts (4.9%).

There Are Very Serious Identity Theft Threats

While instances of new account fraud and some signs of existing account takeover can show up on your credit reports (you can get them for free once a year on, other types of identity theft are less detectable - until they really cause damage. Of greater concern is what does happen to consumers whose information falls into the wrong hands--specifically their most sensitive information. Mentioned nowhere in the article is tax fraud, a crime that is most definitely on the rise and cannot be resolved easily or quickly (think: 6-12 months). Equally absent in this Panglossian take on what really is an identity theft epidemic: medical identity theft, which is extremely difficult to detect, equally difficult to resolve and can have potentially life-threatening consequences.

The bottom line is that while it's easy to dismiss identity theft experts as being the equivalent of "the soap company that advertises how many different types of bacteria are on a subway pole without mentioning how unlikely it is that any of those bacteria would make you sick," it is irresponsible to downplay the various serious risks now facing millions of Americans whose most sensitive personal information has been exposed in the breaches of Anthem, Premera, Sony Pictures and the Office of Personnel Management, to name a few. The threat for them is very real, and long-term--perhaps a lifetime.

Take safety steps during most dangerous month for lightning strikes

Originally posted by Ben Smart on July 2, 2015 on

A group of hikers were 500 feet below the summit of a Colorado mountain on Sunday when storm clouds suddenly filled the sky.

A lightning strike -- a brief but intense burst of electricity -- affected as many as 16 hikers. Three were rushed to a local hospital and eight others required medical treatment, according to the Clear Creek County Sheriff's Office. All the hikers survived the incident, but one hiker's dog was killed.

Across the country in Greeleyville, South Carolina, lightning may have caused a fire at Mount Zion African Methodist Episcopal Church that gutted the interior and collapsed the roof, according to the FBI.

And now it is July, the month when the number of lightning strikes -- and fatalities -- is at its highest. So far in 2015, 14 people have been killed by lightning. On average, 49 people are killed and hundreds more are injured in the United States each year by lightning strikes.

The odds of being struck in your lifetime are about 1 in 12,000, the National Weather Service estimates. But experts say there are a few rules to help keep people safe.

"We need to look at lightning safety proactively, not reactively," said Dr. Mary Ann Cooper, a physician and lightning researcher who directed the Lightning Injury Research Program at the University of Illinois at Chicago. "Avoiding situations where lightning can strike is key."

One simple rule

The National Weather Service recommends one rule to avoid lightning injuries: "When thunder roars, go indoors."

No place outside is safe when there are thunderstorms in the area, they say, as lightning can strike 10 to 15 miles away from a storm. If there isn't a structure nearby, a metal-topped vehicle with closed windows can provide safety.

Stay safe indoors

Although the safest place from lightning is indoors, there a number of extra precautions to take once inside.

A common misconception is that metal objects or water "attract" lightning. In reality, they're no more likely to be struck than a piece of cardboard or a person. The danger occurs because metal and water better conduct electricity once they're zapped.

The National Weather Service recommends people avoid washing hands or taking a shower, and touching or even unplugging electrical devices plugged into walls, as these can conduct electricity from a lightning strike.

Disregard outdated advice

Experts said there's some truth in the idea that lightning is more likely to strike the tallest object in an area -- for example, a tree or a skyscaper -- and that "pointier" objects are more likely to be hit.

But being outside at all during a thunderstorm puts you at risk of getting struck. The "lightning crouch," which was once thought to keep people safe during a lightning storm, is no longer recommended, Cooper said. There is no "safe" place outdoors during stormy weather.

"Lightning doesn't know if you're 6 feet tall or 3 1/2 feet tall after it's traveled miles through the air," said Cooper, who is the founding director of the African Centre for Lightning and Electromagnetics.

It's not always a direct hit

It's a common misconception that a person needs to be struck directly to be injured by lightning, Cooper said. Only 3% to 5% of injuries are from direct strikes, she said.

There are several ways lightning can reach a victim's body and cause injury. More than half of lightning-related injuries result from what's called a "ground strike," where lightning strikes the Earth and spreads through the ground, eventually reaching a person, Cooper said.

"A lightning 'side flash' also kills a tremendous portion of people," Cooper said. "That's where lightning travels down a tree and sideways where a person might be standing."

After lightning strikes

The surge of electricity from a lightning strike can wreak havoc on a person's heart, brain and nervous system, and it can cause instant death by "short-circuiting" the heart. A survivor of a lightning strike might live with severe brain damage that can make activities such as memory, learning and task organization difficult.

