GDPR: How Will the New EU Data Protection Regulation Affect Your Business?

Posted by Brad Hering, Cyber Liability Practice on April 2, 2018 at 10:00 AM
GDPR: How Will the New EU Data Protection Regulation Affect Your Business?

With the enforcement date looming, now is the time for organizations to determine whether the EU’s new General Data Protection Regulation (GDPR) applies to their business, and to sort out steps to take in preparation of the law’s enforcement.  First thing’s first – do you need to worry about GDPR? Answer these questions to find out.

Here are a few fast facts about GDPR:

What is GDPR and when is it effective?

General Data Protection Regulation (GDPR) is the EU’s new regulation designed to govern the collection, storage, and usage of private information.  The regulation was created in 2016 and has an enforcement effective date of May 25, 2018.

What is the regulation’s intent?

In short, the regulation is intended to provide citizens of the EU with more control around their personal information. The law aims to unify privacy laws in the EU and sets strict standards for the collection and storage of private information, with unprecedented requirements surrounding consent, inventory accounting, demonstration of compliance, and notification of potential data breaches.  While governed by the EU, GDPR will apply to any organization that collects or processes data of EU citizens, regardless of where the business is located.

What are the ramifications of non-compliance?

Non-compliance could have crippling consequences. Penalties for non-compliant companies that experience breaches could be up to 20 million euros (about $24,000,000 USD), or 4% of the company’s global revenue – whichever of the two is larger.

Read More

Topics: Breaking News, Property + Casualty, Cyber & Data Security, Technology

5 Ways to Get More From Your HR Technology Investment

Posted by Sam Brasch, Principal on March 5, 2018 at 10:00 AM
5 Ways to Get More From Your HR Technology Investment

This article was orginally published in San Francisco Business Times.

Read More

Topics: Employee Benefits, Human Resources, Technology

Digital Health: Trends and New Legislation

Digital Health: Trends and New Legislation

After a record-breaking year of funding in 2017, 2018 is off to a promising start for digital health companies due to a flurry of changes in the healthcare industry. The biggest question for digital health companies: how will these changes impact your business?

Read More

Topics: Property + Casualty, Technology, Market Trends

Bring-Your-Own-Device to Work: Keep the Productivity, Lose the Headache

Posted by Christine Schindewolf, Client Executive on March 13, 2017 at 2:00 PM
Bring-Your-Own-Device to Work: Keep the Productivity, Lose the Headache

It’s hard to believe that not long ago we may have stopped at a gas station for a map or flipped through a Rolodex for a client’s phone number.  Smartphones and other mobile devices like tablets are a part of life.  We do everything from making reservations for a business lunch to sharing our grand opening event on our company Facebook page.  The benefits of having technology at our fingertips at all times are indispensable to our success today. Employers and employees alike rely on smartphones and tablets. Bring-your-own-device (BYOD) is a common and often necessary business practice. But, like any technology used in business, employees’ use of personal mobile devices comes with its own risks. Statutes and laws differ from state to state, but in a nutshell, once an employee uses a personal device to perform work duties, employers may be held accountable for any laws broken through that use.  

While you can’t control everything an employee does on their personal device, there are specific steps you can take to manage your company’s risk.

What poses a significant BYOD risk for a company? The answer is social media and lost devices.

Read More

Topics: Property + Casualty, Technology

Phishing Hackers Targeting W-2s This Tax Season

Phishing Hackers Targeting W-2s This Tax Season

Last year, the IRS estimated income tax fraud would cost taxpayers roughly $21 billion[1]. The upcoming tax season is expected to bring more losses from phishing scams due to the amount of personal information (W-2s, tax returns, social security numbers, etc.) circulating during tax season and the increased sophistication of the attacks.

Hackers use phishing emails to convince employees (typically in the Human Resources or Finance departments) to send over personal information about employees, often by email. These types of emails are deceiving, with many disguised to look like they are coming from company executives, such as the CEO. Once received by the hacker, this personal information allows them to file a tax return, cash in on someone’s tax refund or steal their identity.  The process is quick as hackers have machines set up to take advantage of this information almost as soon as they receive it.

Common Phishing Emails

The IRS reported that the following are some common phishing emails to look out for:[2]

Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

Taming the Tech Beast: Introducing Marsh & McLennan Agency's Tech Advisor Service for Human Resources Professionals

Posted by Shawn Pynes, Principal, Director of Employee Benefits Division on April 25, 2016 at 10:00 AM
Taming the Tech Beast: Introducing Marsh & McLennan Agency's Tech Advisor Service for Human Resources Professionals

The Affordable Care Act has imposed many new healthcare requirements impacting the already complex world of benefits administration and overloading human resources professionals even further. Employers have responded in a variety of ways, including implementing new technologies to manage the additional workload.

