Newsletter
advertisement
Orange County Chapter http://www.ocrims.org January 2015 Newsletter RIMS Orange County Chapter, 2913 El Camino Real #715, Tustin, CA 92782 President’s Message by Zareen Morrison Happy New Year! Here’s to a great start to a new year. Let me officially introduce myself—I’m Zareen Morrison and I’m proud to be serving my 7th term on the OCRIMS Board of Directors, this year as the President. I’m grateful for the opportunity and look forward to another successful year in 2015. I want to take this opportunity to welcome back some of our board members, who continue to volunteer their time, and to also welcome some new board members (see back page of this newsletter). Looking back at 2014, OCRIMS had a very successful year, which included receiving the RIMS Award for Best Newsletter (this is our second time in the last few years), raising almost $10,000 through our Annual Golf Tournament for Cal State Fullerton student scholarships, raising money and donating toys for Operation Santa Claus as part of our Annual Holiday Gala, helping the City of Garden Grove paint over graffiti-covered walls in support of its Project GO (Graffiti Off) effort, as well as co-hosting the Western Regional Conference. These are just a few things that have made OCRIMS such a successful chapter. I would also like to thank our 2014 Chapter President, Dan Reynolds, for coming out of retirement to volunteer his time throughout the year. We wish him a happy retirement and many exciting adventures. As we begin this new year of 2015, I want to thank you—our chapter members. You are what make our chapter such a success. With your feedback, the OCRIMS officers, board members, and committee chairs strive to meet the needs of the chapter in all aspects, including offering exciting monthly meetings, providing networking opportunities, and fostering volunteerism. We have numerous committees, including Golf, Community Outreach, Education and Membership, to name a few. These committees work throughout the year, and we can always use more member volunteers. In addition, we are always looking for speakers, especially risk managers. Your actions and dedication will, as in the past, help the chapter prosper. Thank you again for your continuing support of our chapter and let’s look forward to a great 2015 for OCRIMS! As always, please feel free to reach out to me or any of the Board members via our Chapter email, occhapterofrims@gmail.com. Sincerely yours, Zareen OCRIMS MONTHLY LUNCH MEETING - TUESDAY, FEBRUARY 10TH: COMMUNICATING IN A CRISIS Speaker: Joan Gladstone, President & CEO of Gladstone International See details on the next page Advancing Education, Communication and Professionalism in the Risk Management Community Tuesday, February 10, 2015 OCRIMS Monthly Lunch Meeting COMMUNICATING IN A CRISIS Speaker: Joan Gladstone, President & CEO of Gladstone International Time: 11:30 a.m. – Social Gathering/Reception Where: Orange Hill Restaurant, 6410 E. Chapman in Orange Cost: $25 for members, $35 for nonmembers with reservation by 4:00 p.m. on Thurs., Feb. 5th $45 for late reservations/walk-ins. (Walk-ins are not guaranteed a meal.) Noon – Lunch 12:40 p.m. – Program 1:30 p.m. – Adjourn Online registration is now available for Chapter events! Click the following link to go to the registration page, where you can enter your contact information and select the payment method (online or at the door). Want to go to the head of the line? Pay online, and bring your receipt. http://events.constantcontact.com/register/event?llr=kbpblmeab&oeidk=a07eaek62hm2f412e4a Note: OCRIMS will send a follow-up email regarding registration to addresses pulled from the RIMS Message Center database, and your contact preferences must be set to “Yes” in the database to receive the announcement via email. If you’ve received this newsletter by direct email, you probably have your contact preferences set to “Yes” in the database, but if you want to make sure, follow the simple steps outlined under “OCRIMS Database Management System,” as indicated on the next to last page of the newsletter. Contact Zareen Morrison at (714)246-5988 with any questions regarding the registration process. COMMUNICATING IN A CRISIS‐‐ When a crisis hits, is your organization prepared to quickly and effectively deal with the media spotlight? Are you prepared to harness YOUR media to ensure that your story is told fairly and accurately? Attend the February lunch meeting and you will know the answers to these questions. OCRIMS is really excited about the February program, presented by Joan Gladstone, president and CEO of Gladstone International. FEBRUARY MEETING SPEAKER BIO Joan Gladstone is a nationally recognized crisis-communications expert, executive media trainer and speaker. Her goal is to guide corporate, education, nonprofit and city leaders to communicate effectively during a crisis and emerge with reputations intact. Since founding Gladstone International in 1989, Joan has served diverse clients throughout the West. Her first crisis experience was to manage global media attention of the County of Orange bankruptcy in1994. Since then, she has developed crisis plans and provided crisis counseling related to workplace accidents, labor strikes, foreign-object-in-food crises, gas-pipeline ruptures, data breaches, toxic spills, high-profile lawsuits, political protests, regulatory agency investigations and more. Over the course of her career, Joan has taught more than 3,500 business, nonprofit and public sector leaders to successfully manage difficult media interviews. She is a noted speaker who has presented more than 500 workshops and keynotes to professional and trade associations. Joan has received many awards for public relations excellence and service to the Orange County community. In 2007, she received the Public Relations Society of America’s highest honor: induction into the College of Fellows. Acceptance to the College of Fellows is based on lifetime achievement and service to the profession. Fewer than 400 senior practitioners and educators worldwide have achieved this honor in 30 years. JANUARY LUNCH MEETING REVIEW-WORKERS’ COMPENSATION CASE LAW UPDATE: THE GOOD, BAD AND UGLY by Greg Wren OCRIMS kicked off 2015 in fine form, as more than 80 risk management professionals attended our January lunch meeting for the annual workers’ compensation update, this year entitled “The Good, Bad, and Ugly.” The audience was treated to updates of significant workers’ compensation case decisions from 2014. Thomas Bollinger and Scott Tilley from the Law Offices of Parker & Irwin provided the legal explanation for 12 decisions that impacted workers’ compensation claims in the areas of temporary disability, discovery, medical-legal, utilization review, litigation and liens. A number of the case decisions had favorable implications for employers and insurance companies, while others were decidedly less favorable. Michael Simmons from the Riverside Community College District provided the employer perspective, with insight into the impact these decisions will have on individual claim files and, where possible, recommendations to improve claims handling. Attendees were also provided the opportunity to win prizes by being the first to answer questions about Clint Eastwood. That’s not something you would come across at a typical update on workers’ compensation issues. Judging by the many questions that were asked about all matters pertaining to workers’ compensation, this was a timely topic. Another way to tell that this was a hot