"Ninety percent of people who are injured by lightning survive, but disabilities can last for a lifetime," Cooper said. "I've seen significant devastation to families from lightning injuries."

If you witness someone struck by lightning, get emergency medical help right away. If multiple people are impacted, help anyone unconscious first. If the person has stopped breathing or has no pulse, correct CPR should be attempted immediately.

"If the person is breathing, talking and making sense, there is no emergency and generally little a physician would find or be able to treat," Cooper said. Some symptoms may not be noticeable until later, when a person is unable to carry out daily responsibilities in the way they did before.

"Many people who are struck by lightning describe it as a blunt force... like being impacted by an explosion," Cooper said. "Others may feel the sensation creeping up one leg, or as a burning or searing pain."

Most Cyber Attacks Due to Trick Emails, Errors, Not Sophisticated Hacking

Originally posted by Joseph Menn on April 14, 2015 on

When a cyber security breach hits the news, those most closely involved often have incentive to play up the sophistication of the attack.

If hackers are portrayed as well-funded geniuses, victims look less vulnerable, security firms can flog their products and services, and government officials can push for tougher regulation or seek more money for cyber defenses.

But two deeply researched reports being released this week underscore the less-heralded truth: the vast majority of hacking attacks are successful because employees click on links in tainted emails, companies fail to apply available patches to known software flaws, or technicians do not configure systems properly.

These conclusions will be in the minds of executives attending the world’s largest technology security conference next week in San Francisco, a conference named after lead sponsor RSA, the security division of EMC Corp.

In the best-known annual study of data breaches, a report from Verizon Communications Inc. to be released on Wednesday found that more than two-thirds of the 290 electronic espionage cases it learned about in 2014 involved phishing, the security industry’s term for trick emails.

Because so many people click on tainted links or attachments, sending phishing emails to just 10 employees will get hackers inside corporate gates 90 percent of the time, Verizon found.

“There’s an overarching pattern,” said Verizon scientist Bob Rudis. Attackers use phishing to install malware and steal credentials from employees, then they use those credentials to roam through networks and access programs and files, he said.

Verizon’s report includes its own business investigations and data from 70 other contributors, including law enforcement. It found that while major new vulnerabilities such as Heartbleed are being used by hackers within hours of their announcement, more attacks last year exploited patchable vulnerabilities dating from 2007, 2010, 2011, 2012 and 2013.

Another annual cyber report, to be released on Tuesday by Symantec Corp., found that state-sponsored spies also used phishing techniques because they work and because the less-sophisticated approach drew less scrutiny from defenders.

Once inside a system, however, the spies turned fancy, writing customized software to evade detection by whatever security programs the target has installed, Symantec said.

“Once I’m in, I can do what I need to,” said Robert Shaker, an incident response manager at Symantec. The report drew on data from 57 million sensors in 157 countries and territories.

Another troubling trend Symantec found involves the use of “ransomware,” in which hackers encrypt a computer’s files and promise to release them only if the user pays a ransom. (Some 80 percent of the time, they do not decrypt the files even then.)

The new twist comes from hackers who encrypt files, including those inside critical infrastructure facilities, but do not ask for anything. The mystery is why: Shaker said it is not clear whether the attackers are securing the information for resale to other spies or potential saboteurs, or whether they plan on making their own demands in the future.

RSA Conference

At next week’s RSA Conference, protecting critical infrastructure systems under increasing attack will be a major theme. Another theme will be the need for more sharing of “intelligence” about emerging threats – between the public and private sectors, within the security industry, and within certain industries.

While many of the biggest breaches of the past two years involved retailers, the healthcare industry has figured heavily in recent months. Former FBI futurist Marc Goodman said that both spies and organized criminals are likely at work, the former seeking leverage to use in recruiting informants and the latter looking to cash in on medical and insurance fraud.

Verizon’s researchers said that to be most effective, information-sharing would have to be essentially in real time, from machine to machine, and cross multiple sectors, a daunting proposition.


Another section of the Verizon report could help security executives make the case for bigger budgets. The researchers produced the first analysis of the actual costs of breaches derived from insurance claims, instead of survey data.

Verizon said the best indicator of the cost of an incident is the number of records compromised, and that the cost rises logarithmically, flattening as the size of the breach rises.

According to the new Verizon model, the loss of 100,000 records should cost roughly $475,000 on average, while 100 million lost records should cost about $8.85 million.

