Author Archives: Josh Salter

About Josh Salter

Josh Salter, ARM is the senior communications manager at RIMS.

RIMS Report: The California Consumer Privacy Act of 2018

Posted on by

With legislation introduced in California this year to protect consumers’ personal data, a new RIMS professional report, Understanding the California Consumer Privacy Act of 2018 (CCPA) highlights the importance for risk professionals and their organizations to prepare and adjust business operations to remain compliant under the law.

Authored by RIMS External Affairs Committee member Teri Cotton Santos, the report addresses the rights provided to consumers under the CCPA, the obligations it creates for businesses, as well as practical steps companies should take to prepare for its implementation date.

The CCPA was signed into law in June and became the broadest U.

buy sildalis online www.arborvita.com/wp-content/uploads/2023/10/jpg/sildalis.html no prescription pharmacy

S. framework imposing consent and disclosure obligations on businesses that collect personal information on California consumers. Similar to the European Union’s General Data Protection Regulation (GDPR), the law applies to companies collecting personal information on California consumers whether or not the company is based in the state. The clock is ticking for companies to update their operations and processes, as the CCPA becomes effective on Jan. 1, 2020.

“How organizations use and collect personal information continues to be a top concern for regulators and many consumers,” Santos said. “Now is the time for risk professionals to have discussions with internal stakeholders about the implementation of the CCPA and its impact on their organization’s operations and strategy.

buy tobradex online www.arborvita.com/wp-content/uploads/2023/10/jpg/tobradex.html no prescription pharmacy

The report is currently available exclusively to RIMS members. To download the report, visit RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. For more information about the Society and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.

Eyes on the Road, Hands on the Wheel – Organizations Focused on Distracted Driving

Posted on by

It is probably not shocking to learn that distracted driving is fast becoming a huge problem.

buy strattera online www.mariettaderm.com/wp-content/uploads/2022/08/pdf/strattera.html no prescription pharmacy

The introduction of the smartphone, that clever device that allows you to text, email, speak with a friend and, ugh, take a video of yourself hopping out of your car and dancing while it’s in drive, is right at the center of the blame.

For parents, the thought of their newly licensed teenager taking the family sedan out – with their phone in hand – can be frightening.

buy clomid online www.mariettaderm.com/wp-content/uploads/2022/08/pdf/clomid.html no prescription pharmacy

And, it should be. According to the Children’s Hospital of Philadelphia distraction was a key factor in 58% of crashes involving drivers ages 16 to 19.

But, distracted driving is not something that only parents should worry about. “When it comes to preventing distracted driving, people often worry about their teenage drivers — but what about conversations happening at the office or while people are on the job?” said Jordan Solway, Group General Counsel and Vice President of Claim, Travelers Canada.

Travelers’ public policy arm, The Travelers’ Institute, recently commissioned a poll that highlighted the importance for businesses to identify the risks of distracted driving with their employees. The poll found that 37% of Canadian drivers answer or make communications while driving. Of these drivers, 14% cited “wanting to always be available for work.” as a key reason for their distractions behind the wheel.

But, always being connected can create risks. “When you’re involved in a conference call, you’re paying less attention to your surroundings,” Solway said. “Driving is a complex function that requires visual (eyes on the road), physical (hands on the wheel) and cognitive processing. Taking your eyes off the road for just two seconds actually doubles your chances of an accident.”

Countless organizations, public agencies, universities and other businesses employ the use of fleets, while other organizations rely on their employees to drive from location to location in their own vehicles as part of the course and scope of their responsibilities.

“In Ontario, similar to other provinces, it really does not matter if the vehicle is owned by the employee or the organization, if there is an accident caused by distracted driving and the driver was in the course and scope of his or her employment, the organization can be held liable,” Solway said. “This isn’t something just big businesses need to worry about.  In fact, the opposite. A distracted driving judgment against a smaller, neighborhood business has the potential to have significant financial consequences.”

The 2012  $21 million jury award against Coca-Cola for a distracted employee who was driving was a wakeup call to all organizations that:

1) companies can be held liable for their employees who operate vehicles while distracted,
and
2) organizations can even be considered negligent if they do not have a distracted driving policy or if their policy is inadequate.

There is a great opportunity for risk professionals to step in and develop policies procedures that address distracted drivers and mitigate the consequences of their actions to their organizations.