topic was the large turnout right after the holidays. Thanks to our speakers and all those who attended for your participation in this lively and interesting meeting. We hope to see many of the same faces, along with new ones, at the February 10th lunch meeting— Communicating in a Crisis—presented by Joan Gladstone, President & CEO of Gladstone International. This is sure to be another revealing session. CONGRESS OVERWHELMINGLY PASSES TRIA BILL by Caroline McDonald, reprinted from Risk Monitor the official blog of Risk Management Magazine After a last-minute failure by the Senate to pass the Terrorism Risk Insurance Act (TRIA) in December, the bill was overwhelmingly passed by the Senate on Jan. 8, with a vote of 93 to 4. The House of Representatives had voted 416 to 5 to pass TRIA in December. The bill now awaits President Obama’s signature. H.R. 26, which is the same as last year’s amended S. 2244, reauthorizes TRIA through the end of 2020. Under the six-year extension, starting in 2016, there will be phased-in increases to the program’s trigger, raising it from $100 million to $200 million in annual aggregate insured losses, and the insurer co-share will be raised from 15% to 20%. The bill also phases in an increase in the aggregate amount of insured terrorism losses that must be borne by the private sector from the current $27.5 billion to $37.5 billion. Taxpayer dollars to fund those losses would be recouped post-event. Several industries were quick to praise TRIA’s passage, as the Senate’s failure to reauthorize the Terrorism Risk Insurance Act in December left insurance buyers facing renewals on terrorism coverage with unanswered questions. The Commercial Real Estate Development Association (NAIOP) praised the bill’s passage, saying, “This is sound policy because it enables insurers and private sector capital to provide coverage for losses that otherwise would fall upon the taxpayer. This vital security blanket could help save billions of dollars that would otherwise be spent in the aftermath of a terrorist attack. Renewing TRIA for six years represents a major victory for the commercial real estate industry and the millions of jobs and economic growth it supports. Today’s vote gives developers the peace of mind to invest in an industry that contributed $376 billion to GDP last year, supported 2.8 million jobs, and produced $120 billion in personal earnings.” The Coalition to Insure Against Terrorism (CIAT) said in a statement, “CIAT members are pleased the Senate has acted quickly to approve TRIA reauthorization as one of the first orders of business in the new Congress. We commend Majority Leader McConnell and Minority Leader Reid for their leadership in seeing this critical legislation through to completion, and are encouraged by the strong bipartisan support for reauthorization in both chambers.” Marsh & McLennan said it “applauds the new Congress for its swift reauthorization of this critically important public-private partnership, which will help to ensure a reliable marketplace for terrorism coverage in the event of attack. We are pleased that TRIPRA directs the Treasury Department to review the protocols for certification which would help to protect the nation’s economic security in the event of a terrorist attack.” Leigh Ann Pusey, president and CEO of the American Insurance Association, said in a statement that the “terrorism risk insurance program will remain in place protecting our nation’s economy, policyholders and taxpayers. Congress’ timely reauthorization of TRIA will preserve a well-functioning private terrorism insurance marketplace.” She added, “As with previous TRIA reauthorizations, the primary responsibility for financial recovery is placed on the private sector in all but the most catastrophic of events. “Congress’ bipartisan action on TRIA this week will help ensure the continued availability of terrorism risk insurance, providing stability for the broad range of businesses of all sizes that depend on this essential coverage,” noted the National Association of Real Estate Investment Trusts (NAREIT). “We strongly urge President Obama to sign this legislation into law at the earliest opportunity.” ISO announced that it is filing revised terrorism forms in response to passage of the act. The revised forms will be for insurer use in most states shortly after President Obama signs the bill, known as the Terrorism Risk Insurance Program Reauthorization Act of 2015. NEWS FROM RIMS In our effort to keep the membership informed, we have elected to share the following article pulled from the RIMS website. RIMS APPLAUDS GOVERNMENT'S SWIFT ACTION TO REAUTHORIZE TRIA Six‐Year TRIA Extension Poised to Stabilize Global Insurance Market RIMS commends Congress and President Barack Obama for their immediate action in early 2015 to authorize a six-year extension of the Terrorism Risk Insurance Act (TRIA). RIMS’ leadership offered the following comments in reaction to TRIA’s reauthorization: RIMS 2015 President Rick Roberts--“After several years of delivering testimony, lobbying and developing initiatives that allow RIMS members to voice their concerns regarding TRIA’s expiration, our hard work was finally rewarded. We are thrilled that Congress and President Barack Obama finally realized that this Federal backstop is more than just an insurance issue. TRIA offers all organizations that do business in the U.S. financial protections to cope with the very real and unsettling devastation caused by terrorism, as well as the confidence to remain focused on their objectives.” RIMS Immediate Past President Carolyn Snow--“For about three weeks following the program’s expiration, brokers, underwriters and commercial insurance consumers were faced with the stark reality of the challenge to protect their businesses and clients from potentially catastrophic and unpredictable losses incurred by an act of terror. RIMS commends our leaders in Washington, D.C. for addressing this uncertainty immediately upon their 2015 return and authorizing a fair extension.” The Chair of RIMS External Affairs Committee Janice Ochenkowski-“While there are changes that differed from RIMS’ goals for TRIA, the Society believes that this new version adequately addresses many of the principles we have supported throughout the reauthorization process. RIMS External Affairs Committee looks forward to participating in the implementation of TRIA and subsequent discussions about terrorism insurance.” EMPLOYMENT OPPORTUNITIES RISK MANAGER—Realty Income, a San Diego-based real estate investment trust, is looking to hire a Risk Manger to work in the company’s legal department and interface with senior management regarding overall risk management needs, goals and objectives. The person who assumes this position will be responsible for identifying, analyzing, and evaluating loss exposures and recommending solutions; monitoring risk control and financial resources to mitigate the adverse effects of a loss; providing advice to relevant decision-makers throughout the Company on risk management matters; and managing work flows and coordinating inter-departmental training, communications and support for the risk management functions of the Company. ESSENTIAL FUNCTIONS: Leadership and Management – Coordinate workflow, identify issues, provide training and supervise all aspects of services with Risk Management. Policies & Procedures – Develop and maintain all policies and procedures, establish and perform all audit requirements and ensure compliance. Coordination of Insurance