Though the harder data will be welcome to number-crunchers, spending more money cannot guarantee complete protection against attacks.

The RSA Conference floor will feature vendors touting next-generation security products and anomaly-spotting big-data analytics. But few will actually promise that they can stop someone from clicking on a tainted email and letting a hacker in.

Truck Safety: Using a Seat Belt Matters

Originally posted on March 3, 2015 on

Trucker safety requires an alert, buckled-up, experienced driver, with a reliable vehicle and strong employer safety programs. About 2.6 million workers drive trucks that weigh over 10,000 pounds (large trucks). About 65% of on-the-job deaths of US truck drivers in 2012 were the result of a motor vehicle crash. More than 1 in 3 truck drivers have had a serious truck crash during their career, and 1 in 8 has had 2 or more. Buckling up is both effective and required by federal regulations. But 1 in 6 drivers of large trucks don't use their seat belts (2013). More than 1 in 3 truck drivers who died in crashes in 2012 were not wearing seat belts. Buckling up could have prevented up to 40% of these deaths.

Employers can help truck drivers stay safe by:

  • Committing to driver safety programs at the highest level of leadership.
  • Establishing and enforcing driver safety policies, including requiring everyone in the truck to buckle up.
  • Involving workers in decisions about how to put seat belt programs in place.
  • Promoting seat belt use in training and safety meetings.
  • Addressing factors that contribute to crashes, such as drowsy and distracted driving, in their driver safety programs.

Read the full article here and download the infographic here.

AASHTO Introduces Toward Zero Deaths Plan to Reduce Roadway Fatalities

Originally posted by Tony Dorsey on March 10, 2015 on

WASHINGTON - The American Association of State Highway and Transportation Officials (AASHTO) joined the National Strategy on Highway Safety Toward Zero Deaths (TZD) effort, a vision of eliminating fatalities on our nation's roadways.

The Toward Zero Deaths effort was created by a steering committee cooperative that includes numerous organizations committed to reducing annual US traffic fatalities from more than 33,000 to zero. The TZD Plan rolled out today provides organizations in the fields of engineering, law enforcement, education and emergency medical services (EMS) with initiatives and safety countermeasures designed to save lives.

"This national effort is a perfect example of why partnerships are so critically important," said Bud Wright, executive director of the American Association of State Highway and Transportation Officials. "The TZD National vision brings together a wide range of organizations and individuals under a unified commitment to transform our nation's traffic safety culture. Everyone has to be part of the solution -- including the nation's educators, roadway designers, engineers, law enforcement officers and motorists."

"We embrace the vision of Toward Zero Deaths; it provides an overarching and common vision that drives and focuses our efforts to achieve our shared goal to eliminate injuries and fatalities on our roadways," said U.S. Transportation Secretary Anthony Foxx. "The U.S. Department of Transportation will do our part by aggressively using all tools at our disposal - research into new safety systems and technologies, campaigns to educate the public, investments in infrastructure and collaboration with all of our government partners to support strong laws and data-driven approaches to improve safety."

The National Strategy includes initiatives that are known to be—or are expected to be—effective in addressing specific factors contributing to roadway crashes, have the potential to make a significant reduction in fatalities and serious injuries nationally, or address areas of growing concern.

The TZD plan includes initiatives spanning from engineering to education with the intended result of achieving:

  • Safer drivers, passengers and pedestrians
  • Safer infrastructure
  • Safer vehicles
  • Enhanced emergency medical services and response
  • Improved management of traffic safety programs

AASHTO and State Departments of Transportation across the country are working to accomplish the TZD vision by:

  • Leading research and other activities to promote a culture of traffic safety in America.
  • Identifying new safety partners and promoting a collaborative, multidisciplinary, data-driven approach to safety related policies and programs.

"As leaders in the transportation industry, we have a duty and a responsibility to do what we can to accelerate the efforts to save lives on our nation's roadways," said Rudy Malfabon, P.E., director of the Nevada Department of Transportation and Chair of the AASHTO Standing Committee on Highway Traffic Safety. "Our mission is to one day rid the nation of all traffic fatalities and the TZD National Strategy will help us reach that goal faster."

For more than five years, organizations representing transportation, safety, law enforcement, engineering, and state and local government agencies--with the technical support of the Federal Highway Administration, the Federal Motor Carrier Safety Administration and the National Highway Traffic Safety Administration—have been working together to identify and prioritize the leading initiatives that will reduce traffic fatalities over the next 25 years.

