Manager who referred to mask as "KKK hood" lawfully terminated for "cause"

On November 16, 2021, Employment Law News from WK WorkDay posted the following item by Ronald Miller, J.D.

A manager for an automobile repair business, who referred to respiratory masks as a “KKK hood,” and asked a Black employee if he were offended by the name and whether he wanted to try it on, was lawfully terminated under the terms of an employment agreement, a Florida District Court of Appeal ruled. In so ruling, the appeals court reversed a trial court’s award of damages to the employee for improper termination. Contrary to the trial court, the appeals court determined that the employee’s intent was irrelevant since he was also discharged for his conduct. Accordingly, the employer properly exercised its right to terminate the employee under its harassment policy (Master Collision Repair, Inc. dba Gerber Collision v. Waller, November 3, 2021, Roberts, C.).

“KKK hood” reference. The employer is in the automotive collision repair business. It hired the employee as a market manager responsible for the management of several locations. On March 7, 2018, he was in one of the employer’s stores to conduct fit testing for respiratory masks certain employees had to wear when performing tasks like sanding and painting. While there, the employee repeatedly referred to the respiratory mask as a “KKK hood.” He then asked a Black employee, who worked in the front office and was not part of the fit test group, if he would be offended if the mask was referred to as a “KKK hood” and if he wanted to try it on.

Senior management and human resources were made aware of complaints about the employee’s behavior. HR immediately began an investigation and the store’s general manager confirmed that the employee had asked other employees to put on the “KKK hood.” The employee himself admitted referring to the mask as a “KKK hood” and admitted that he asked the Black employee to try it on, but claimed he was joking. A few days later, the Black employee tendered a resignation letter detailing the employee’s conduct and the distress it had caused him.

After determining that the complaints against the employee were substantiated, the employer notified him that he was terminated for cause under his employment agreement.

Breach of contract claim. The employee sued the employer for breach of contract, arguing he was improperly terminated because he had not received written notice and a 30-day cure period under the terms of the employment agreement. Following a bench trial, the trial court entered judgment in favor of the employee and awarded him severance pay and health benefits for a six-month period. This appeal followed.

The appeals court concluded that the trial court erred in finding the employer improperly terminated the employee without first providing him notice and an opportunity to cure. The employment agreement plainly defined “cause” to mean willful failure and/or gross negligence in the performance of duties or the material breach of the terms and conditions of the agreement. Clearly, the employment agreement provided two separate avenues for the employer to terminate an employee for “cause” based upon a violation of the terms and conditions of the employment agreement. The second provision gave the employer leeway to terminate the employee immediately with written notice of the violation of the terms and conditions of the employment agreement without providing an opportunity to cure.

Under the agreement, the employee was responsible for performing his duties in accordance with employer policies, including the harassment policy contained in the employee handbook. Thus, the trial court erred in concluding that the employer failed to properly terminate the employee.

Employee intent. Similarly, the appeals court concluded that the trial court erred in finding that the employer did not conduct a good faith investigation or assess the ability to cure before terminating the employee. The trial court found the employer failed to investigate the employee’s intent, and without intent, his use of the term “KKK hood” might not be racial harassment. This was error. Rather, the record was clear that the employee was not terminated for words alone, but also for his conduct—he invited a Black employee to try on the “KKK” hood. At any rate, the employee’s intent was irrelevant to the employer’s determination that his conduct constituted harassment as defined under the employer’s harassment policy.

Accordingly, the judgment of the trial court was reversed.

Woman arrested for allegedly stealing and cashing her deceased sister's NYS Employees' Retirement System retirement benefit checks

On November 16, 2021, New York State Comptroller Thomas P. DiNapoli and Brooklyn District Attorney Eric Gonzalez announced the arrest of Latrenda Dixon for the alleged theft*of some $8,000 in retirement benefits sent to her deceased sister by the New York State Employees' Retirement System. 

Dixon, 52, of the Bronx is charged with illegally cashing 20 checks in Brooklyn for nearly $8,000 issued by the New York State and Local Retirement System to her deceased sister, Linda Dixon. She cashed the checks using her sister’s state employee ID at a check cashing location.

