On October 9, 2018, NYS and NYC Governments enacted an anti-sexual-harassment law that carries pretty stringent requirements relating to employers’ anti-harassment policies and training. These labor laws have been revised and training requirements have been put in place by the Department of Labor in consultation with the Division of Human Rights. Originally, training was required by January 1, 2019 but, after some push back, the deadline was extended until October 9, 2019.
The construction industry is changing rapidly and more and more projects are relying on emerging technologies for management and completion. There are now major cyber related concerns regarding “smart” equipment such as cranes and drones and SAAS/IAAS systems used for project planning and management. ‘Connected’ systems utilized by third-parties (general contractors and subcontractors) to share and centralize sensitive data may also expose a project to cyber risks.
Liability claims related to improper removal of snow and ice are frequent, and in many cases, severe. Many of the claims originate from elderly people sustaining injuries from slips and falls from which they never fully recover. In other words … BIG CLAIMS!
Most companies today opt to distribute their employees’ W-2 tax forms electronically; either through email or some type of download service. Because these forms contain a good deal of Personally Identifiable Information (“PII”), such as name, address, social security number and salary information – cyber thieves are using several simple, yet, tried-and-true methods to fraudulently obtain them.
In our previous posts in this series, we introduced Enterprise Risk Management (ERM) as a “portfolio view” of risk and discussed various aspects of implementing ERM: roles, culture, a framework and preparing your organization. Now, we’ll begin looking at the “big picture” viewpoint of risk, starting with identifying and prioritizing risks. In the ERM process, management (1) determines acceptable levels of risk, (2) identifies and measures risks throughout the entire organization and aggregates the results, and (3) determines if the aggregated results exceed the acceptable levels. Risk Appetite and Risk Tolerance are the expressions of the “acceptable levels” of risk.
In our previous blog posts, we introduced Enterprise Risk Management (ERM) as a strategic discipline that affords a “portfolio view” of risk; outlined how to establish roles and context for ERM implementation; and how to establish a risk-aware culture and develop an ERM framework
Back in May 2016 I posted a blog (Be Prepared – Data Breach Notification Laws are Changing), which covered how data breach notification laws were evolving. At that time the state of Tennessee amended its law, becoming the first state in the nation to require notification of any data breach, whether the information is encrypted or not. I also predicted that state laws would most likely become stricter in the not too distant future…
Topics: Breach of Security, California Data Breach Notification Law; Data Brea, Cyber Breach, Cyber Liability, Cyber Risk, Cyber Security, Data Breach, Personally Identifiable Information, PII, Protection Bill AB2828, Risk management, Risk Management Blog
With the Presidential Election only days away, the question remains: Will the election be hacked? In this case, a cyber breach can lead to two major issues. The first is stolen data of registered voters; the second issue and perhaps the more frightening one – manipulation of the election results.