These organizations are leading the TZD effort:

  • American Association of Motor Vehicle Administrators (AAMVA)
  • American Association of State Highway and Transportation Officials (AASHTO)
  • Commercial Vehicle Safety Alliance (CVSA)
  • Governors Highway Safety Association (GHSA)
  • International Association of Chiefs of Police (IACP)
  • National Association of County Engineers (NACE)
  • National Local Technical Assistance Program Association (NLTAPA)
  • National Association of State Emergency Medical Services Officials (NASEMSO)

For more information about the Toward Zero Deaths National Strategy on Highway Safety, visit

Protecting Vision in the Workplace

Originally posted by Sandy Smith on February 10, 2015 on

The use of digital devices, including personal computers, tablets and cell phones, continues to increase. The impact of prolonged usage often can be felt in the eye.

According to a report from the Vision Council, extended use of these devices have caused as many as 70 percent of American adults to experience some form of digital eyestrain.

"By protecting our eyes at work and at home, we can help stay healthy and productive for years to come," said Hugh R. Parry, president and CEO of Prevent Blindness.

Prevent Blindness, the nation's oldest volunteer eye health and safety group, provides employers and employees with free information on topics ranging from eyestrain to industrial eye safety in order to promote eye health at work. The group even has declared March as Workplace Eye Wellness Month.

Steps You Can Take

Employers and office workers can take a few simple steps to help prevent eyestrain and fatigue from digital devices. Prevent Blindness suggests:

  • Visit an eye doctor for a dilated eye exam to make sure you 
 are seeing clearly and to detect any potential vision issues.
  • Place your screen 20 to 26 inches away from your eyes and a 
 little bit below eye level.
  • Use a document holder placed next to your computer screen. 
 It should be close enough that you don't have to swing your head back and forth or constantly change your eye focus.
  • Adjust the text size on the screen to a comfortable level.
  • Change your lighting to lower glare and harsh reflections. 
 Glare filters over your computer screen can also help.
  • Use a chair you can adjust.
  • Choose screens that can tilt and swivel. A keyboard that you 
can adjust also is helpful.

And the Vision Council recommends the 20-20-20 break: every 20 minutes, take a 20-second break and look at something 20 feet away.

Prevent Blindness strongly recommends the use of eye protection in the workplace, especially in industries such as construction, manufacturing or any profession where eye accidents and injuries may occur.  The U.S. Bureau of Labor Statistics reported that in 2012, there were 20,300 recorded occupational eye injuries that resulted in days away from work.

The organization offers two workplace programs:

The Healthy Eyes Educational Series ( is a free program that provides user-friendly, downloadable modules to conduct formal presentations or informal one-on-one sessions, including one titled "Work Safety." Each module includes a presentation guide and corresponding PowerPoint presentation on a relevant eye health topic such as adult eye disorders, eye anatomy, healthy living, low vision and various safety topics. Fact sheets can be downloaded at any time from the Prevent Blindness web site for use as handouts to accompany the presentation.

Prevent Blindness also offers Eye2Eye (, a web-based educational resource that trains employees to communicate the importance of eye health and safety to each other, increases eye safety compliance and builds a stronger culture of safety in the workplace. The program features a peer-based, interactive curriculum and community-oriented forum enabling end users to share their learnings and best practices with each other.

Eye Injuries in the Workplace 
More than 2,000 people injure their eyes at work each day. About one in 10 injuries require one or more missed workdays for recovery. Of the total number of work-related injuries, 10-20 percent will cause temporary or permanent vision loss. Experts believe that the right eye protection could have lessened the severity or even prevented 90 percent of eye injuries. The common causes of eye injuries in the workplace are:

  • Flying objects (bits of metal, glass)
  • Chemicals
  • Tools
  • Harmful radiation
  • Particles
  • Any combination of these or other hazards

3 Ways to Prevent Eye Injuries

  1. Know the eye safety dangers at work by completing an eye hazard assessment.
  2. Use engineering and administrative controls to eliminate hazards before employees start work. Use machine guarding, work screens or other engineering controls, create policies that require 100 percent compliance with eye safety protective equipment use.
  3. Use proper eye protection.

Responding to Flooding When Snow and Ice Melt

Originally posted January 15, 2015 by Insurance Institute for Business & Home Safety (IBHS).

Insurance Institute for Business & Home Safety - If temperatures begin to rise after severe winter weather, flooding due to snow and ice melting could result in widespread property damage.

The Insurance Institute for Business & Home Safety (IBHS) urges property owners who have experienced significant snowfall and freezing temperatures during the winter to evaluate their flood risks as warmer weather arrives.

