Are You Ready for California’s New Workplace Violence Prevention Regulation?
California’s Senate Bill 553 (SB 553) is now in effect, requiring nearly all California employers to create, adopt, and implement written workplace violence prevention plans.
The law amended the U.S. state's labor and civil procedure codes to require most organizations to establish a written workplace violence prevention plan and employee training program by 1 July 2024. There are a few exempt organizations, including employers covered by existing workplace violence prevention in healthcare standards and locations not open to the public with fewer than 10 employees.
The law is enforceable under California’s division of the Occupational Health and Safety Administration (Cal/OSHA). But it’s unclear at the moment what enforcement will look like, how regulators will assess unique cases, and what will be deemed “effective” measures under the law, says Steve Powers, associate managing director of the enterprise security risk management practice at risk and financial advisory firm Kroll.
“The word ‘effective’ is referenced in the bill several times, but what does the word effective mean?” he asks. “Is that zero incidents? Which is an unrealistic measure. But no one has defined what effective means. So, if somebody comes in and Cal/OSHA inspects my particular business and says, ‘Your plan is ineffective,’ I would hope they spell out what they mean by that. The word ‘effective’ to me may mean something different to you.”
Despite those unknowns, Powers says that SB 553 is one of the most comprehensive pieces of workplace violence prevention law he has seen, expanding the focus across industries and addressing best practices and prevention.
In general, workplace violence legislation is brought about as a response to an incident, and SB 553 is no exception. It was originally prompted by the 2021 shooting at the Valley Transportation Authority railyard in San Jose, California. The bill was pushed forward amid increases in workplace assaults and violence during the COVID-19 pandemic before being passed in October 2023.
Cal/OSHA had been developing a Workplace Violence General Industry plan for years, and SB 553 accelerated the creation of the standard. The plan is due to be adopted by no later than 31 December 2026. But in the meantime, employers must still create workplace violence prevention programs, even though the parameters can feel a little fuzzy.
“SB 553 goes into effect during a time of heightened risk,” wrote Insurance Journal. “Political violence in the U.S. is at its highest point since the 1970s, and this year’s presidential election could trigger further violence. It is certainly an opportune time for businesses to acknowledge and prepare for the potential for violence in the workplace. But despite placing a clear responsibility on employers to develop these plans, the bill stops short of detailing what the plans should look like, and many businesses may find themselves unprepared as a result.”
Personally, Powers says that many businesses are not ready for this moment.
“I also assume that Cal/OSHA is not equipped to begin immediate inspections and would likely do so in response to an incident,” Powers explains.
“This particular bill is very robust. It attempts to address workplace violence from every perspective, except maybe threat assessment and management,” he adds. “It does a very good job of calling out the violent incident log and having data to be able to drive mitigation and correction.”
What Does SB 553 Cover?
The law requires businesses—including those not based in California but with an employee presence in the state—to address all four major types of workplace violence in their plans and training.
Type 1: criminal intent. Workplace violence committed by a person who has no legitimate business at a worksite, including retail robberies, robberies of cab drivers, and threats and acts of violence directed at security guards.
Type 2: customer/client. Workplace violence directed at employees by customers, clients, patients, students, inmates, or visitors.
Type 3: worker-on-worker. Violence against an employee by a current or former employee, supervisor, or manager.
Type 4: personal relationship. Violence committed in the workplace by a person who does not work there but has, or had, a personal relationship with an employee.
Workplace violence can entail any act or threat in the form of physical aggression, harassment, intimidation, or threatening behavior at a workplace.
The law requires employers to log violent incidents and provide training on workplace prevention, including additional training when new hazards are identified or the plan changes.
One challenge is that hazards are not clearly defined in the law. The term workplace hazard is most regularly used with workplace safety measures like spills, chemical access, or fall risks, but it is being articulated differently in SB 553, Powers says. In this case, a workplace violence hazard could potentially include circumventing security procedures, such as propping open a door for a smoke break or sharing credentials. The location of the business itself or the type of operation it's engaged in could also be considered hazards that need to be addressed with a plan.
Despite placing a clear responsibility on employers to develop these plans, the bill stops short of detailing what the plans should look like.
Workplace Violence Prevention Plan Requirements
Employers need to start with an assessment to identify and evaluate workplace violence hazards. These could include the exchange of money, lone workers, working at night, availability of valuable items, performing public safety functions in the community, or working with people or customers who have a history of violence or threatening behavior.
The plan can be incorporated into a company’s injury and illness prevention program, it must be in writing, and it must include:
- Names or job titles of the people responsible for implementing the plan
- Effective procedures to obtain active involvement from employees and their representatives in developing and implementing the plan—including in identifying hazards, designing training, and reporting incidents
- Methods the employer will use to coordinate plan implementation and ensure employees know their roles in the plan
- Effective procedures for the employer to accept and respond to reports of workplace violence, prohibiting retaliation against employees who report hazards
- Effective procedures to communicate with employees about workplace violence matters
- Effective procedures to respond to actual or potential workplace violence emergencies
- Procedures for post-incident response and investigation
- Procedures to review and revise the plan as needed
Plans must be reviewed at least annually. They must also be reviewed and revised any time a deficiency or new hazard is observed or reported, or after a workplace violence incident occurs.
These workplace violence prevention plans require employee input, seeking to alter the typical top-down policies to have more real-world applications and feedback. The law does not specify, however, exactly how much employee input is needed to fulfill that requirement.