“Ms. Dixon attempted to scam the pension system by allegedly pretending to be her deceased sister,” DiNapoli said. “My thanks to District Attorney Gonzalez for his continued partnership in safeguarding the New York State and Local Retirement System.”

“Stealing from the state pension system is not a victimless crime; law abiding taxpayers end up paying the price,” said Brooklyn District Attorney Gonzalez. “I would like to thank State Comptroller DiNapoli for all of the work his agency did to bring this defendant to justice. We will now seek to hold her accountable for her alleged actions.”

Dixon was charged with grand larceny in the third and fourth degree; scheme to defraud in the first and second degree; identity theft in the first and second degree; 20 counts of criminal possession of a forged instrument in the first degree; 20 counts of criminal possession of a forged instrument in the second degree, and criminal possession of stolen property in the third and fourth degree.

She was arraigned in Kings County court and released without bail on her own recognizance. Dixon is due back in court Nov. 30, 2021.

This case was investigated by the Office of the State Comptroller’s Division of Investigations in partnership with the Brooklyn District Attorney’s Office.

The case is being prosecuted on behalf of the Brooklyn D.A.’s Office by Senior Assistant District Attorney Nicole Manini, of the District Attorney’s Green Zone Trial Bureau, under the Supervision of Assistant District Attorney Glenn Singer, Assistant District Attorney Sara Kurtzberg, and Assistant District Attorney Sasha Pemberton, Green Zone Deputy Bureau Chiefs. 

* N.B. These charges are accusations and the individual is presumed innocent unless and until proven guilty.

 

Per diem substitute teacher eligible to receive unemployment insurance benefits despite the school district's claim that she had not worked "the required 20 days as a substitute teacher"

A claimant [Claimant] for unemployment insurance benefits worked as a per diem substitute teacher for the City School District of the City of New York [NYCSD] during the 2017-2018 school year. She was paid only for the days she worked.

Claimant worked a total of 18 days during that school year, often declining per diem assignments due to conflicts with her other part-time job and other reasons. She last worked on June 25, 2018, the final day of school. On July 16, 2018, NYCSD advised Claimant that she was ineligible to serve as a substitute teacher in the 2018-2019 school year as she had not worked the required 20 days as a substitute teacher in the prior school year.

The Department of Labor determined that Claimant was eligible to receive benefits. NYCSD appealed, contending that Claimant "had provoked her discharge for failing to complete the required 20 days of per diem work."

After a hearing, an Administrative Law Judge and, thereafter, the Unemployment Insurance Appeal Board, affirmed the Labor Department's initial determination, finding that, as a per diem employee, Claimant's employment relationship with the school district ended on her last day of work, June 25, 2018. As such, Claimant did not have an employment relationship with at the time that she applied for benefits and thus could not be found to have provoked her discharge or voluntarily quit.

NYCSD appealed the Board's determination but the Appellate Division sustained the Board's ruling, explaining that as there is substantial evidence supporting the Board's determination, it must be affirmed.

The narrow issue presented was whether the Board correctly determined that Claimant, a per diem employee who was last employed by NYCSD on June 25, 2018, did not thereafter cause her discharge or voluntarily quit by not pursuing avenues to renew her per diem eligibility nor did NYCSD establish that it was compelled to discontinue Claimant's status as a per diem teacher on that basis.

Accordingly, the Appellate Division found that Claimant was entitled to the unemployment insurance benefits awarded to her by the Labor Department and that the wages paid to her by NYCSD can be used to establish a future claim for benefits.

Click HEREto access the Appellate Division's ruling.

New York State needs to improve cybersecurity support to local governments and public authorities

In a letter dated November 12, 2021, New York State Comptroller Thomas P. DiNapoli advised the New York State's Division of Homeland Security and Emergency Services [DHSE] that his audit of its operation indicates that DHSES cannot assure the critical cybersecurity support they are providing to state agencies, local governments, and public authorities through their Cyber Incident Response Team [CIRT] to achieve the desired outcomes or is targeting the appropriate customers and their needs.

Essentially, the audit reports that the agency responsible for providing cybersecurity help to 2,800 public entities responds to attacks lacks strategies for preventing them.

