Are You All In?
Does the evidence show that your grocery products deliver a balance of nutritional health and affordable value? Do reports verify that your mining and mineral processing operations have improved safety and health conditions in the mines? Does over a century’s track record demonstrate that your organization’s safety, education, and training programs have successfully trained millions of people?
In other words, are you proud of your mission? Do you believe in what you do?
No matter your own line of business, you know why personally investing in your organization’s success makes a difference in the risk and insurance industry. Authenticity bolsters your credibility, while insincerity can undermine your reputation. Risk managers play a uniquely personal role in representing their organization’s risks to brokers and underwriters. Working closely with these partners will reveal you to be either genuine or artificial.
Cyber risk illustrates this theme. The complex web of data security, and privacy liability law and regulation drives organizations to manage cyber risk through an enterprise risk management (ERM) framework. In addition, enterprisewide dialogue about cyber risk management serves to highlight an organization’s own privacy philosophy. Safeguarding the personally identifiable information (PII) of our members and supporters demonstrates a commitment to privacy inherent to our mission as a membership association and civil rights advocate.
Such focus on security and privacy explains why we supported the American Civil Liberties Union with a friend of the court brief in their lawsuit over government surveillance through telephone metadata. The ACLU’s view is that certain mega-surveillance may strike at the core of Americans’ rights to privacy, free speech, and association.
Our brief in the ACLU matter argued that the government’s broad interpretation of its authority to collect information from private entities could effectively override legislative protections for privacy, such as provisions intended to block gun registration. Our lawyer, John Frazer of Virginia, also referred to potential abuse of data mining. Aggregating forms of data to perform inference analysis about individuals and portray their connections and networks could allow the easy identification of our members and other gun owners for unlawful purposes.
Respecting your own organization’s mission requires true understanding based on a risk manager’s independent professional judgments. To the skeptics who meet me through industry networking and continuing-education events, I can respond sincerely: If I did not believe in my association, I would not have invested such a significant portion of my career and life there.
Are YOU all in? If you are unable to answer that question as sincerely as we can, take the time to explore what motivates you when you wake up every morning.
Workers’ Comp Laws Regarding Illegal Immigrants See Little Change
With immigration grabbing headlines, some state legislators may decide to once again push bills to disqualify illegal immigrant workers injured on the job from receiving workers’ compensation benefits.
“Is it plausible that elected officials who feel strongly about the immigration issue might use the current instability to make a political point?” asked Bruce Wood, workers’ comp director for the American Insurance Association (AIA). “You can connect the dots. But from me sitting here today it would be speculation to say that is going to happen.”
The immigration issue surged to the forefront recently with news stories of tens of thousands of Central American children flooding the U.S. border in recent months, an angry reaction by residents in one California town who blocked Homeland Security buses carrying illegal immigrants, and a political stalemate in Washington D.C. over immigration law reforms sought by business groups.
“There was definitely that wave [of legislation] four or five years ago and it has been pretty quiet on that front the last two or three [legislative] session cycles, but given the current news and political climate we are potentially expecting to see bills in 2015.” — Trey Gillespie, senior workers’ comp director for the Property Casualty Insurers Association of America
But with a history of businesses opposition to legislation denying workers’ comp benefits to illegal immigrant workers, any new bills could meet the same fate as those introduced in 2011 in Georgia, Montana, New Hampshire, and South Carolina.
Those legislative efforts failed to pass into law amid insurer opposition and concerns they would harm employers, including by allowing claimants to seek redress in civil courts rather than through workers’ comp systems where employer liability is limited.
“There was definitely that wave [of legislation] four or five years ago,” said Trey Gillespie, senior workers’ comp director for the Property Casualty Insurers Association of America (PCIAA), “and it has been pretty quiet on that front the last two or three [legislative] session cycles, but given the current news and political climate we are potentially expecting to see bills in 2015.”
That lull doesn’t apply to all state legislation regarding immigration-related issues, which rebounded in 2013 after falling off the prior year, according to the National Conference of State Legislators.
Lawmakers in 45 states and the District of Columbia enacted 437 immigration-related laws and resolutions during 2013, affecting issues such as education, drivers’ licenses, and budget appropriations, according to NCSI. That compared to 267 in 2012, and included resolutions praising immigrant contributions.
AIA’s Wood recalled a 1999 Virginia’s Supreme Court finding that illegal immigrants in that state could not receive workers’ comp benefits when injured.
“The employer community took a victory lap after that and then AIA and others reminded them that this opened them up to tort exposure because there was nothing precluding an undocumented worker from filing a tort suit,” Wood said.
That new exposure pushed Virginia employers to support the successful adoption of a law requiring workers’ comp benefits, with the exception of vocational rehabilitation benefits, to be paid to undocumented workers.
Overall, despite legislative attempts over the years to prevent providing workers’ comp benefits to illegal immigrants, state laws on the matter have remained unchanged, Wood said.
“Notwithstanding all of the bills introduced there haven’t been a whole lot that actually got through and were signed into law,” he said.
But that has not stopped attempts, even recently.
In North Carolina, Sen. Thom Goolsby (R-Wilmington) amended House Bill 369 in late June to disallow workers’ comp benefits being paid to workers “not lawfully employable in the United States and [those who] knowingly made a false representation to the employer as to his or her legal work status.”
