Friday, January 2, 2015

HR 4007 – Employee Involvement in CFATS

This is part of a continuing discussion of the recently passed HR 4007, Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014. This post will look at provisions in the bill that address employee involvement in the CFATS process.  The previous postings in this series were:

As part of the effort to obtain bipartisan support for the bill provisions were added that were designed in increase worker participation in the CFATS process. These include a specific requirement for employee and union involvement in the development of security vulnerability assessments (SVAs) and site security plants (SSPs) and whistleblower protections.

Directed Employee Involvement

Section 2102(b)(2) deals with the mandate for employee involvement in the development of SVAs and SSPs. It states:

To the greatest extent practicable, a facility’s security vulnerability assessment and site security plan shall include input from at least 1 facility employee and, where applicable, 1 employee representative from the bargaining agent at that facility, each of whom possesses, in the determination of the facility’s security officer, relevant knowledge, experience, training, or education as pertains to matters of site security.

The term ‘facility’s security officer’ is not defined in this legislation nor is it used anywhere else in the bill.

There is enough weasel wording in the provisions of this section that a facility owner could refuse to include the ‘required’ participation based upon the ‘fact’ that none of the employees have the requisite ‘relevant knowledge, experience, training, or education as pertains to matters of site security’. Even most security guards could be excluded as they are typically not ‘facility employees’ but rather employees of a contract vendor.

Union, excuse me ‘bargaining unit’ participation will be more problematic as these organizations start to get members trained and certified by various security standards setting organizations. I would also suspect that excluded labor or

Companies for which I worked for that have been required to conduct a process hazard analysis (PHA) on covered processes have always included operators and shift supervisors in those reviews. I don’t recall a single instance when any of these employees provided any great new safety insight, but they were invaluable in providing reality checks on what the current process actually was (as opposed to ‘as designed’) or on what could reasonably be expected of an operator. I would expect that the same would be true for SVA and SSP development.

Whistleblower Provisions

Section 2105 of the bill provides a description of the whistleblower requirements of the bill. They are quite simple and fairly common. First the Secretary is given 180 days to set up a program where employees and/or contractors can confidentially submit information to DHS about “a violation of a requirement under this title” {§2105(a)(1)}. This will be one of the easiest deadlines for DHS to meet since they already have a reporting system in place on their Critical Infrastructure: Chemical Security web page; the CFATS Tip Line (877-394-4347).

The Secretary is required to keep the name of the whistleblower confidential {§2105(a)(2)}. Additionally, the owner/operator is prohibited from discharging an employee (no such protections are provided for contractors, an odd oversight) that submits a report. Nor may the owner/operator “discriminate against an employee with respect to the compensation provided to, or terms, conditions, or privileges of the employment of, the employee because the employee (or an individual acting pursuant to a request of the employee)” {§2105(a)(6)(A)}.

The whistleblower protections do not apply if the employee “knowingly and willfully makes any false, fictitious, or fraudulent statement or representation” {§2105(a)(6)(B)(i)}. This first part is prettily clearly a protection against unfounded accusations. The second part of the protection exception {§2105(a)(6)(B)(i)} is a bit more problematic because of one word;  “uses any false writing or document knowing the writing or document contains any [emphasis added] false, fictitious, or fraudulent statement or entry”. This would seem to void the whistleblower protections if even one problem statement occurred in a lengthy document.

The Secretary is not required to take any specific action with regards to the tips provided beyond the basic mandate to ‘review and consider’ the information. If action is taken against a facility under the civil enforcement provisions of the bill (§2104; to be discussed in a future post) based upon a whistleblower tip, the facility has 20 days to submit a petition of review of that enforcement action.

There is nothing specified in the bill as to what information must be provided in that petition or what basis must be established for the requested review; I expect that that will be addressed in the new regulations. DHS must determine in writing that the violation continues to exist (within 30 days of the submission of the petition) or the enforcement action will cease {§2105(a)(5)(D)}.

Publicly Available Information

Finally, it is important to note that DHS is required {§2105(a)(2)} to treat all whistleblower tips (except publicly available information) as protected information under the provisions of §2103 (also to be discussed at a later date).

Actually, the ‘publicly available information’ provision seems like it may be a bit of a problem for the Executive Branch. Anyone familiar with the rules for handling of classified information knows that classification protection requirements do not change if information becomes ‘publicly available’ without going through the declassification process. For example, people with security clearances are not supposed to discuss specific documents or information disclosed by Mr. Snowden or even have copies of such ‘publicly available’ documents in their possession.

There is a good reason for this as the public printing of a purportedly classified document does not mean that it is a true copy of that document or even that such a classified document actually exists. As long as the government can continue to maintain the fiction that the document is not real, the secret continues to be at least partially kept.

Interestingly, nothing about publicly available information not being protected information is mentioned in §2103. It will be interesting to see how regulations and policy develop out of this.

No comments:

/* Use this with templates/template-twocol.html */