“The most important things home and business owners can do from a safety perspective is to pay close attention to local weather reports and alerts from the National Weather Service,” said Julie Rochman, IBHS president and CEO. “In addition, we urge residents to follow the instructions of local emergency officials when flooding is imminent, and we especially caution everyone to obey all evacuation orders from local authorities.”

When temperatures rapidly increase, so does the rate at which snow and ice melt. This can be a serious problem for areas that have received large amounts of snow and ice throughout this severe winter season. Frozen soil also increases the risk of flood as water from melting snow and ice is not able to seep into the ground.

“If you still have snow piles surrounding your home, try to move those away from your foundation to avoid water from leaking into your home,” said Rochman. “Also, keep in mind that rain can cause snow to melt faster, which can contribute to possible flooding in your area.”

If flooding is imminent, find out how you can prevent damage using IBHS resources below. Additional IBHS winter weather resources are available at or on the IBHS Facebook page at


  • Clear drains, gutters and downspouts of debris.
  • Move furniture and electronics off the floor, particularly in basements and first floor levels.
  • Roll up area rugs, where possible, and store these on higher floors or elevations. This will reduce the chances of rugs getting wet and growing mold.
  • Inspect sump pumps and drains to ensure proper operation.
  • If a sump pump has a battery backup, make sure the batteries are fresh or replace the batteries.
  • A sump pump needs to be away from basement walls to be effective.
  • Make sure the sump pump outlet pipe is clear and water flows freely away from your property.
  • Shut off electrical service at the main breaker if the electrical system and outlets may end up under water.
  • Place all appliances, including stoves, washers, dryers, etc. on masonry blocks or concrete at least 12 inches above the projected flood elevation.
  • Seal any cracks in walls, openings, or your foundation using masonry caulk or hydraulic cement.
  • Consider installing backflow valves, which are designed to prevent water from flowing into your house through local sewer lines.
  • Create an emergency preparedness kit and evacuation plan.

Don’t Miss the February 1st Deadline for Posting Your OSHA Injury/Illness Summary Form

Originally posted on January 28, 2015 by Laura Kerekes on

It’s that time of year to look back on your workplace illnesses and injuries for 2014, ensure that you have recorded the correct information in your OSHA logs, and post the information in your workplace starting February 1, 2015. Do you need to comply with this posting requirement, even if you’ve had no injuries or illnesses this past year? You probably will need to comply — most employers do.

Employers are responsible for providing a safe and healthful workplace for their employees. The role of the Occupational Safety and Health Administration (OSHA) is to assure the safety and health of workers by setting and enforcing standards; providing training, outreach, and education; establishing partnerships; and encouraging continual improvement in workplace safety and health. Employers are required to have a Workplace Injury and Illness Prevention Program in place, with active monitoring of results. The intent of the OSHA log reporting is to summarize the year end results and focus both employers’ and employees’ attention on workplace safety so that everyone can make safety a top company priority.

Do you need to comply with the February 1st deadline?

If you had 10 or more employees at all times during 2014, you will need to comply, unless your company’s Standard Industrial Classification (SIC) Code is included in the industry list of exclusions available at

What You Should Do

Assuming that your business does not fall under the exclusions of OSHA reporting, you’ll need to ensure that two OSHA forms are completed fully, the Form 300 (log) and the Form 300A. Both forms and the instructions can be accessed here.

Form 300: This form is used to record all injuries and illnesses, except those that required first aid only. This form is not posted due to privacy considerations. There are certain injuries and illnesses where you do not include the employee’s name for privacy (sexual assaults, HIV infection, etc.), and an employee may request that his or her name not be entered on this log.

Form 301 (do NOT post): This form allows you to record more data about how the injury or illness occurred. As with Form 300, this form is not posted due to privacy considerations. Employee representatives, however, may have access to this form but only the portion that contains no personal information.

Form 300A: This is the form that must be completed and posted beginning February 1st through April 30th. It contains a summary of the total number of job-related injuries and illnesses that occurred during the previous year that were logged onto the Form 300. Information about the annual average number of employees and total hours worked during the calendar year is required for calculating incidence rates. Companies with no recordable injuries or illnesses in the previous year must post the summary with zeros on the “total” line. A company executive must certify all establishment summaries. Employers are required only to post the summary Form 300A, not the Form 300 log.