California’s Department of Industrial Relations developed a model workplace violence prevention plan as a starting point for employers, but plans must be customized to address their specific workplace needs—a basic template will not fulfill regulatory requirements. The plan needs to be a living document that evolves based on changing hazards and employee input, Powers says.
In some cases, organizations might need more than one plan. According to a Global Guardian interview with Robin Welch Stearns of the Pacific Resilience Group, a pharmaceutical company with manufacturing facilities and offices in California will likely need two plans—one for each type of site and its unique hazards.
Training Requirements
SB 553 requires employers to provide initial training when the plan is established and provide annual training thereafter. Training must use appropriate content and vocabulary for the educational level, literacy, and language of employees, according to a briefing by law firm Procopio, Cory, Hargreaves, & Savitch LLP.
The training cannot be an off-the-shelf security awareness or workplace violence training. It must be designed based on the specific elements of the employer’s written workplace violence prevention plan.
Training needs to include:
- The employer’s workplace violence prevention plan and how employees can obtain a free copy of the plan
- How to report workplace violence hazards and incidents
- Corrective measures that the employer has taken on workplace violence hazards
- How to seek assistance to prevent or respond to violence
- Strategies to avoid physical harm
- Information about the violent incident log and how employees can obtain a copy.
Employers must retain training records for at least one year.
Reporting Requirements
Employers are required to keep detailed logs of workplace violence incidents that can be made accessible to employees and others, but without personally identifying information. That log must include:
- Data, time, and location of an incident
- Detailed description of the incident
- Classification of who committed the violence (stranger, customer, worker, or domestic partner)
- Violence type, such as physical attack or threat, whether weapons were involved, or if it was a sexual assault
- Consequences of the incident, such as whether security or law enforcement was contacted
This log must be retained for five years. Employees can request to view and copy the log, which must be provided within 15 calendar days of the request.
SB 553 does a very good job of calling out the violent incident log and having data to be able to drive mitigation and correction.
Changes to Restraining Orders
SB 553 also enables employers to petition for temporary restraining orders (TRO) and orders after hearings on behalf of employees.
SB 553 “authorizes collective bargaining representatives, not just employers, to petition for TROs on behalf of employees, allowing even more relief for employees faced with threats and violence,” explained law firm Seyfarth in a summary of the California law. “SB 553 also provides for employee names to be withheld from the TRO papers, providing anonymity for victims who otherwise might have hesitated on supporting a TRO for fear of retaliation from the individual at issue.”
The new law also expands which types of conduct qualify for a TRO and allows employers to seek orders on behalf of employees who suffer harassment, not just violence or threats of violence.
Key Elements Remain Ambiguous
There are still a lot of questions around the implementation of this law, including what enforcement looks like and what counts as “effective.” Civil penalties and fines are on the table, but will Cal/OSHA conduct inspections or will those penalties be levied after an incident?
Fines for Cal/OSHA violations can be steep—up to $15,000 for general or regulatory violations and nearing $159,000 for willful and repeat violations. Non-compliance can also put organizations at risk for increased litigation. So, it behooves organizations to make a good faith effort at compliance while waiting for the regulatory equivalent of case law to set precedents on what counts and what doesn’t under the new law, Powers says.
Along with their employees, employers should consider contractors or other third-party individuals: Whose responsibility is it to ensure they know an organization’s plan? Would they be able to request access to the organization’s log of incidents?
Even which businesses are exempt from the law can be debated. For organizations with a small office of nine employees in California, they could be exempt provided there is no public access to the office.
But how far does “no public access” reach, Powers asks. What if the office accepts deliveries or has a team meal catered? What if unexpected visitors or customers come to the office to seek a meeting? For a law office, would runners bringing court documentation count as public access? Is total isolation required to meet that exemption? How would this rule apply to remote workers who gather occasionally for team meetings or outings?
In addition, Cal/OSHA has the right to overrule an exception, but it is unclear when that would apply. It is likely that the regulator could reassess a business’s exempt status after an incident and make it subject to the law moving forward, Powers says.
“I would hope that Cal/OSHA is going to provide some updated guidance because people are just throwing things out there,” he adds. “There’s a lot of confusion.”
The law could also place a significant burden on employers, especially small businesses with limited resources and staff time. Powers references the idea of a family-owned convenience store, which is open to the public, open during late hours, and could face criminal activity and violence. That business would need to establish a workplace violence prevention plan and train staff on it. Then, with each subsequent hazard identified or incident—including attempted robberies or harassment—the business would need to reassess its hazards, mitigate, and retrain.
“Depending on the size on of an organization, this is going to require a tremendous amount of input and time, and for entities without a security organization or dedicated environmental health and safety office, they don’t have the ability to do this, and they are scrambling,” Powers says.
Even businesses without a presence in California should pay close attention to this rollout.
“While California is the first state to enact such a broad workplace violence prevention law, other states are considering similar legislation,” the Insurance Journal explained. “There were more than 100 workplace violence bills introduced last year across 27 states, with a quarter of those bills enacted and half still pending, according to LexisNexis State Net Insights. Employers in all those states should also be watching the rollout of SB 553 closely, as they may soon find themselves with similar requirements.”
Powers adds that “there’s a lot to unpack with this. I think they’re trying to do the right thing, but this is far easier said than done.”
