Category Archives: Reputation Risk

Immediate Vault Immediate Access

RIMS ERM Conference 2021: A Case-Study Approach to “Solve Any DEI Issue in One Hour”

Posted on by

At today’s RIMS ERM Conference 2021, a hybrid event with in-person experiences in New York City and virtual content online, many of the presenters focused on the intersection of ERM (enterprise risk management) with other mission-critical three-letter topics, including ESG (environmental, social and governance) and DEI (diversity, equity and inclusion).

In one of the afternoon’s sessions, “Identify and Solve Any Organizational DEI Issue In One Hour,” presenter Layne Kertamus, professional in residence of risk management and insurance at Utah Valley University, explored “new ways to talk about what needs to be said, and what needs to be listened to.”

“Most organizations that I’m aware of have moved past the idea that they have to do something on [DEI] issues for our stakeholders—it has moved on to ‘We cannot afford to not have some real results in these arenas’ and that should be motivation enough, if we needed any motivation,” Kertamus said. “The issue will not go away and it will evolve. Hopefully we can find a way to make this not just a prompt for change, but a real asset.”

Kertamus noted the particular challenges of the “frozen middle” in implementing meaningful DEI initiatives. Middle management feels pressure from both above and below to take DEI action, and “may react to hearing these goals with concern or dread—for example, thinking ‘My status and opportunities may now be more limited than they were before.’”

With the “why” and other background largely established, Kertamus focused the session on one approach to the “how” of DEI-related change. While many DEI discussions start with general open forums and reminders about being respectful and open, he noted that some of these approaches may lead to inauthentic or surface-level outcomes. To really get into an authentic plan that gains acceptance, Kertamus said, “sometimes we need to create environments where we can talk the way we need to talk.”

He proposed that organizations adopt a case study method to facilitate some of these discussions, outlining the “one hour” from his session’s title:

  • With this method, a “case presenter” brings their concern, challenge or passion to present a large-scale DEI-related issue in the workplace that impacts other stakeholders. A facilitator should be selected and need not be an expert, but must bring an open mind and a willingness to enforce time limits. A group of “peer consultants” is then gathered from across the company, perhaps at different levels or in different departments.
    online pharmacy lexapro with best prices today in the USA

  • First, the group listens to a five minute presentation from the case presenter, and then spends 10 minutes asking fact-based questions directed through the facilitator.
    online pharmacy flomax with best prices today in the USA

    It is critical that the questions are directed and perhaps even pointed, but be focused on facts and not opinions or defenses.
    online pharmacy cozaar with best prices today in the USA

  • The largest segment of the process is a group diagnostic session, spending 20 minutes examining what, if anything, the presenter may have left out, may have ignored as a result of their own lived experience, or other gaps in the issue. It is critical not to jump to solutions in this phase—you may get “answers,” but the purpose here is true diagnosis.
  • The next 10 minutes should be spent on group action brainstorming, brainstorming solutions for the presenter, embracing all perspectives and bringing personal experience, values, and insight to the table. “Be willing to give the presenter bad news, if necessary,” Kertamus urged. For example, you may need to acknowledge that there is no solution, or that they missed a strategic opportunity along the way. The presenter should remain quiet and listen during this step.
  • Next, the presenter gets 10 minutes to respond to the discussion, speaking candidly and asking questions after listening to the group’s brainstorming session. “This can be a defensive time, they may feel beat up, but it can also be an opportunity for real connection, understanding, and for making agreements and commitments moving forward,” he said.
  • If agreements are made, one question is critical before adjourning: “When will you move forward using action steps recommended today?” This can be a critical moment in advancing concrete plans and changes in attitude or approach to DEI in the workplace.

While this approach can be used with a wide range of issues as the focus “case,” Kertamus noted it is particularly useful with “problems where someone cannot just use their authority to impose a change or solution,” for example, a leader who has tried to implement changes and build equity and inclusion as values in a department but keeps meeting resistance. “This is really for instances where you accept the mission of the organization and want to make it real or palpable, but cannot just impose it, you need to open other dialogues,” he said.

If you are not attending the RIMS ERM Conference 2021 live this week, “Identify and Solve Any Organizational DEI Issue In One Hour” and other sessions from the event will be available to stream online during the event or later on-demand.

Court Overturns Prop 22, California’s Gig Worker Classification Law

Posted on by

On August 25, the Alameda County Superior Court in California declared that Proposition 22 (better known as Prop 22) violated the state’s constitution, overturning it and potentially putting a portion of the state’s gig work industry in peril. The controversial California ballot measure designated app-based gig workers like rideshare and food delivery drivers as independent contractors, meaning that the companies they ostensibly work for would not have to provide a minimum wage, health insurance, unemployment, sick leave or other benefits. Because the initiative was a ballot measure, the court found the law restricted the state legislature’s ability to regulate compensation rules, and said the measure also illegally prevented workers from collective bargaining and unionization. However, this ruling does not mean that gig workers will automatically be considered employees, as no previous law mandated that classification.