Brokerage Services – Identify, oversee and manage relationship with all insurance brokers, negotiate and review all quotes and policies, and monitor market changes. Claims Reporting – Oversee and coordinate all claims, work with in-house counsel as appropriate and participate in claim defense strategies and resolution. Oversee tracking of claim history. Litigation – Oversee all active litigation matters and any related claims, provide support to the legal department in monitoring active files. Certificate Tracking and Compliance – Manage and oversee relationship with third-party certificate tracking vendor, coordinate electronic filing of insurance certificates. Evidence of Coverage – Obtain and deliver certificates and evidences as necessary, oversee any vendor compliance issues. Reporting, Reconciling and Billing Reimbursable – Support Lease Administration in reporting, reconciliation, billing and collection. QUALIFICATIONS: Bachelor’s degree with proven academic success (JD a plus). Minimum of 6 years relevant commercial real estate risk management experience. Ability to work effectively with senior management, think conceptually, and interact with others using strong interpersonal, organization and communication skills. Ability to exercise creativity, innovation and resourcefulness to address issues and resolve problems while promoting effectiveness and efficiency. Ability to calculate figures and amounts such as interest, commissions, proportions, percentages and area. Ability to apply concepts of basic algebra and geometry. Ability to apply concepts such as fractions, percentages, ratios and proportions to practical situations. Ability to read, analyze and interpret a wide variety of routine-to-complex documents and agreements. Solidly adept and highly proficient at advanced document drafting and negotiating in specialty field of knowledge, including insurance-related contract provisions and policies of insurance. Anyone interested in the position should email a resume to hr@realtyincome.com. EMPLOYMENT OPPORTUNITIES (cont.) CLAIMS REPRESENTATIVE—Western National Group, a real estate firm specializing in multifamily housing, is looking to fill a Claims Representative position at its corporate office in Irvine. DUTIES AND ESSENTIAL JOB FUNCTIONS: Input and create claim files and follow standard claims-handling procedures. Generate reports and maintain claim notes and correspondence regarding claim-file activity and communications on the claims database. Monitor a variety of claim files (first- and third-party property, liability, and litigated claims) and maintain a daily running diary. Manage file inventory to ensure timely resolution of claims. Perform property inspections, including accessing and inspecting all areas of a dwelling or structure. Complete field inspection of losses, including accurate scope of damages and written estimates of damages. Analyze information gathered by investigation and report findings and recommendations. Investigate and evaluate all relevant facts to determine coverage, damages and liability of first- and third-party property, general liability and auto claims; and file claims as needed with carriers. Establish timely and accurate claim and expense reserves. Communicate with internal departments, claimants, attorneys and insurance companies over the telephone, in person, and in written correspondence. Make settlement recommendations and negotiate claims settlements to avoid litigation. Prepare demand/denial letters and draft offer letters and releases. Create statements of loss. Ensure signed releases are received prior to issuing settlement funds and create check requests and request settlement monies from Accounts Payables. Follow-up with insurance adjusters, provide information to expedite settlement or insurance recovery. Coordinate agreed scope/estimate of damages with independent insurance adjusters, vendors or contractors on large losses. Review incoming attorney letters and lawsuits and attend mediations as needed. Represent WNG entities at Small Claims court hearings. Provide excellent customer service to meet the needs of the insureds, third-party owners, and all other internal and external customers. REQUIRED KNOWLEDGE, SKILLS AND ABILITIES: Excellent written, verbal communication and oral presentation skills. Proficient in Microsoft Office Suite, excellent computer skills and typing ability. Aptitude to apply general knowledge of contract, property and/or insurance laws. Excellent customer service skills to empathize and deal professionally with claimants. Some construction knowledge. Some understanding of real estate management. High school graduate, with a two-year degree (four-year degree preferred). Must have at least five to seven years of claims experience. Western National Group offers competitive compensation and comprehensive benefits, including medical, dental, vision, life, flexible spending accounts, 401(k). PLEASE INCLUDE SALARY REQUIREMENTS WHEN SUBMIITTING YOUR RESUME FOR CONSIDERATION. For immediate consideration, please visit WNG’s website: http://www.wng.com, complete an online profile, attach your resume and apply for Claims Representative. OCRIMS NEWS & HAPPENINGS OCRIMS EDUCATIONAL SUPPORT ANNOUNCEMENT– ARM STUDY 54-55-56 AND ERM-57 FREE CLASSES OCRIMS is pleased to announce that we have entered into an agreement with ARMSTUDYgroup.com to provide professional training classes to Risk Managers and their staff who wish to attain the ARM professional exams and designation. Please see details in the attached flyer (next page). These ARMSTUDYgroup.com classes allow participants to have access to training for each current ARM textbook. Participants can access the materials 24/7. OCRIMS hopes this new FREE training tool will encourage busy risk management professionals to take the ARM examinations by eliminating the major expense of paying for classes. OCRIMS will be providing the following ‘seats’ using this online study tool: 25 seats- ARM-54 25 seats- ARM-55 25 seats- ARM-56 25 seats- ERM-57 Again, these classes are being provided at no cost to OCRIMS members currently paying membership dues. The classes will also be a new benefit of membership of OCRIMS. If you are a Risk Manager and you have risk management staff designated on your OCRIMS membership, you will be able to offer these classes to them. Though the classes are FREE, it must be emphasized that the OCRIMS member taking the classes must purchase the accompanying textbook at their own cost. OCRIMS is unable provide funding for this significant purchase. For further information please contact: Chris Taylor – Board member - (949)824-8772, christaylorocrims@gmail.com Michael Simmons – Board member - (951)222-8128, Michael.Simmons@rccd.edu BE SURE TO CHECK OUT THE NEW OCRIMS WEBSITE!! http://www.ocrims.org OC RIMS and the ARM Study Group The OC RIMS Chapter has partnered with the ARM Study Group to provide the Associate in Risk Management courses for our members. The goal of the ARM Study Group is to promote professional development among risk management and safety professionals and to remove the barriers that prevent people from obtaining their ARM designation. The most significant barriers are usually cost and finding a class that fits with your schedule. OC RIMS' sponsorship of the courses means course fees are waived for all active, dues paying members. All courses are offered on-demand, meaning you can access course materials 24/7 via a secure YouTube channel and/or download to your mobile device. ERM 57 is now part