“Fundamentally, every business should have a [distracted driving] policy. There should be training on the policy. And, not only should the policy require compliance with the applicable law, but also, it should have clear direction on how and when mobile devices should be used in a vehicle,” Solway said.

Travelers Canada recommends four key steps to making a distracted driving policy more effective:

Training and continuing education are great but it shouldn’t stop there. “The organization has to enforce progressive disciplinary action against those violating the policy,” he said.

buy synthroid online www.mariettaderm.com/wp-content/uploads/2022/08/pdf/synthroid.html no prescription pharmacy

“They must be warned and dealt to further demonstrate that the organization is serious when it comes to distracted driving.”

Technology will be a key solution to combatting distracted driving. Most new vehicles are equipped with hands-free technology, cellular devices now feature a Do Not Disturb Function and some organizations have installed video recording devices in vehicle cockpits – all great options for promoting safer driving habits.

“In the not so distant future sensors, collision warnings, smarter-cars and autonomous vehicle operating systems could help keep drivers’ eyes on the road, hands on the wheel and minds focused on safe driving,” Solway said.

Cyber’s Human Side

Posted on by

People are often tired, distracted and overworked. They are bound to make mistakes, inadvertently overlook policies and procedures and have quick lapses in judgement—forgetting hours and hours of training.

Human error is a significant problem when it comes to managing cyber exposures. Most cyber surveys point to people as the root cause of a breach.

buy tretiva online medilaw.com/wp-content/uploads/2015/03/jpg/tretiva.html no prescription pharmacy

The Information Commissioner’s Office (ICO) compiles statistics about the main causes of reported data security incidents. In its first 2018 quarterly report, four of the five top causes reported to them involved human errors:

  1. Loss or theft of paperwork – 91 incidents
  2. Data posted or faxed to incorrect recipient – 90 incidents
  3. Data sent by email to incorrect recipient – 33 incidents
  4. Insecure web page (including hacking) – 21 incidents
  5. Loss or theft of unencrypted device – 28 incidents

James Bone, author of the “Cognitive Hack: The New Battleground in Cybersecurity…the Human Mind,” will lead a RIMS webinar Aug. 23 that explores the cognitive risk framework. Bone asks: are risk professionals considering the “human element” in their cyber risk management plan?

According to Bone, “The purpose of creating the cognitive risk framework is to begin to educate risk professionals about the need to incorporate the human element into their risk programs, to identify areas where human error or lapses can cause significant damage, and then design effective solutions.”

Bone points to the airline and automotive industries as examples where the value of human element risk management planning has already been realized. “Automation in cockpits, navigation systems, lane assistance technology and, even something as simple as the seatbelt demonstrate organizations’ and industries’ attention to human error risk mitigation.”

“All of us have a limit in our ability to work and focus at a very detailed level for long periods of time,” Bone said. “The ability to design a work environment that simplifies the work that people do will help reduce risk.

buy flomax online medilaw.com/wp-content/uploads/2015/03/jpg/flomax.html no prescription pharmacy

And, while human error is a piece of the cyber risk management puzzle, it isn’t the only human element cyber concern. Human routine, tendencies and employee processes are constantly monitored by cyber predators. “A sophisticated hacker can spend up to 18 months to two years setting their strategy to attack your organization,” he said. “They are studying the rhythm of the workflow and the movement of data across the firm. They gain a tremendous advantage by just sitting silently and watching.

buy renova online medilaw.com/wp-content/uploads/2015/03/jpg/renova.html no prescription pharmacy

Implementing a cognitive risk framework is no easy task. The key is data. “A lot of data is mislabeled, making it difficult for risk professionals to see the connection between an end result and the human behavior that caused it. In order to use data to its fullest, it needs to be properly categorized with descriptors that allow risk professionals to be able to leverage it,” Bone said.

Organizations with risk frameworks that fail to incorporate the human element are, in his opinion, acting on assumptions. “They are assuming people will be able to follow thousands of policies and procedures with perfect accuracy every time,” he explained. “We shouldn’t assume that people won’t be distracted at work and click on phishing emails. We shouldn’t assume that people will change their passwords as frequently as we want them to. We shouldn’t and can’t be afraid to incorporate new ideas and solutions to improve routines or, at least, make them more difficult to track.”

People are the common denominator. They are not perfect by any means, but incorporating a cognitive risk framework can be a valuable advantage that allows organizations to stay ahead of human element risks while identifying opportunities to improve processes and increase productivity.

