In response to concerns raised by employers and others, the Occupational Safety and Health Administration (OSHA) rescinded its regulation that certain employers (i.e., those with 250 employees or more) electronically file Forms 300 and 301. The final rule announcing the rescission indicated that employers will continue to be required to maintain such records on-site and that OSHA will review the records during investigations and audits.
Employers and their advocates who challenged the rule cited the increased risk of unauthorized disclosure generated by the electronic filing requirement. One concern was that the Freedom of Information Act (FOIA) could be used to access sensitive information about employees that would not otherwise be accessible. Another concern was that large transmissions of data, such as would be required by the electronic filing mandate, would be especially susceptible to malware attacks.
In addition to alleviating concerns around the electronic filing requirement, the rescission of the OSHA regulation is indicative of a continuing and steadily emerging concern regarding data privacy. With this new final rule, it is more clear that government agencies are acknowledging the threat posed by malware and hacking attacks, even when it comes to electronic reporting to government agencies.