of course offerings! For those who already have their ARM, advanced risk management courses are now available. For more information visit www.armstudygroup.com. This offer is restricted to OC RIMS members actively paying dues to the association. OC RIMS members, please enter “OCRIMS” in the discount code field on the Registration Fee Waiver page in order to have your registration fees waived. ARM 54 Risk Management Principles and Practices ARM 55 Risk Assessment and Treatment ARM 56 Risk Financing Available On-Demand Available On-Demand Available On-Demand Introduction to Risk Management; Risk Management Standards and Guidelines Hazard Risk; Operation-al, Financial, and Strategic Risk; Risk Management Framework and Process Risk Identification Risk Analysis Risk Treatment Financial Statement Risk Analysis Capital Investment and Financial Risk Monitoring and Reporting on Risk Controlling Property, Personnel, Liability, and Net Income Loss Exposures Intellectual Property Loss Exposures Criminal Loss Exposures Disaster Recovery for Property Loss Exposures Understanding Claim Administration Fleet Operations Loss Exposures Environmental Loss Exposures Understanding System Safety Motivating and Monitoring Risk Control Activities. Understanding Risk Financing Insurance as a Risk Financing Technique Insurance Plan Design Reinsurance and Self-Insurance Retrospective Rating Plans Captive Insurance Plans Finite and Integrated Risk Insurance Plans Capital Market Risk Financing Plans Forecasting Accidental Losses Self-Insurance Plans Purchasing Insurance and Other Risk Financing Services and Risk Financing Needs For more information or to register for a course, visit www.armstudygroup.com. OCRIMS NEWS & HAPPENINGS OCRIMS 2015 CALENDAR On Saturday, January 17th, the OCRIMS officers and Board of Directors met to plan activities, events, and actions for 2015. In addition to setting dates for meetings and such, the officers and board members spent a lot of time considering issues and items that would help the chapter continue to thrive and serve the needs of the membership at large. Here is the calendar of activities approved during the planning meeting: Tuesday, February 10—lunch meeting (see details in this newsletter) Tuesday, March 10—lunch meeting Wednesday, April 15—evening meeting (5:00 p.m. start–possibly a roundtable) Tuesday, May 12—lunch meeting (joint meeting with OCASSE) Tuesday, June 9—lunch meeting Tuesday, July 14—evening meeting (5:00 p.m. start) Tuesday, August 11—lunch meeting (joint meeting with Orange Empire CPCU) Tuesday, September 15—lunch meeting Tuesday, October 13—evening meeting (5:00 p.m. start–possibly a roundtable) Tuesday, November 10—lunch meeting Tuesday, December 8—Holiday Gala GET INVOLVED WITH OCRIMS IN 2015 As mentioned above, the OCRIMS officers and Board of Directors recently met to set the course of the chapter for 2015. These dedicated individuals are making a commitment to make a difference for OCRIMS. However, they would love to have other members become actively involved in the chapter, either by serving on a committee or volunteering assistance in a general capacity. Quite a number of you reading this have been actively involved in the past, and it would be great if you returned to action in 2015. Also, becoming actively involved is an ideal way for newer members to reap the full rewards of membership. THE CHALLENGES OF THIRD-PARTY DATA PROTECTION by Angela R. Matney and Brian W. Fannin | reprinted from Risk Management Magazine During the late Renaissance, it was not uncommon for a merchant to bet his entire fortune on a galleon full of cargo traveling safely from India to Italy through a gauntlet of pirates, storms and other dangers of the sea. Today’s employers face a similarly perilous situation when they outsource employment functions as they depend on third-party vendors to collect, store and process employees’ sensitive personal data without running afoul of ever-changing data protection laws. Fortunately, companies can take certain steps to reduce the likelihood that vendors will fail to adequately safeguard their data and minimize their exposure in the event of a breach. By understanding the data they are obligated to protect and their security requirements, thoroughly vetting vendors, negotiating robust data privacy and security contracts, and monitoring vendor compliance, businesses can gain a measure of protection that was not available to the merchant once his cargo ship’s topsail disappeared over the horizon. Companies collect and use employee data to carry out many aspects of the employment relationship, including evaluating job applicants, processing payroll, administering retirement benefits and running voluntary wellness programs. With the proliferation of cloud-based services, employers are increasingly choosing to outsource such functions. Employers may assume that their vendors will take all necessary measures to protect employees’ personal information, but failure to adequately address data privacy and security issues when selecting and engaging vendors could result in significant expenses and reputational damage. According to a report released by the Ponemon Institute in May 2014, the average cost to a company for a single data breach is $3.5 million, and the average cost per compromised record is $145. Know your Data and Your Obligations Generally, data privacy laws afford special protection only to personally identifiable information (PII). Most statutes define PII (or a similar term) as data or information identifying or linked to an identifiable person. The problem is that, despite this basic similarity, laws differ in the types of data they actually protect. Some laws afford protection to specific kinds of information, such as health or financial data, while others are more flexible in their approach. Many data privacy laws also treat encrypted or secured data differently. Processing particularly sensitive PII, such as Social Security numbers, financial information and medical information, involves greater risk, so classifying the PII according to sensitivity can be beneficial. A company’s requirements for a vendor that will process highly sensitive PII might be more stringent than those for a provider responsible for less critical data. (article continues on next page) It is also crucial for businesses to understand whose PII they are obligated to protect. Employers’ obligations under data privacy laws do not just extend to current and former employees-the PII of job applicants, independent contractors and customers must also be protected. Instead of an overarching privacy regime, the United States operates under a sectoral approach to privacy, offering protection at the federal level to different types of PII from industry to industry. The Fair Credit Reporting Act regulates how employers perform background and criminal history checks on job applicants. U.S. employers that administer health plans are subject to HIPAA with respect to the health data of plan participants. And while Section 5 of the Federal Trade Commission (FTC) Act does not specifically address data privacy or security, it does prohibit unfair or deceptive business practices, and the FTC has brought enforcement actions under Section 5 against companies for failing to reasonably and appropriately protect sensitive PII. The FTC generally focuses on injury to consumers, but it has brought actions involving employee data in at least two cases. Some state laws address sensitive data such as credit and financial information, and