The Data Analytics Adventure

Posted on by

Is your audience changing? Are your products still relevant and addressing customers’ needs? Are there opportunities for organization to predict—or least make an informed guess—about the future of the market or other trends? Answers to these difficult questions are often buried in the overwhelming amount of data organizations are already collecting and storing.

In this digital age, data analytics is a hot topic for businesses and their risk professionals. In fact, nearly half of the survey respondents (46%) from the RIMS MARSH Excellence in Risk Management XV survey agreed that to successfully become digital, using data and analytics to unlock value and make decisions faster was critical.

Where to begin?
Gathering, organizing and understanding data can be such a daunting task that many often choose to put it off for “another day.

buy minocin online orthosummit.com/wp-content/uploads/2023/10/jpg/minocin.html no prescription pharmacy

Paul Koziatek, Enterprise Risk Manager for Coca-Cola Beverages Florida, LLC and an upcoming presenter for the RIMS’ Aug. 2 webinar titled “Mother Lode—Driving Results from Your Data Analytics” offered strategies for risk professionals to get their hands dirty and embark on this data-crunching adventure.

Before getting started, risk professionals must realize that data analytics is an ongoing process, not a project. “One of the biggest misconceptions is that it is a one-off deal,” he said. “It’s the complete opposite. Data analytics is a living, breathing adventure. If you go in with a project-like mindset, you’ll be doomed from the start.”

A great advantage risk professionals have today is the software available to them. “There are a lot of risk professionals who are under the impression that data analytics software is expensive. That might have been the case several years ago, but now RMIS systems can be tailored to meet specific needs and purchased in pieces.”

Additionally, he notes that data analytics programs must constantly be reevaluated.  As information begins to trickle in, risk professionals might have to take a closer look at what they are requesting. “Risk professionals should examine and maintain the program frequently because the original variables used to obtain the data might not always produce the same outcomes.”

Engaging co-workers
A data analytics program requires information and clarification from various subject matter experts from a range of business units. To build these relationships, risk professionals need support from leadership to ensure others in the organization are committed to the process and aware of leadership’s expectations.

With that support, risk professionals can overcome a lack of urgency from others in the organization. “There is a potential to hear feedback such as ‘There is not enough time,’ or ‘We’ll get to that later.’ It is the risk professional’s job to help department leaders see that risk management can create value and is not just a cost-center,” Koziatek said. “Consider those experts as tools and resources. They are going to be the ones who pull the data and provide what it is you need.

buy cipro online orthosummit.com/wp-content/uploads/2023/10/jpg/cipro.html no prescription pharmacy

The ability to explain to those experts exactly what you need to get the job done is important. If that’s not accomplished, you can wind up with a bunch of usable or corrupt data.”

He added, “Sales, marketing and planning teams are a great place to start. In some organizations already have the tools, packages and software risk professionals need to analyze data.”

Quick Wins
Quick wins will be a bit different for every organization. Many data analytic adventures get started because of a legacy of bad workers’ compensation cases or a rash of claims against the organization. “For some, a quick win might be focusing the program on a hot, troublesome and expensive activity to quickly reduce the cost of the risk. Key to determining what might constitute a quick-win is understanding the business’s strategy. “Listen to the board of directors, to the CEO and CFO. Then tailor your analytics to that communication and help drive the company’s strategy,” Koziatek said.

Realizing the Value
Data analytics is like a treasure hunt.  With the right information, guidance and support, organizations and their risk professional can discover hidden potential, revenue streams, cost-saving measures and new opportunities.

More than figuring out where the weak points are for the organization, data analytics uncovers connections. “Data analytics is all about the correlation between different variables and outcomes.

buy cytotec online orthosummit.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

It offers great value by allowing risk professionals to identify those variables before it’s too late,” Koziatek said.

He points to workers compensation and employee-related injuries as an example of data analytics at its best. His organization found that the frequency of injuries and claims were highest among short-term employees (two years or less). Thus, the correlation between claims, length of employment and training were quickly realized. “Without data analytics it might take an organization much longer to really identify the root cause of the activity and, as time goes by, more money can be lost.”

Data analytics’ greatest value for the risk professional is its ability to justify and gain even more support for risk management initiatives. “There is nothing more important than having the data to back up my solutions, my ideas and my needs. That is what the board, senior executives and business leaders want to see. Without these analytics, their outcomes and the reports we produce as a result, it would be extremely difficult to ‘sell’ my ideas to leadership,” Koziatek concluded.