Before Prop 22’s passage in November 2020, California passed AB 5 in May 2019, which instituted a more rigorous test to determine whether workers were employees or independent contractors: if “the person is free from the control and direction of the hiring entity in connection with the performance of the work,” the work was outside the company’s usual business, and if the worker “customarily engaged in an independently established trade, occupation or business of the same nature as that involved in the work performed.”

Rideshare companies like Uber and Lyft essentially ignored AB 5 and poured $224 million into fighting for Prop 22, making it “the most expensive ballot measure in California history,” according to the Los Angeles Times. The measure passed with around 59% of the vote.

In a small concession for workers, Prop 22 did provide for a health insurance stipend, but an August 2021 UC Berkeley Labor Center survey of 500 drivers showed that only around 10% of workers were receiving it, and 40% had not heard about it at all. Since work hours are only defined by the time spent driving with a passenger, others do not work the required 15 hours per week on one app to qualify for the stipend. These and other factors prompted drivers and the Service Employees International Union (SEIU) to sue the state seeking to overturn the law.

For now, the Superior Court ruling will likely not change much for gig workers in California, as Uber and other companies have announced their intention to challenge it in higher courts and may ignore any of its other legal implications, leaving everyone involved with a shaky status quo: an overturned law that is effectively still being followed.

As Risk Management wrote in May, one danger of the continuing ambiguity surrounding gig worker classification is misclassifying workers, which can lead to heavy fines or lawsuits. For example, in January 2020, D.C.-based contractor Power Design Inc. agreed to pay $2.5 million for misclassifying 500 workers as independent contractors rather than employees. In August, food delivery app company Postmates settled with the city of Seattle for nearly $1 million for violating the city’s Gig Worker Paid Sick and Safe Time (PSST) ordinance. The payment will go to cover city fines and compensate more than 1,600 workers for back wages. Additionally, withholding benefits, overtime, and meal and rest breaks (whether a result of misclassification, or in general) can result in workers filing class action lawsuits against the company, potentially resulting in significant costs, impacting productivity and damaging the organization’s reputation.

Another risk for gig work companies is insufficient safety measures for workers. Unlike with formal employees, companies often do not provide gig workers with safety training and may not offer formal ways to report safety concerns. This creates an environment where workers who are often under pressure to complete as many rides or tasks as quickly as possible may get into accidents or leave dangers unreported, creating liabilities for themselves and the company.

online pharmacy reglan with best prices today in the USA

Other states have their own gig work regulations either on the books or in the works and President Joe Biden has expressed support for gig worker classification as employees, but there is currently no national legislation on this issue. However, in March, the House of Representatives passed the Protect the Right to Organize Act (or PRO Act), which would reclassify gig workers as employees, affording them all the benefits included in that status.

online pharmacy spiriva inhaler with best prices today in the USA

The Senate has not yet taken up the measure.

New York City’s New Biometric Information Law Governs Collection and Use of Consumer Health Data

Posted on by

For risk professionals, the COVID-19 pandemic has increased the importance of ensuring customer and employee safety measures are incorporated into operations, processes and future strategies. As many businesses reopen from pandemic shutdowns or return from remote work arrangements, some enterprises are now exploring both the effectiveness and the risks associated with conducting health screenings that collect biometric information and other personal health data.

This month, New York City released the Biometric Information Law, a new measure that goes into effect on July 9 and imposes disclosure requirements on businesses that collect consumer biometric information.

online pharmacy ciprodex with best prices today in the USA

It also sets parameters on what they can do with that information, most importantly, prohibiting the exchange of biometric information for anything of value.

As detailed in recent client notice from the law firm Reed Smith, highlights from the law include:

  • The measure requires a business that “collects, retains, converts, stores or shares biometric identifier information of customers” to place a “clear and conspicuous sign” near all consumer entrances that, in plain language, discloses the collection, retention or sharing of biometric information.
  • It stipulates that it is unlawful to “sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.”
  • It establishes “an ‘aggrieved’ consumer’s private right of action,” meaning that “[a]ny person who is aggrieved by a violation by this chapter is entitled to commence an action to enforce its protections.”

There are key exclusions, however, as “governmental agencies, employers, or agents” are expressly excluded from compliance with any provision.

New York is not the only state to enact a law attempting to govern how organizations can use biometric information. Arkansas, California, Illinois, Texas and Washington have also set guidelines for businesses.

online pharmacy tenormin with best prices today in the USA

Indeed, the recent Risk Management Magazine article “Preparing for Biometric Litigation from COVID-19” addresses the imminent and critical questions businesses must answer when collecting and handling such data.

Sensitivities surrounding the confidentiality of biometric and other health information are not new in certain industries, such as healthcare. Further, even before COVID-19, risk professionals were already grappling with the risks associated with new biometric technologies and the data collected, especially with regard to facial recognition, wearables and even the rise in popularity of telehealth.