provide more stringent protections than their federal counterparts. While there is no omnibus federal data breach notification law yet, 47 states and the District of Columbia have statutes on the books requiring businesses that collect PII to notify affected individuals, the state’s attorney general and the media if the data is compromised. Multinational companies face additional compliance challenges. Other jurisdictions operate under data privacy regimes that differ markedly from the U.S. sectoral system. In the European Union, for example, privacy is viewed as a fundamental human right, and employees have broad privacy expectations as a result. These differences can lead to logistical complications in cross-border data transfers. The EU-US Data Privacy Bridge Takes Shape In the midst of trans-Atlantic controversies about data protection, a group of privacy experts is attempting to iron out the differences between data protection standards in the United States and the European Union. Vetting Vendors Once a business understands the types of employee data that it is obligated to protect and its security needs, it must ensure that vendors that access PII are able to adequately protect it. Asking certain questions of vendors early in the process can help eliminate those that cannot or will not comply with the business’ specific requirements. It is also a good idea to determine which vendors currently have access to PII and assess their abilities to adequately protect that data, encouraging high-risk vendors to implement appropriate mitigation measures. There are a variety of elements to consider: SOC reports. Can the vendor provide a Service Organization Control (SOC) 2 or SOC 3 report? These reports, developed by the American Institute of Certified Public Accountants (AICPA) can provide information about controls related to security, availability, processing integrity, confidentiality and privacy that can be helpful when evaluated in conjunction with an internal risk assessment. (article continues on next page) Safeguards. Does the provider have administrative, technical and physical safeguards in place that are appropriate, given the sensitivity of the data it will access and the nature of the company’s business? If so, are the safeguards regularly tested, monitored and updated? Administrative safeguards include limiting PII access to specific employees, training employees on data privacy and security issues, and designating a compliance manager. Technical safeguards may include firewalls, passwords, segregation of client data to prevent unauthorized access by other clients of the vendor, and encryption of PII that is stored on portable devices. Physical safeguards include locks on filing cabinets and measures to prevent access to facilities where electronic PII is stored. They may also include appropriate environmental safeguards, as well as disaster recovery and business continuity plans. Policies. What are the vendor’s policies regarding data backup, retention, off-site storage and destruction? Does the vendor require that data on flash drives, laptops and cell phones be encrypted? Does the vendor have policies in place to minimize the risks of third-party cloud providers? In May 2014, for example, Lowe’s Home Improvement had to notify 35,000 current and former employees that certain sensitive data stored by its third-party cloud provider, including Social Security and driver’s license numbers, might have been compromised for a period of 10 months. Special issues. Is the vendor equipped to deal with special considerations arising from the types of data that will be processed or the location of the company’s employees? A flexible spending account administrator, for example, should have policies and procedures in place regarding access to protected health information. If the vendor is in the United States and will be processing European employee data, the vendor may need to have Safe Harbor certification to permit the cross-border transfer. And if the company has employees in California or Massachusetts, it will need to make sure that vendors can comply with the rigorous data privacy and security requirements for residents of those states. Subcontracting. Does the vendor plan to subcontract any of the work? If so, understand how the vendor will ensure that subcontractors observe company requirements with respect to PII. Also be clear on whether subcontracted work will be covered by insurance. Contractual Provisions Contract clauses addressing data privacy and security can be the subject of intense negotiation, with each party seeking to minimize its risk of exposure. Service agreements should be customized to reflect the sensitivity of the PII involved and the employer’s need for security, as well as the size, nature and resources of each party. It is critical to consider the following: Safeguards. The service contract should require the vendor to implement specific, reasonable administrative, technical and physical safeguards and regularly test and monitor their effectiveness. What constitutes “reasonable” will vary, depending on the size of the business and the nature of the PII. Mass. and Calif., for example, require vendors to agree to implement security safeguards when entering into service provider agreements. Such contractual provisions may also reduce the risk of exposure to an enforcement action under Section 5 of the FTC Act or similar state laws. Breach notification. Ideally, the vendor should notify its clients of any potential or suspected breach, not just after it is certain that PII has been compromised. A company will also want to retain control over how employees are informed. If the vendor simultaneously notifies employees and management of a possible breach, the organization will miss out on crucial opportunities to prepare employee communications and ascertain the company’s own responsibilities under applicable laws. (see next page) Remediation. It is also important to expressly provide that the vendor will reimburse the business for costs incurred in notifying affected individuals and mitigating damages, particularly when highly sensitive PII is involved. These costs may not be covered under standard indemnification provisions. Insurance. More commercial general liability policies exclude coverage for electronic data. Consider whether it is appropriate to contractually require vendors to maintain technology errors and omissions insurance and coverage for cyberrisks, including data security breaches. Oversight. Push for the right to conduct or oversee an audit of the provider’s facilities and practices, particularly if highly sensitive PII is involved. At a minimum, reserve the right to require the vendor to provide information addressing its security practices at specified intervals throughout the term of the agreement. High-risk vendors should be evaluated more frequently. Termination. The agreement should address what happens to PII after the business relationship ends. The vendor should return all of the company’s PII or, if appropriate, destroy it and certify the destruction. State-specific requirements. State laws and regulations, particularly in Massachusetts and California, impose additional requirements. Companies that own or license PII of residents of either state must take “reasonable steps” to select and retain third-party vendors capable of appropriately protecting PII, and contracts must require vendors to implement and maintain reasonable security measures. Massachusetts’ requirements include