Reduce Risks When Returning to In-Person Work
How to limit Covid-19 liability in the transition to the post-pandemic workplace.
Covid-19 has underscored the vital importance of preparation, resilience, and adaptability for businesses striving to minimize risk and liability.
Throughout the pandemic, companies have had to evolve and adapt to perpetually changing medical advice and government requirements. Now, as much of the economy is reopening, businesses must remain both flexible and vigilant in their efforts to protect the health and safety of their employees. Tactics that worked six months ago may no longer be considered best practice, so these companies need to be monitoring public health guidance. They should also be conducting ongoing, comprehensive reviews of the effectiveness of internal programs designed to assess the well-being of employees and prevent the spread of the virus.
Return-to-work plans that focus too much on the question of “Can we?”—without enough attention to the question of “Should we?”—can expose companies to unnecessary risk. Even businesses that successfully navigated the uncertainty of 2020 may need to shift their efforts in the areas of employee health, regulatory compliance, and data privacy. Clear communication with employees at all levels is crucial to retaining their trust and reinforcing best practices across the workforce, which helps minimize workplace liability and protect against both known and emerging risks related to virus exposure.
The Current Liability Landscape
Even as more and more organizations resume face-to-face contact among staff, customers, and other stakeholders, uncertainty regarding the pandemic persists. As businesses have begun to reopen, many have gained insights and resources for future iterations of their return-to-work plans. But the public health situation remains fluid, so where we stand now feels more like shifting sands than solid ground.
Most businesses have made concerted efforts to ensure workplace safety, yet legal issues are widespread. A Covid-19 legal complaint tracker from law firm Hunton Andrews Kurth received more than 7,000 complaints through the end of 2020. More than 1,200 of those involved labor and employment issues such as unlawful termination, work conditions, wages, and discrimination.
Legislative efforts to address these issues are also under way at multiple levels. The U.S. Congress is expected to continue discussions begun in 2020 about federal standards for Covid-19–related corporate liability, including gross negligence standards, a potential corporate liability shield, and definitions around what events and issues count as being related to the virus. Meanwhile, several states—including Michigan, Georgia, Mississippi, Nevada, and Tennessee—have taken their own steps toward liability protections for employers. Some explicitly require businesses to comply with all federal, state, and local statutes related to Covid-19, while other states have moved to expand workers’ compensation protections. Laws pertaining to Covid-19 liability vary significantly by state, further complicating risk management for employers operating in multiple states.
Adhering to legal requirements, guidance from public health authorities, and best practices set by industry groups is complex and challenging. Nevertheless, doing so should be just a starting point.
Crisis Management Best Practices
Every company should have already had a business continuity and crisis response plan in place before the pandemic hit. This is base-layer protection, as is monitoring compliance with the plan.
During the Covid crisis, the specifics of mitigation efforts have varied based on industry, geographic location, and company size, among other variables. Still, the core elements remain largely consistent. These include:
- Establish a crisis management team of critical stakeholders. Outline responsibilities and decision trees for the team and a corresponding communication plan.
- Build and regularly assess the crisis response and business continuity plans.
- Define critical information requirements related to government and public health guidance.
- Clarify objectives and execution checklists for restoring partial and full operations.
- Review insurance policies, as well as policies for personal time off (PTO), sick leave, and short-term disability.
- Complete after-action reports and make program enhancements as appropriate.
Depending on the situation, a crisis management team might activate different response teams consisting of individuals with specific responsibilities and skillsets. For example, the team members needed to properly respond to a public health crisis may be different from those needed for a supply-chain disruption. However, the organization and capabilities of these teams should be similar regardless of the nature of the event. Each team should have clear roles and responsibilities for members; formal processes for incident assessment and action planning; and a clear communication plan within the team, with other critical response teams, and across the company as a whole.
During the early months of the pandemic, companies that had already established plans for crisis response and business continuity were at an advantage. These businesses promptly activated crisis management teams of critical stakeholders to ensure the organization implemented the latest federal, state, and local guidance at each corporate site.
Now, as corporate leaders evaluate whether crisis management teams are prepared to effectively deal with concerns around the post-Covid return to work, they should consider:
- Can stakeholders see far enough across the organization? As the company began return-to-work efforts, did the team of critical stakeholders provide a full picture of all virus exposure potential across its different physical spaces? Do the people monitoring those locations have a clear path to flag areas of concern before they become costly liabilities?