But on July 8, the bill was removed from the state Senate’s calendar and referred to a Senate Rules and Operations Committee, meaning it had stalled.
Insurers oppose such legislation because in addition to stripping employers of worker’s comp exclusive remedy protections, there is a public policy concern. Such laws could incentivize certain employers to hire illegal workers and ignore safety practices because they would not be obligated to purchase workers’ comp insurance.
Those employers would gain an unfair advantage over other employers paying workers’ comp premiums.
“There is a concern,” said PCIAA’s Gillespie, “as to whether you are rewarding employers for knowingly hiring illegal aliens at the expense of employers who do their best to follow immigration and employment laws and pay benefits to their injured workers, as opposed to other employers who may get a benefit from hiring illegal aliens because they wouldn’t have to pay workers’ compensation claims arising out of injuries.”
5 & 5: Rewards and Risks of Cloud Computing
Cloud computing lowers costs, increases capacity and provides security that companies would be hard-pressed to deliver on their own. Utilizing the cloud allows companies to “rent” hardware and software as a service and store data on a series of servers with unlimited availability and space. But the risks loom large, such as unforgiving contracts, hidden fees and sophisticated criminal attacks.
ACE’s recently published whitepaper, “Cloud Computing: Is Your Company Weighing Both Benefits and Risks?”, focuses on educating risk managers about the risks and rewards of this ever-evolving technology. Key issues raised in the paper include:
5 benefits of cloud computing
1. Lower infrastructure costs
The days of investing in standalone servers are over. For far less investment, a company can store data in the cloud with much greater capacity. Cloud technology reduces or eliminates management costs associated with IT personnel, data storage and real estate. Cloud providers can also absorb the expenses of software upgrades, hardware upgrades and the replacement of obsolete network and security devices.
2. Capacity when you need it … not when you don’t
Cloud computing enables businesses to ramp up their capacity during peak times, then ramp back down during the year, rather than wastefully buying capacity they don’t need. Take the retail sector, for example. During the holiday season, online traffic increases substantially as consumers shop for gifts. Now, companies in the retail sector can pay for the capacity they need only when they need it.
3. Security and speed increase
Cloud providers invest big dollars in securing data with the latest technology — striving for cutting-edge speed and security. In fact, they provide redundancy data that’s replicated and encrypted so it can be delivered quickly and securely. Companies that utilize the cloud would find it difficult to get such results on their own.
4. Anything, anytime, anywhere
With cloud technology, companies can access data from anywhere, at any time. Take Dropbox for example. Its popularity has grown because people want to share large files that exceed the capacity of their email inboxes. Now it’s expanded the way we share data. As time goes on, other cloud companies will surely be looking to improve upon that technology.
5. Regulatory compliance comes more easily
The data security and technology that regulators require typically come standard from cloud providers. They routinely test their networks and systems. They provide data backups and power redundancy. Some even overtly assist customers with regulatory compliance such as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS).
1. Cloud contracts are unforgiving
Typically, risk managers and legal departments create contracts that mitigate losses caused by service providers. But cloud providers decline such stringent contracts, saying they hinder their ability to keep prices down. Instead, cloud contracts don’t include traditional indemnification or limitations of liability, particularly pertaining to privacy and data security. If a cloud provider suffers a data breach of customer information or sustains a network outage, risk managers are less likely to have the same contractual protection they are accustomed to seeing from traditional service providers.
2. Control is lost
In the cloud, companies are often forced to give up control of data and network availability. This can make staying compliant with regulations a challenge. For example cloud providers use data warehouses located in multiple jurisdictions, often transferring data across servers globally. While a company would be compliant in one location, it could be non-compliant when that data is transferred to a different location — and worst of all, the company may have no idea that it even happened.
3. High-level security threats loom
Higher levels of security attract sophisticated hackers. While a data thief may not be interested in your company’s information by itself, a large collection of data is a prime target. Advanced Persistent Threat (APT) attacks by highly skilled criminals continue to increase — putting your data at increased risk.
4. Hidden costs can hurt
Nobody can dispute the up-front cost savings provided by the cloud. But moving from one cloud to another can be expensive. Plus, one cloud is often not enough because of congestion and outages. More cloud providers equals more cost. Also, regulatory compliance again becomes a challenge since you can never outsource the risk to a third party. That leaves the burden of conducting vendor due diligence in a company’s hands.
5. Data security is actually your responsibility
Yes, security in the cloud is often more sophisticated than what a company can provide on its own. However, many organizations fail to realize that it’s their responsibility to secure their data before sending it to the cloud. In fact, cloud providers often won’t ensure the security of the data in their clouds and, legally, most jurisdictions hold the data owner accountable for security.
Risk managers can’t just take cloud computing at face value. Yes, it’s a great alternative for cost, speed and security, but hidden fees and unexpected threats can make utilization much riskier than anticipated.
Managing the risks requires a deeper understanding of the technology, careful due diligence and constant vigilance — and ACE can help guide an organization through the process.
To learn more about how to manage cloud risks, read the ACE whitepaper: Cloud Computing: Is Your Company Weighing Both Benefits and Risks?