encrypting PII that is transmitted over public or wireless networks or stored on portable devices to the extent technically feasible. While California law does not require encryption, the California Breach Notification Law only applies when unencrypted PII is compromised. This incentivizes companies to encrypt PII of California residents (and, by extension, all PII they collect and store) and to require the same of third-party vendors. Monitoring Compliance Due diligence and contractual safeguards will mean nothing if a business fails to train its own contracting officers about what to look for in data privacy and security requirements and if the vendor does not train its employees in how to keep data safe. Exercise any audit or oversight rights granted by the contract. Establish procedures to verify the identity of third-party vendors that access all systems, possibly through the use of a third-party digital signature service. By knowing its rights as a corporate consumer and verifying that a vendor is able and willing to meet data processing requirements, a business can mitigate some of the risks inherent in outsourcing employment functions. Just as the seas have become safer for shipping cargo, one day there may be mechanisms to ensure that PII is not compromised. Until then, however, attention to training, compliance, and a written agreement that reflects the realities of a company’s rights and needs will better position it to navigate the requirements of privacy and data security under today’s evolving regulations. NEWS FROM RIMS In our effort to keep the membership informed, we have elected to share the following article pulled from the RIMS website. RIMS EXECUTIVE REPORT: MANAGING REPUTATIONAL RISK TO DRIVE STRATEGIC PERFORMANCE New Report Offers a Step‐By‐Step Approach for Successfully Managing Reputational Risks NEW YORK —Organizations that develop a framework for managing reputational risks are not only better positioned to anticipate and defend against threats, but can also gain a significant competitive advantage and unlock new and valuable opportunities – according to RIMS’ newly released Executive Report “Managing Reputational Risk to Drive Strategic Performance.” The report explores how risks that commonly contribute to reputational changes can be effectively managed to drive value through the use of a focused strategic risk management approach. The report walks risk professionals through a reputational risk situation, providing instruction on how to apply the components of the strategic risk management framework to protect and advance an organization’s reputation. “Reputational risks cannot sufficiently be handled solely by the control, compliance and transfer mechanisms of traditional risks,” said author Andrew Bent. “Managing our reputational risks using the same framework we use to manage other strategic risks enables risk professionals to better align our risk approach. Given the velocity and the potential impact of reputational damage, risk professionals have a tremendous opportunity to showcase the value they can add by developing a proven process for navigating these volatile situations.” Andrew Bent is a Senior Risk Advisor with Suncor Energy Inc. (NYSE/TSX: SU) and a member of RIMS Strategic Risk Management Development Council. Mr. Bent contributed to the companion RIMS Executive Report “Understanding Reputational Risk” that was published in 2013. RIMS Executive Report: Managing Reputational Risk to Drive Strategic Performance is available in RIMS Risk Knowledge library www.RIMS.org/RiskKnowledge. The report is free for both RIMS members and non-members. NEWS FROM RIMS In our effort to keep the membership informed, we have elected to share the following article pulled from the RIMS website. PRICING AND PERSONAL INTERACTION HAVE BIGGEST IMPACT ON SATISFACTION AMONG RISK PROFESSIONALS J.D. Power & RIMS Release Commercial Insurance Report Snapshot Large business commercial insurance customers (risk professionals) are significantly more satisfied when 11 key performance indicators (KPIs)—best practices that have the most influence on customer satisfaction—are met by brokers and insurers, according to the inaugural J.D. Power and RIMS 2014 Large Commercial Insurance Report recently released. This unprecedented report provides an independent and objective measure of overall satisfaction levels among large business insurance risk professionals in the United States and Canada. The full report, based on findings of the J.D. Power 2014 Large Business Commercial StudySM slated for release in February 2015, examines industry-level performance metrics among large business commercial insurers and brokers, and highlights best practices that are critical to satisfying large business insurance risk professionals. The 11 KPIs focus on three core areas: limiting customer-reported billing errors and renewal issues; understanding the customer’s business; and communicating effectively. The report measures risk professionals’ satisfaction with commercial property, workers’ compensation and auto insurance providers based on five factors: interaction; program offerings; price; billing and payment; and claims. Satisfaction with insurance brokers is also measured, based on four factors: ease of contacting; reasonableness of fees; advice and guidance in selecting program offerings; and timeliness of resolving contact. Overall satisfaction is highest for brokers (854). Satisfaction with property insurers is 821, followed by auto (811) and workers’ compensation (746). Billing and payment is the lowest-scoring factor in the auto and workers’ compensation indices, and is among the lowest-scoring in the property index. However, billing and payment satisfaction is significantly lower among workers’ compensation customers (725) than among property (808) and auto (793) customers. ACE, Arthur J. Gallagher & Co., FM Global and The Hartford perform particularly well among the large business commercial insurers and brokers profiled in the report. (write-up continues on next page) “Whether the results of the survey were surprising or expected, we hope that it encourages a meaningful dialogue and actionable performance initiatives,” said Mary Roth, RIMS executive director. “The primary objective is to foster improved customer satisfaction throughout the large commercial insurance industry.” Enterprise risk management (ERM) is becoming a more prevalent risk management function at many organizations, with nearly 40 percent of risk professionals indicating that ERM falls within their area of responsibility. Risk professionals who are not responsible for their organization’s ERM function generally are more satisfied with their insurers/broker than those risk professionals who hold ERM responsibilities. Overall satisfaction is lowest among risk professionals who are responsible for their organization’s enterprise risk management (541). “The report findings suggest that risk professionals who are responsible for ERM are underserved by insurers and brokers in this area,” said Timothy Bebout, commercial insurance practice leader at J.D. Power. “There is an opportunity for insurers and brokers to provide greater support and resources to customers in organizations that use ERM practices.” Key Findings Price is the leading factor driving satisfaction among auto customers. Interaction is the second-most impactful factor driving overall customer satisfaction with insurers across product lines, accounting for nearly one-fourth of the overall model used in each of the product