- Who will be held accountable if complaints arise? When workers raise safety concerns that are not addressed comprehensively, this can result in increased virus exposure, reputational damage, and liability risks. Address the company’s duty-of-care obligations: Audit organizational listening to make sure that all voices have a path to be heard and that all information has a path to inform decisions and corresponding actions.
- Is the organization protecting both employees and other people the business touches? Consider how employees’ interactions with non-employees (e.g., delivery persons, on-site service providers) might expose them—or customers—to preventable risk. In retail establishments, for example, some employees have been confronted by customers over mask-wearing policies, so the National Retail Federation teamed with the Crisis Prevention Institute to provide training for retail workers on de-escalating disputes.
- Are monitors trained to recognize and counter misinformation? Communication between senior management and employees demands trust, but a wealth of misinformation about Covid-19 is circulating outside the company’s walls, and likely also within. A plan for clear and consistent communication throughout the organization helps maintain trust and encourage adherence to company policies.
Going forward, the roles of crisis management teams may need to be expanded to include continuous monitoring of Covid-related risks and implementation of additional risk-mitigation measures as new exposures emerge and new guidance is issued. Many leading companies have refreshed their response plans multiple times over the past year, with the goals of remaining agile and continuing to protect their people and their business.
It’s also worth noting that public health spending is likely to increase under the Biden administration. Public health programs have recently accounted for only 3 percent of healthcare expenditures in the United States, and spending by the Centers for Disease Control and Prevention (CDC), under which many local and state programs operate, was just 0.6 percent of spending by the U.S. Department of Health and Human Services (HHS) in 2020. The pandemic’s devastating effects have highlighted the importance of robust resources for public health entities, and businesses should be prepared to quickly implement any new requirements.
Ensuring Workplace Safety and Minimizing Risk
Risk mitigation and liability protection efforts will never be completed; these are continuing tasks, and effectively sustaining them requires constant work. Once companies have re-evaluated their plans for monitoring return-to-work risks, they should assess the efficacy of those efforts and identify program enhancements as appropriate.
At a minimum, the evaluation of return-to-work decisions should always address three basic questions:
1. Can we do it? Is physical access possible, or will it be restricted by government or landlord policies? Will supporting infrastructures be available (e.g., food, hygiene, etc.)?
2. Should we do it? Is it safe for staff to commute to and occupy a given work site? Are there additional government requirements to address, such as the required use of personal protective equipment (PPE) or upgraded ventilation?
3. How will we do it? Who within the company makes the final decision to open a work site, and what are the steps on the execution checklist that business units will need to follow? How will the organization ensure it’s complying with all privacy and health protection guidance?
Many organizations that returned to work earlier this year, whether in full or in part, have subsequently had to assess whether to shift back to remote work or make other adjustments as infection rates have fluctuated and new virus mutations have spread. A company’s infectious disease response plan should include detailed checklists for every business unit and support function at each stage of returning to a work site. Some of these actions will need to be taken repeatedly, since progress against the public health crisis is not linear.
In addition, a corporate crisis management team should carefully evaluate each new resource before implementing it. For example, apps and sensors for contact tracing and exposure notification have proliferated, but these come with data privacy and liability concerns. Companies using, or considering using, apps or sensors for contact tracing should ask:
- Where will the data be stored?
- Is the data encrypted?
- Who has access to the data, including any third-party service providers?
- Will this data be anonymized for analysis?
- How long will the data be retained?
- Does the data include location tracking and/or biometric information?
- What is the privacy policy for the product?
Employees need to be confident they are protected, and that includes privacy protections. Clear, consistent communication is key to building that confidence. Although the company’s Covid-19 response might require frequent changes in plans, the crisis management team needs to communicate those shifts strategically to minimize disruption, keep people engaged, and encourage ongoing adherence to Covid-related corporate policies.
The Road Ahead
Businesses that engage in intentional, thoughtful return-to-work planning are setting themselves up to emerge stronger from the pandemic and to thrive in the months and years ahead.
With a crisis management team and response plan in place, a company can effectively monitor and respond to critical guidance and updates, as well as conduct ongoing assessments and initiate program enhancements as needed. These practices help set up the organization to better anticipate and mitigate continuing, emerging, and unforeseen risks—both now and in the months and years ahead.
See also:
- Getting Employees Back to the Office Safely
- Establishing Good Habits for a More Agile Treasury Function
- Liability for Transmitting Covid-19
- Employment Issues Related to the Covid-19 Vaccines
- Covid-19 Presents New Data Privacy Threats
Brian Collins is the chief security officer (CSO) and managing director for BDO. You can reach him at bccollins@bdo.com.