Now, with every organization on high alert about infectious diseases and how quickly they can interrupt business, health and safety have become top priorities for every risk professional in every sector.

online pharmacy xtandi with best prices today in the USA

As risk professionals look to new technology for help with these concerns, monitoring the emerging regulation and security risks around health and biometric technology will become increasingly critical in balancing benefit and risk to their organizations.
Online Pharmacy https://galenapharm.com/ no prescription
Data security will continue to remain a significant threat, but New York’s Biometric Information Law should serve as a reminder that what the organization does with that data can also have a lasting impact on the enterprise’s reputation and consumer trust.

For more information to help risk professionals manage new health technology and data, check out these articles from Risk Management Magazine:

8 Steps to Create Strong Disaster Management Plans

Posted on by

A core responsibility of any risk professional is planning for any possible disasters your business might face. These could be man-made, such as a data breach or accidents involving machinery, or natural, like a tornado or flood.

Disasters and crises affect different organizations in different ways—one company might consider something a catastrophe, while another may not even notice a change in its workflow. It is important to look at your own business operations and evaluate what you would consider a crisis. Generally, business crises fall into one of three categories:

  1. A danger to the physical safety of employees or customers
  2. Loss of income or means of making income
  3. Events or people negatively affecting your business reputation

In many cases, the crisis may fall into more than one of these categories. An accident in the workplace that is hazardous to employees can impact the company’s income because the factory has to shut down. This can also negatively affect the company’s reputation if it turns out that the company did not provide a safe working environment.

With even the best risk management programs, no organization can avoid all disasters completely. Risk mitigation often comes down to crafting the best plans possible for the moment disaster inevitably strikes. These eight steps can help risk professionals develop strong crisis and disaster response plans:

1. Define The Types of Crises You Could Face: There is not a one-size-fits-all approach to a crisis management plan. Working out what is likely to affect your business specifically can relate to your geography—areas that get hit by severe storms or earthquakes must include those potential disasters, and what knock-on effects they may cause. For example, storms may cause flooding, loss of power, or blocked roads that make it difficult to reach your premises. The type of crisis can also be specific to your industry. Employees in a manufacturing facility are likely at greater risk in a physical disaster than those working in a tax consultancy, for example. Security should also be a consideration. Is your business likely to get robbed of cash or equipment? Do you have high-profile proprietary information that makes you more likely to be the victims of cybercrime?

2. Triggering the Plan: Including levels of urgency in your plan will help people responding to the crisis pinpoint how significant the event is, and how much of the plan must be put into action. A step-by-step approach for specific scenarios can be helpful and cover dealing with man-made and natural disasters in different ways. The risk for each will be unique to the situation and knowing when and how to trigger a response is key. The plan should include how and when to escalate the response should the crisis worsen, as well as how to identify when the crisis has passed. It can be helpful to use red, yellow and green system to indicate severity and urgency, and this classification approach is easy to adapt to any scenario.

3. The Base of Operations Location: Accidents or natural disasters may cause your usual place of business to close temporarily or permanently. In your plan, designate a backup command center in an alternate location for dealing with the crisis until you can get back to work. This location can be your company’s operations hub, a point for gathering after a crisis, or where you know your sensitive and important data backs up. If a natural disaster has made travel dangerous or roads impossible to navigate, you will also need a virtual base of operations—some possibilities include message boards, chat apps or email. With so many employees working remotely because of COVID-19, this may be easier to implement now.

4. The Chain of Command: Ensuring a clear chain of command so that there is no arguing or confusion when people and the business are at risk. Wherever possible, appoint a back-up for each person in charge so if someone cannot perform their duty, it falls to the next in line.

5. Internal and External Communication: When a crisis compromises an office or business, communication can become tricky. Have a clear set of rules for how you get information to and from your employees, what information you must and must not share with those outside of the company, and how to achieve that. This part of your crisis management plan can save lives and stop rumors from spreading.

6. Necessary Resources: Though this will depend on the nature of the business, consider first aid and safety equipment if you are likely to have injuries or get cut off because of poor weather. Also, think about alternate communication methods if mobile phone towers go down or the electricity gets cut, as well as access to your sensitive data, such as employee contracts and supplier agreements.Include all necessary resources you would need to operate and highlight any alternate replacements. For example, if a storm knocks out your power, you may have a generator.

7. Training: It is no good putting a crisis management plan together and not giving the relevant people the training they need to execute it. For example, the people you name as first aid providers or unit leaders need to know what is expected of them and undergo the necessary training. If you have safety equipment on your premises, like fire extinguishers or emergency release valves for machinery, you need to educate all stakeholders how these work.

8. Testing the Plan: Finally, test that your plan actually works. Review it with staff and conduct safety drills regularly—every two months at least. Look for any weak points or flaws in the plan before an actual crisis.While it may not be possible to anticipate everything a disaster brings, you can set up several response plans and test each one individually. These plans can tie in with your standard safety drills, or stand alone, depending on the nature of the event anticipated.

A crisis management plan is integral to every business, no matter its size, scope, or sector. By preparing for various potential disasters, you can take action when needed without putting your organization, employees, or yourself at unnecessary risk.