line indices. Claims frequency influences overall customer satisfaction levels. As the frequency of claims increases, customer satisfaction decreases. Claims satisfaction is lowest among workers’ compensation customers, among whom 94 percent have filed at least one claim with their current primary commercial insurer in the past 12 months. Flexibility in designing and implementing insurance programs is a KPI for which there is relatively low compliance at 56 percent for property and 50 percent for workers’ compensation. Overall satisfaction erodes by 138 points and 316 points respectively when this KPI is not met. Ensuring that an insurance representative, such as an engineer or underwriter, is involved during both the service interaction and claims processes are two KPIs that drive satisfaction among property customers. Overall satisfaction erodes by 100 points when an insurer is not involved during a service interaction. Providing at least two in-person interactions is another critical performance metric for brokers. Eighty-one percent of customers indicate they have had at least two in-person interactions with their broker. Overall satisfaction declines by 73 points among customers who didn’t have at least two in-person interactions. The 2014 Large Commercial Insurance Report is based on responses from nearly 1,000 risk professionals or employees of an organization that provide oversight or are members of their organization’s risk management team. Organizations included in the report have at least $100 million in annual revenue or operating budget, and have purchased a commercial property, workers’ compensation or auto policy with a profiled insurer or broker. Have you heard about all of the NEW we have planned for RIMS '15 in New Orleans? In addition to 160 education sessions and some incredible keynotes, we've added more networking opportunities, a charity fun run, expanded on-site amenities, and a Tuesday breakfast panel event. You probably have money left in your 2014 budget, so go ahead and put it to good use—register for RIMS '15 in New Orleans! You'll hear from these captivating keynote speakers: Erik Wahl The Art of Vision and Author Simon T. Bailey Former Disney Executive, Motivational Coach, and Author Arianna Huffington President and Editor-in-Chief of Huffington Post Media Group and Author As a reminder, you must be registered for RIMS '15 before your hotel reservation can be confirmed. We have reserved select hotels for full-conference registrations and for RIMS members. Hotel reservations will be processed on a first received basis, and are confirmed based on hotel availability. OCRIMS NEWS & HAPPENINGS RIMS RISING RISK PROFESSIONAL AWARD Are you a rising risk professional or do you know an RRP who has demonstrated exceptional initiative, volunteerism, professional development, achievement, and leadership potential? Nominate yourself or recognize someone for RIMS' new Rising Risk Professional of the Year Award. Nomination Deadline: January 30, 2015 by 5:00pm (EST) The winner will be honored on stage at the 2015 RIMS Annual Conference & Exhibition. Nominations will be accepted until Friday, January 30th at 5:00pm EST. Click the link below to learn more: https://www.rims.org/aboutRIMS/Awards/Pages/RRP-of-the-Year-Award.aspx SPENCER EDUCATIONAL FOUNDATION SCHOLARSHIPS The Spencer Educational Foundation’s deadline for full-time student scholarships is January 31. The Foundation awards $5,000 scholarships to undergraduate students and $10,000 scholarships to graduate and pre-dissertation students. All scholarships are merit-based. The application portal can be accessed by clicking the link below: https://www.grantinterface.com/Common/LogOn.aspx?eqs=aBcdzT88cioJ-xPdG2Dr_h-6roXQ2aTR0&utm_source=Tier+2+-+Copy+of+December+2014+Newsletter&utm_campaign=December+2014+Newsletter&utm_medium=email RIMS has an extensive schedule of workshops, conferences and networking events to keep you on the forefront of emerging trends and strategies. Upcoming events! What Risk Professionals Need to Know for Setting Customer Satisfaction Expectations A Complimentary RIMS and J.D. Power Webcast February 11 | RIMS Applying Enterprise Risk Management Theory February 26-27 | New York Enterprise Risk Management July 13-15 | Winnipeg Florida RIMS Educational Conference July 28-August 1 | Naples Harnessing ERM to Tap Risk Appetite August 10-11 | Winnipeg Fundamentals of Insurance March 9-10 | Orlando Fundamentals of Insurance September 8-9 | Philadelphia Enterprise Risk Management March 23-25 | San Diego Contractual Risk Transfer September 10-11 | Philadelphia Applying Enterprise Risk Management Theory April 25-26 | New Orleans RIMS Canada Conference September 27-30 | Quebec Claims Management April 25-26 | New Orleans RIMS 2015 Annual Conference & Exhibition April 26-29 | New Orleans Enterprise Risk Management May 4-6 | Toronto Integrating Enterprise Risk Management and Strategic Planning May 21-22 | San Diego Enterprise Risk Management June 1-3 | Boston RIMS Legislative Summit June 8-9 | Washington, DC Enterprise Risk Management September 28-30 | New York Risk Assessment Methods October 1-2 | Quebec RIMS Western Regional Conference October 5-7 | South Lake Tahoe RIMS ERM Conference 2015 October 25-27 | Chicago Integrating Enterprise Risk Management and Strategic Planning October 28-29 | Chicago Enterprise Risk Management November 2-4 | Vancouver OCRIMS NEWS & HAPPENINGS HOW TO CHANGE YOUR RIMS PROFILE Need to update your RIMS profile? Here’s how: Log onto www.rims.org and scroll down at the Membership tab. In the category that says “My RIMS,” click on “My Contact Information.” On the information page, click “Edit.” At this point if you have not already logged into your RIMS account, it will ask you to login. Then update your information and click “Save.” OCRIMS NEWS & HAPPENINGS OCRIMS IS NOW ON LINKEDIN OCRIMS is providing multiple ways to stay informed on what’s happening and also stay connected with other risk management professionals. We’re now using LinkedIn to share information about the upcoming monthly meetings, community-outreach events, etc. Haven’t checked out LinkedIn yet? No worries … no need to be fearful. LinkedIn is a non-intimidating website for a professional to stay connected to other professionals and join discussions, groups, etc. as much or as little as you want. Here’s all you need to do to see what OCRIMS is up to: Go to your web browser (i.e., Internet Explorer, Mozilla Firefox, etc.) and type http://www.linkedin.com (or click on the link here). If you’ve already submitted your info: 1. Click on “Groups.” Type “Orange County Chapter of RIMS “in the “search” on the righthand side (by the blue magnifying glass). Click “enter” on your keyboard or click on the blue magnifying glass on the right of the search field. 2. When you get to the OCRIMS chapter page, click “Join Group.” You will receive a confirmation from the group administrator sometime later. If you haven’t already become a member: 1. Click on “Join Today” and enter your contact information (first name, last name, email, and then choose a password). 