Form 300A must be displayed in a common area where notices to employees usually are posted. Employers must make a copy of the summary available to employees who move from worksite to worksite, such as construction workers, and employees who do not report to any one office on a regular basis.

More information regarding OSHA’s recordkeeping rule can be found in the OSHA Fact Sheet.



Ice and snow aren’t letting up, so how safe is your parking lot?



Parking lots can be dangerous places, especially this winter with so much ice and snow in so many places across the country. A nurse at an Illinois hospital was recently killed by a snowplow in the hospital parking lot. How can your company avoid tragedies like this as well as other parking lot accidents in its facilities?

One problem with parking lots is that drivers feel they can let their guard down because they’re no longer on the road. However, according to a study by the Independent Insurance Agents and Brokers Association, 20 percent of insurance claims were related to parking lot accidents. The problem is twofold—limited visibility and distraction. A full parking lot makes it hard for drivers to see hazards. As well, drivers entering or leaving parking spaces have severely constrained visibility.

Distractions are a major issue. When people get into their cars, they do all kinds of things such as fiddling with the radio, checking their phones, or starting up their GPS. Unfortunately, many of these activities take place as they are backing up or driving in the parking lot. As a result, they may not see pedestrians, who may also be distracted—especially by their phones—as they walk.

All of these hazards are made considerably worse in inclement weather, so share these parking lot safety tips with employees:

  • Do everything you need to do (adjusting seat, mirrors, etc.) before you exit the parking space.
  • When walking in a parking lot, stay to the sides of the aisle and watch for cars.
  • Do not talk on the phone or use headphones in a parking lot.
  • Obey parking lot speed limits and lane designations; don’t cut diagonally across the lot.
  • When walking in an icy lot (or any lot for that matter) make eye contact with an approaching driver. Stop if you don’t think the driver has seen you.
  • Wear boots or shoes with nonslip soles and good ankle support. If necessary, carry your work shoes with you and change inside.
  • Snow muffles engine sounds; don’t rely solely on hearing to know if a vehicle is coming. Electric and hybrid vehicles are especially quiet.


Christmas Tree and Holiday Light Safety


Source: National Fire Protection Association

Christmas tree fires
In 2007-2011, U.S. fire departments responded to an estimated annual average of 230 home structure fires that began with Christmas trees. Home Christmas tree fires caused an average of six civilian deaths, 22 civilian injuries, and $18.3 million in direct property damage per year.

Although these fires are not common, when they do occur, they are unusually likely to be serious. On average, one of every 40 reported home structure Christmas tree fires resulted in a death compared to an average of one death per 142 total reported home structure fires.

Similar shares of home Christmas tree structure fires were in December (43%) and January (39%). Christmas tree fires are more likely after Christmas than before. For example, none of the ten dates with the largest shares of home Christmas tree structure fires were before Christmas.

Electrical failures or malfunctions were involved in one-third (32%) of the home Christmas tree structure fires. One in six (17%) occurred because some type of heat source was too close to the tree. Decorative lights on line voltage were involved in 12% of these incidents. Sevenpercent of home Christmas tree fires were started by candles.

Twenty percent of home Christmas tree structure fires were intentionally set. Half of the intentional Christmas tree fires occurred in the 20 days after Christmas.

The risk of fire is higher with natural trees than artificial ones. Researchers found that dry natural trees burned easily but trees that had been kept moist are unlikely to catch fire unintentionally.

Fires involving holiday lights or other decorative lighting with line voltage
Holiday lights and other decorative lighting with line voltage were involved in an estimated average of 150 home structure fires per year in this same period. These fires caused an average of nine civilian deaths, 16 civilian injuries, and $8.4 million in direct property damage per year. Two out of five (40%) occurred in December and 12% were in January. Fifteen percent of these fires began with Christmas trees. Electrical failures or malfunctions were factors in nearly two-thirds (64%) of the fires involving holiday or decorative lights.

Falls related to holiday decorating
In a study of fall-related injuries during the holiday season, Stevens and Vajani estimated that an annual average of roughly 5,800 fall injuries related to holiday decorating were treated at hospital emergency rooms between November 1 and January 31 in 2000-2001, 2001-2002, and 2002-2003. Sixty-two percent of those injured were between 20 and 49 years of age, compared to 43% of the population in this age group. With 43% of the injuries resulting from falls from ladders and 13% caused by falls from the roof, it appears that the majority of these falls occurred during outdoor decorating. Falls from furniture, typically inside the structure, accounted for 11% of the injuries. Some falls occurred when people tripped over or slipped on tree skirts or other decorations.