“New York’s Cyber Incident Response Team plays a vital role in safeguarding our infrastructure and critical data against cybersecurity threats,” DiNapoli said. “There are a lack of forward-thinking strategies, widespread training, and specific and measurable objectives that are critical in assessing progress. Additionally, the agency needs to be more proactive. As cybersecurity attacks continue to rise, I encourage the state’s Division of Homeland Security and Emergency Services to take quick action on this urgent issue.”

The recent passage of the federal Infrastructure Investment and Jobs Act underscores how critical strengthening cybersecurity is across New York. The legislation will provide much needed funding for local governments to modernize and protect their networks against future cyberattacks. In New York, cyberattacks have impacted public entities large and small, including reported attacks at state agencies; 911 systems; counties including Albany, Chenango, Erie, Nassau, Schenectady and Schuyler; cities including New York, Buffalo, Yonkers, Long Beach and Olean; towns including Brookhaven, Ulster, Canandaigua and Moreau; as well as school districts like Buffalo Public Schools and Guilderland Central School District.

Cyberattacks pose a fiscal risk and can have significant impacts on the public when they target public authorities and local governments, including water systems, utilities, airports, schools and health care facilities. For example, a 2019 ransomware cyberattack on the City of Albany cost the city roughly $300,000 because of destroyed servers, the cost to upgrade user security software, the purchase of firewall insurance and the performance of other improvements to firm up the city’s systems.

Cybercrimes, including phishing remain on a troubling rise and reach far beyond New York. Between 2019 and 2020, complaints of cyberattacks increased by 110%, from 114,702 in 2019 to 241,342 in 2020, according to the Federal Bureau of Investigation.

The rise in cybercrimes across our state highlight how vulnerable local governments are and presents CIRT with an opportunity to implement solutions ahead of future attacks. Between May 2018 and December 2020, CIRT responded to 122 cyberattacks statewide, including 39 phishing incidents, 23 ransomware attacks and incidents of compromised accounts.

Although it is responding to incidents, CIRT has not made enough progress when it comes to proactively evaluating the cybersecurity needs of the agencies it assists and measuring its progress in improving security. Its activities have only reached a fraction of the 2,800 entities it is responsible for. For example, despite acknowledging the need for specific training on how to detect phishing and prevent ransomware attacks, CIRT only provided five training sessions on phishing emails between July 2020 and March 2021.

Between August 2019 and December 2020, CIRT conducted just 11 risk assessments at counties and other local government entities, upon request by those entities. It also held or participated in 32 training sessions and 13 tabletop exercises, which stimulate discussion of various issues regarding a hypothetical situation, for county Boards of Elections, critical infrastructure, and transportation authorities to test whether they were prepared for a cyber incident emergency. 

DiNapoli’s audit also noted that most of CIRT’s activity is on a by-request basis or when areas of need are identified. Failure to conduct proactive outreach limits the ability to evaluate the needs of the entities in its purview and effectively prevent cyberattacks.

Officials said that they did not do surveys or collect data to see how many of the entities it covers have undertaken their own training. Without clear goals and documentation of security needs and progress officials cannot be assured their work is achieving the desired outcomes, if it is focused where public entities most need help, and if its limited resources are being used to the greatest benefit of the entities it was created to support.

DiNapoli offered several recommendations, including that DHSES:

Develop specific, measurable objectives and quantifiable, attainable goals, along with associated reporting mechanisms, to allow CIRT to evaluate if it is achieving its mission.

Take steps to determine the cybersecurity needs of the agencies, local governments, and public authorities CIRT is charged with supporting.

DHSES generally disagreed with the audit’s recommendations. CIRT officials stated that it has developed a sound and effective cybersecurity program that delivers valuable services to the entities they support. The agency’s full response is included in the audit.

Click HERE to access the Cyber Incident Response Team Report 2020-S-58.

New York State needs to improve cybersecurity support to local governments and public authorities

In a letter dated November 12, 2021, New York State Comptroller Thomas P. DiNapoli advised the New York State's Division of Homeland Security and Emergency Services [DHSE] that his audit of its operation indicates that DHSES cannot assure the critical cybersecurity support they are providing to state agencies, local governments, and public authorities through their Cyber Incident Response Team [CIRT] to achieve the desired outcomes or is targeting the appropriate customers and their needs.