2. Follow instructions in #1-2 above. Need a little more one-on-one guidance or have a question? Send an email to occhapterofrims@gmail.com. FOLLOW OCRIMS ON TWITTER! Twitter is an online social networking and microblogging service that enables its users to send and read text-based posts of up to 140 characters, informally known as “tweets.” Twitter is a real-time information network that connects you to the latest information about what you find interesting. Users may subscribe to other users’ tweets – this is known as following, and subscribers are known as followers. Through Twitter, OCRIMS can connect to members and other followers in real time. We can use Twitter to quickly share information about educational programs, gather feedback, and build relationships with members, sponsors, etc. Our handle on Twitter is @OC_RIMS, and we’re looking for more followers! For more details and to become a follower of OCRIMS on Twitter, visit http://www.twitter.com. ICEHOTEL FACTS We had some downright cold days and nights not too long ago, which will be reflected in our heating bills. However, imagine what it would be like staying in ICEHOTEL. For those of you unfamiliar with ICEHOTEL, here are some facts: ICEHOTEL is the world’s first and largest hotel built of snow and ice. It is situated in Jukkasjärvi, a small village in Northern Sweden with 1,100 permanent residents. ICEHOTEL started with an idea to try offering winter experiences in a part of Sweden that was mostly associated with the Midnight Sun. Business visionary and entrepreneur Yngve Bergqvist is the founder of ICEHOTEL. The long, cold winters made Bergqvist look around for new ideas to use what was at hand in Jukkasjärvi – ice and snow. Bergqvist was inspired by Japanese ice sculpting, and with the help of two professional icesculptors from Japan as instructors, he invited artists to attend a workshop in Jukkasjärvi in 1989. The following winter saw the first ever ice structure – an especially designed igloo – built as an art gallery and named ARTic Hall. The following winters, ARTic Hall attracted considerable attention. It was used not only to display art, but also for church services and film showcases. Bergqvist and his associates also opened a bar inside the hall. The igloo’s building technique was refined and patented in Sweden and Norway. The first party of overnight guests to stay at ICEHOTEL was a specialist survival group of the Swedish Armed Forces. This was the beginning of what is now ICEHOTEL. ICEHOTEL is located on the bank of the Torne River, one of Sweden’s longest rivers. ICEHOTEL borrows several thousand tons of ice from the Torne River. As soon as the winter arrives and the ice forms a solid lid on the Torne, a section on the river is marked out. All winter this field is kept free from snow so that the ice can grow thick and clear. Ice from the Torne River is perfectly clear and completely free from air bubbles, cracks, and sediments. This results in premium quality ice that is an ideal material to use for sculpting and building. Clear ice has become the signature of ICEHOTEL. Each winter, some 50,000 visitors from all over the world visit ICEHOTEL. Approximately 100 people are involved in the construction of ICEHOTEL, half of which are artists invited to design particular areas of the hotel. The construction is a year-round process. Between March and April, 5,000 tons of ice is harvested from the Torne River and kept in cold storage during spring and summer. Construction takes place in November and December, then ICEHOTEL opens and remains in operation until mid-April. ICEHOTEL covers the same area each year, but is always different, owing to the work of visiting artists and designers from around the world. The Ice Church, located next to ICEHOTEL, opens every year on Christmas day. Couples from all over the world come to Jukkasjärvi to marry or renew their vows in the church. More than 100 weddings are held every year. ICEBAR by ICEHOTEL was first set up in 1994 and is the original ice bar. ICEBAR patrons can sip on a cocktail or have a glass of champagne – the glasses are made entirely out of ice. Like the rest of ICEHOTEL, ICEBAR takes on a new guise every year, designed by artists from all over the world. Learn more about ICEHOTEL: http://www.icehotel.com/ CONTACT PERSON FOR EMPLOYMENT OPPORTUNITIES Cristin McAllister is the contact person for employment opportunities. If you have information or questions regarding employment opportunities, contact Cristin at (949)381-4515. With sufficient notice, OCRIMS will print relevant job openings in the monthly newsletters. UPCOMING MEETINGS & EVENTS OCRIMS Calendar February 10, 2015 OCRIMS MONTHLY LUNCH MEETING Communicating in a Crisis Speaker: Joan Gladstone, President & CEO Gladstone International Location: Orange Hill Restaurant in Orange ARTICLES FOR THE NEWSLETTER Share your creative solutions, ideas, etc. with the risk management community by contributing an article to the OCRIMS newsletter. Articles need to be submitted to Zachary Gifford by the 10th of each month to be considered for publication. To submit an article, please contact Zach at zgifford@calstate.edu or (562)951-4568. Don’t be shy; we’d love to hear from you! GET INVOLVED WITH OCRIMS IN 2015! OCRIMS DATABASE MANAGEMENT SYSTEM OCRIMS maintains its contact database through the RIMS Message Center. To stay abreast of the happenings in the OC, make sure that you are registered through the RIMS Message Center, that your RIMS profile is up to date, and that you have selected your desired preferences. You do not even need to be a member of RIMS to take advantage of this great tool. Here’s the link: http://www1.rims.org/eweb/DynamicPage.aspx?webcode=verify. The Chapter affiliation is at the very bottom, so be sure to choose OCRIMS. Do you want to contact a member or friend of OCRIMS? The RIMS site allows messaging to those who are registered. Go to www.rims.org, select “Membership,” then “Member Connections” from the pull-down menu, then click the link at #4 under “Getting Started.” Or click this link: http://community.rims.org/RIMS/RIMS/Directory/FindaMember/Default.aspx. Remember that OCRIMS provides ideal opportunities for you to stay at the forefront of risk management, and networking is a key component, as is remaining informed on what’s happening in our industry—the Message Center allows you to do that. If you have any difficulty with the RIMS Message Center, please contact dianarich@earthlink.net. Risk and Insurance Management Society, Inc. - Orange County Chapter Officers Directors Committees (cont.) President Zareen Morrison Allergan, Inc. (714)246-5988 Cristin McAllister St. Joseph Health System (949)381-4515 Education Chris Taylor (see Secretary) Vice President Greg Wren St. Joseph Health System (949)381-4774 Treasurer Ron Gray, ARM, CRM AccentCare Inc. (949)400-2700 Secretary Chris Taylor UCI (949)824-8772 Past President & RIMS Delegate Bridgette Castillo, ARM Western National Group (949)862-6236 Michael Morgan Fluidmaster, Inc. (949)728-2414 Event Planning Caryn Rinaldini Law Offices of Parker & Irwin (714)541-6703 Mike Simmons Riverside Community College District (949)399-2180 Executive Sponsorship, Finance Ron Gray, ARM, CRM (see Treasurer) Tom Walsh Sully-Miller Contracting (714)578-9509 Lisa Wilson C.J. Segerstrom & Sons (714)438-3241 Committees Golf Mike Simmons (see “Directors” at left) Membership Tom Walsh (see “Directors” at left) Newsletter Vaughn Shelton Happy-2-Oblige Writing/Editing (949)748-8479 Bylaws Greg Wren (see Vice President) Zachary Gifford, AIC, ARM The CSU – Office of the Chancellor (562)951-4568 Chapter Recognition Zareen Morrison (see President) Greg Wren (see Vice President) Webmaster Vaughn Shelton (see “Newsletter” above) Community Outreach Cristin McAllister (see “Directors” above) DON’T FORGET FEBRUARY 10TH – OCRIMS MONTHLY LUNCH MEETING Risk & Insurance Management Society, Inc. 2913 El Camino Real #715 http://www.ocrims.org Tustin, CA 92782
