Mistakes Restaurant Owners Make Related to Cyber Liability

October 25, 2017

By Jason VanGotten, Colorado Restaurant Insurance

Even with all the recent news headlines related to data breaches and cyber attacks, the likes of which have never been seen before, cyber liability is a relatively new area of risk that restaurant owners now face. As customer data continues to be obtained and stored by restaurants, the risk of a data breach inside or outside the restaurant continues to increase year over year. Malicious hackers typically steal credit card data from restaurants that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic strip. Thieves then use that data to clone the cards and use the counterfeits to purchase high-priced merchandise, or put them up for sale in a so-called theft bazaar such as Joker’s Stash prior to the card-issuing banks cancelling them.

 

In the midst of this are some very dangerous misconceptions held by restaurant owners. These misconceptions keep them from taking necessary steps to better understand their cyber risk and coverage related to such vulnerabilities.

 

Consider these 4 Common Mistakes a Restaurant Owner Can Make in this area of risk management.

 

My general liability insurance protects me in the event of a data breach or cyberattack. Most restaurant owners purchase a general liability or businessowners policy believing their insurance agent has placed this as an optional coverage on the policy. But for now that is very rare. Even if it that were the case, the policy will only provide defense coverage for the insured, typically up to $25,000 to $50,000. Your general liability coverage lacks the breadth needed to properly protect the restaurant owner from the cyber liability losses. A stand-alone cyber policy provides the broadest coverage a restaurant owner needs for third party costs, data breach response, PCI fines levied from card services, notification resources, legal fee’s and forensic costs. Not investigating this closely is akin to leaving your restaurant door open when you leave at night, not a great strategy for ensuring the safety of your restaurant.

 

A stand-alone cyber policy will be unaffordable. Depending on your restaurant size and gross revenues, a typical restaurant owner can expect to pay between $900 to $3,000 annually for a stand-alone cyber policy. However, the risks of loss may be too great to ignore this protection, in particular your brand image after a data breach or cyberattack.

 

My IT company and firewalls installed will protect me. These entities have a service level agreement (SLA) with your restaurant. When was the last time you reveiwed your SLA? Many times these agreements do not protect you, the restaurant owner, instead it protects them from any involvment related to a data breach or cyberattack. Make sure you check your SLA and have a conversation with your IT company to see what they will do for you in the event of a data breach or cyberattack. Many times your employees pose huge risks to the safety of your cyber data, from opening suspicous emails, downloading malware or even losing smartphones with connections or memorized passwords. Remember that a data breach can also occur with employee records that are not well protected or disposed of properly.

 

My merchant services are protection enough. Again, there is a service level agreement between you and your merchant servicing company. While this may give a restaurant owner hope, chances are that you will ultimately be responsible for protecting your customer’s data as it passes through your IT systems. Therefore, you should consider the costs to your restaurant if your merchant services vendor does not agree, or points the finger in your direction for who is responsible.

 

A cyber criminal can strike with little to no warning, leaving the restaurant owner with tremendous clean up cost; from data recovery to rebuilding your restaurant’s brand reputation. An owner or manager can only do so much. The people that deal in the day-to-day operations of the restaurant also need to be aware of what to do and why to do it. As a restaurant owner you owe it to yourself and your employees to investigate this protection and risk before you decide not to worry about it. A restaurant owner must be deliberate and careful in purchasing cyber coverage. Specific risks must be understood and the appropriate coverage identified.

For more information pertaining to cyber liability coverage, please contact Jason VanGotten at jvangotten@corestaurant.org

BREAKING NEWS!! New Ruling on Tips in Colorado!!

July 7, 2017

BREAKING NEWS!! New Ruling on Tips in Colorado!!

We recently became aware of a Court case decision that directly impacts the restaurant industry. It changes the rules on tips depending on if you take the tip-credit or not. Due to the complexity of this issue, it is important for you to read the ENTIRE story before acting. You may or may not wish to make any changes based on the information provided. However, if you do choose to make any changes, we recommend that you seek council prior to doing so.

On June 30, the Tenth Circuit Court of Appeals decided a case concerning tipped employees that sets a new legal precedent for employers in the State of Colorado. In Marlow v. The New Food Guy, Inc, the Court decided in favor of the employer, closing the door on claims that tipped employees have a “property right” to tips paid as a result of customer service, as long as the employer pays the employees FULL minimum wage or more. This decision rejects the Federal Department of Labor rule stating tips are the property of the employee and outside of a legal tip pool, the employer can’t direct where that money goes.

The CRA recently told me I couldn’t share tips with the back of house, why has this changed?

Last year, the Ninth Circuit Court of Appeals ruled in a very similar case (Oregon Restaurant & Lodging Association v. Perez) that tips were the property of the employee and outside of a legal tip pool, the employer couldn’t direct where those tips went. Additionally, the Court determined that tips could only be shared with regularly tipped positions and not the back-of-the-house staff, regardless of the hourly rate paid to tipped employees. Because this was the most recent ruling on tips and tip pools, the CRA and labor attorneys suggested following the Ninth Circuit’s decision.