Essentially, the audit reports that the agency responsible for providing cybersecurity help to 2,800 public entities responds to attacks lacks strategies for preventing them.

“New York’s Cyber Incident Response Team plays a vital role in safeguarding our infrastructure and critical data against cybersecurity threats,” DiNapoli said. “There are a lack of forward-thinking strategies, widespread training, and specific and measurable objectives that are critical in assessing progress. Additionally, the agency needs to be more proactive. As cybersecurity attacks continue to rise, I encourage the state’s Division of Homeland Security and Emergency Services to take quick action on this urgent issue.”

The recent passage of the federal Infrastructure Investment and Jobs Act underscores how critical strengthening cybersecurity is across New York. The legislation will provide much needed funding for local governments to modernize and protect their networks against future cyberattacks. In New York, cyberattacks have impacted public entities large and small, including reported attacks at state agencies; 911 systems; counties including Albany, Chenango, Erie, Nassau, Schenectady and Schuyler; cities including New York, Buffalo, Yonkers, Long Beach and Olean; towns including Brookhaven, Ulster, Canandaigua and Moreau; as well as school districts like Buffalo Public Schools and Guilderland Central School District.

Cyberattacks pose a fiscal risk and can have significant impacts on the public when they target public authorities and local governments, including water systems, utilities, airports, schools and health care facilities. For example, a 2019 ransomware cyberattack on the City of Albany cost the city roughly $300,000 because of destroyed servers, the cost to upgrade user security software, the purchase of firewall insurance and the performance of other improvements to firm up the city’s systems.

Cybercrimes, including phishing remain on a troubling rise and reach far beyond New York. Between 2019 and 2020, complaints of cyberattacks increased by 110%, from 114,702 in 2019 to 241,342 in 2020, according to the Federal Bureau of Investigation.

The rise in cybercrimes across our state highlight how vulnerable local governments are and presents CIRT with an opportunity to implement solutions ahead of future attacks. Between May 2018 and December 2020, CIRT responded to 122 cyberattacks statewide, including 39 phishing incidents, 23 ransomware attacks and incidents of compromised accounts.

Although it is responding to incidents, CIRT has not made enough progress when it comes to proactively evaluating the cybersecurity needs of the agencies it assists and measuring its progress in improving security. Its activities have only reached a fraction of the 2,800 entities it is responsible for. For example, despite acknowledging the need for specific training on how to detect phishing and prevent ransomware attacks, CIRT only provided five training sessions on phishing emails between July 2020 and March 2021.

Between August 2019 and December 2020, CIRT conducted just 11 risk assessments at counties and other local government entities, upon request by those entities. It also held or participated in 32 training sessions and 13 tabletop exercises, which stimulate discussion of various issues regarding a hypothetical situation, for county Boards of Elections, critical infrastructure, and transportation authorities to test whether they were prepared for a cyber incident emergency. 

DiNapoli’s audit also noted that most of CIRT’s activity is on a by-request basis or when areas of need are identified. Failure to conduct proactive outreach limits the ability to evaluate the needs of the entities in its purview and effectively prevent cyberattacks.

Officials said that they did not do surveys or collect data to see how many of the entities it covers have undertaken their own training. Without clear goals and documentation of security needs and progress officials cannot be assured their work is achieving the desired outcomes, if it is focused where public entities most need help, and if its limited resources are being used to the greatest benefit of the entities it was created to support.

DiNapoli offered several recommendations, including that DHSES:

Develop specific, measurable objectives and quantifiable, attainable goals, along with associated reporting mechanisms, to allow CIRT to evaluate if it is achieving its mission.

Take steps to determine the cybersecurity needs of the agencies, local governments, and public authorities CIRT is charged with supporting.

DHSES generally disagreed with the audit’s recommendations. CIRT officials stated that it has developed a sound and effective cybersecurity program that delivers valuable services to the entities they support. The agency’s full response is included in the audit.

Click HERE to access the Cyber Incident Response Team Report 2020-S-58.