What has changed is the fact that restaurants in Colorado (and several other states) are subject to the Tenth Circuit Court of Appeals and that Court has just handed down a new ruling disagreeing with the ORLA case. This new ruling changes how restaurants in Colorado may want to handle tips and tip pools.

What does this mean for restaurants in Colorado?

As long as tipped employees are paid full minimum wage (not tipped minimum wage) or more by the employer, the employer can decide how tips are distributed. This means that in Colorado tipped employees currently must make $9.30 an hour and $13.95 for overtime, or more (note- this rate will increase every January 1). If your tipped employees are paid at least this much, then you as the employer can decide how tips will be distributed and can share them with the back of house or managers, and the business can even keep some or all of the tips. Keep in mind, however, that we still have the requirement in Colorado statute, C.R.S. § 8-4-103 (6), allowing an employer to assert claim to, right of ownership in, or control over tips only if the employer posts a printed card at least 12 inches by 15 inches in size with letters one-half inch high in a conspicuous location at the place of business. The card must contain a notice to the general public that all tips or gratuities given by the patron are not the property of the employee, but instead belong to the employer. If the employer does not post a printed card detailing tip ownership as described above, the employer may not exert any control over tips designated for an employee under Colorado law. For those of you who do business over the phone or email, such as the catering business in the Marlow case, you may want to include this same notice in your catering agreements as well.

Is this permanent?

We don’t know. A group of restaurants and trade associations (including the NRA) have petitioned the Supreme Court to take up the ORLA case. This case now directly contradicts it. If the Supreme Court decides to take up this issue and rules in a certain way, restaurants will have to go back to only sharing tips with regularly tipped employees. Currently, it is not clear if the Supreme Court is even going to take up the case and if they do, it could be years before there is a ruling.

What do I need to do now?

For all of these reasons, you may want to take a more conservative, wait-and-see approach and keep your business model as is. However, some employers may want to adopt the above-outlined steps. This is the time for you to reach out to your business advisers to determine the best solution for you and your employees.

If you have any questions about tip pools, wage and hour issues, or questions about this new precedent, please contact Nick Hoover by email or call 303-830-2972.

Pinnacol Pointers: Keeping Your Workers Safe Behind the Wheel

July 1, 2017

According to the National Census of Fatal Occupational Injuries from the U.S. Dept. of Labor, Bureau of Labor Statistics, employers experienced 4,836 fatal workplace injuries in 2015, and roadway incident fatalities claimed more than one-quarter of the total. You can protect your organization’s most valuable asset — your employees — by promoting safe driving practices.

In worksite procedures and workplace signage, encourage these 10 safe driving practices to reduce the risks faced by your employees when they get behind the wheel:

  1. Inspect the vehicle. Check the lights, gauges, brakes, horn, tires, windshield wipers, fluids, belts and mirrors.
  2. Secure cargo such as tools and other equipment.
  3. Buckle up. A seatbelt reduces risk of death by 45 percent in cars and by 60 percent in light trucks.
  4. Drive defensively.
  5. Avoid distractions. Put down the cell phone and do not text.
  6. Don’t wear headphones or earbuds while driving.
  7. Avoid impairment.
  8. Avoid aggressive driving.
  9. Maintain a safe distance between moving vehicles and slow down during inclement weather.
  10. Take security measures. Carry vehicle information at all times, secure the vehicle and avoid parking lots with poor lighting or sightlines.

 

Pinnacol Resources

Visit Pinnacol’s Knowledge Center page on driving safety. The many resources on this webpage for policyholders include a sample driving and traffic violation policy, defensive driving quizzes, a vehicle safety checklist, seatbelt safety posters in English and Spanish, a short defensive driving video, and additional tools and tips to enhance the motor vehicle safety of your employees. Pinnacol’s website also lists online, interactive safe driving training available from J.J. Keller. Or, contact Pinnacol’s Safety On Call online or at (303) 361-4700 or (888) 501-4752. Our Safety Services team stands ready to answer questions and help keep your workers safe on the road.

What to Expect When ICE Knocks on Your Door

June 28, 2017

The CRA has been receiving an increased number of calls from employers that have received a visit from ICE agents or who are concerned about what to do when/if they do receive a visit.

We thank Hans Meyer and Julie Gonzales of The Meyer Law Office for conducting a free seminar designed to give you an update on what to expect, what your rights as an employer are and how to comply with immigration laws during the hiring process.

This presentation covered:

•Background: Trump administration immigration enforcement policies
•I-9 Audits – The process & the consequences
•Social Security “No-Match Letters”
•What you have to do if confronted by an “ICE RAID”
•What you can do for before an ICE raid occurs
•What you can do for employees who have been “picked up” Immigration court 101
•Recent Scenarios
•Question and Answers

Some Handout Materials from that seminar are found below.
Know your Rights for Employers Presentation
Redacted Notice of Inspection Letter from ICE
Redacted DHS Subpoena
Redacted DHS Administrative Warrant
Employer – Know Your Rights

And in case you need an updated I-9 Form, you can get it HERE

If you have any questions about this content, contact the CRA Office 303-830-2972. Or contact The Meyer Law Office, PC for more information specifically on Immigration Law.