Read More

Topics: Employee Benefits, Technology

Employee Benefits: How High-Growth Tech Companies Can Compete

Posted by Adam Moise, Principal on December 7, 2015 at 10:00 AM
Employee Benefits: How High-Growth Tech Companies Can Compete

Small and midsized tech companies face many challenges, but none may be as difficult as attracting and retaining talent. The task is especially difficult given what these high-growth companies are up against in Silicon Valley. Consider the following: 

  • Google offers one-on-one consultations to new parents to help them find child care facilities
  • Intuit has onsite fitness centers for employees and offers $650 for gym memberships and exercise class fees
  • Netflix now offers a year of paid maternity and paternity leave for salaried employees
  • Twitter employees receive Zipcar discounts, access to in-office yoga and Pilates classes, and dry cleaning and laundry services

In addition to competing against cash-rich tech companies, smaller firms are grappling with increasing healthcare costs and are stuck in a new pricing system that doesn’t allow for effective rate negotiation. According to a survey by Mercer, a Marsh & McLennan Agency (MMA) sister company, employers predict that health benefit cost per employee will rise by 4.2% on average in 2016 after they make benefit plan changes, such as raising deductibles or switching carriers. This is consistent with actual cost growth in 2014 (3.9%) and the expected cost growth for 2015.

Band Together

So how does a promising tech company bring in the talent it needs when the tech giants are grabbing up the skilled employees with higher salaries, generous 401(k) plans, and impressive healthcare benefits?

One way small and midsized technology companies can compete is to take advantage of a small business trust.  A relatively new way to lower employee benefit costs, tech companies are pooling their collective buying power to compete with the giants on robust healthcare benefits.

Read More

Topics: Employee Benefits, Human Resources, Technology

Why You Need An Employee Benefits App

Posted by Madalyn Altschuler, Regional Manager, Client Programs on April 27, 2015 at 10:00 AM
Why You Need An Employee Benefits App

How much would your employees appreciate a cool new, employee benefits app?

Consider the following:

  • Over 70% of the U.S. population owns a smartphone¹
  • Mobile users check those smartphones 40 to 100 times each day¹
  • Four out of five smartphone users wake up and look at their phone within 15 minutes¹

Benefits for All

Today, an easy-to-use benefits app, fully branded with your corporate identity, is one of the best ways for employees to understand their benefit options and for employers to communicate their benefits programs.

Click here to learn more about MMA's new, upgraded iBenefits app.

For employers, a benefits app reduces costs, streamlines benefits communication and creates buy-in from employees, who are much more likely to turn to their smartphone for information than anyplace else.

A well-designed, fully-featured app can save your Human Resources team time and also further shift resources to mobile delivery from traditional paper-based employee communications.

A Digital Swiss-Army Knife

An app can store an organization’s entire benefits guide, as well as plan summaries for each benefit offered. For communicating throughout the year, an app can send “push notifications” to employees highlighting important plan changes or other relevant benefits program information. An FAQ residing in the app can also ease the workload on your HR team and minimize inquiries to a call center by making information readily available.

Read More

Topics: Employee Benefits, Human Resources, Technology

Cyber Data Breach: Debunking Common Misconceptions

Posted by Mike Grant, Director, Technology Practice on February 2, 2015 at 10:00 AM
Cyber Data Breach:  Debunking Common Misconceptions

Due to recent data breaches at big name companies, awareness is high when it comes to cyber threats. Yet, misconceptions abound regarding a company’s liability and how insurance mitigates the cost of a breach.

Misconception #1: “Our company outsources critical processes to cloud providers, credit card processors and other specialty vendors. If a breach occurs, they are liable, not us."

The reality: Forty seven states (and many foreign countries) have their own privacy laws that identify the responsible party in the event of a breach.  Even with many different privacy laws, there is consensus when it comes to identifying the victim and responsible party and your company might not be off the hook the way you would imagine.  

For example, in the case of the Target breach, the crime originated with a HVAC vendor that did business with Target.  While hacking into the vendor’s computers, cyber criminals found a password that allowed them to access the Target IT system.  Once in Target’s system, the hackers dropped in malware that grabbed credit card numbers during transactions made at the store.  This data was then sent outside of Target’s system where the hackers could sell the credit card numbers on the black market.

To uncover the responsible party in this case, ask:  Whose customers’ data was stolen? Who was originally entrusted with that data? 

Although there were plenty of parties involved, Target is ultimately accountable because the victims of the attack are Target customers.  Target is responsible for notifying their patrons of the breach and monitoring their credit.  Throw in the high costs of the forensic investigation, legal services, crisis communication and damage to the brand and the potential loss grows.

While it’s possible for Target to recover some of these costs from the other vendors in the chain, it is dependent on the terms of the signed contract and the financial capability of that vendor to indemnify them. 

Make sure to check out our blog on the common misconception that a company’s current insurance program will help them recover from a data breach. To make sure your organization is prepared for a data breach, stream our seminar, on how to avoid a data breach nightmare and download the MMA 2014 Cyber & Data Security Risk Survey Report.  

Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

Cyber Awakening: 2014 Data & Cyber Risk Report Findings

Posted by Mike Grant, Director, Technology Practice on January 12, 2015 at 11:07 AM
Cyber Awakening: 2014 Data & Cyber Risk Report Findings

It’s no secret that cyber security is a major business concern. After all, every few weeks another massive breach makes front page news. While awareness is high, the real impact to middle market firms gets lost in the big name headlines. In order to identify business practices and trends among emerging and private organizations, Marsh & McLennan Agency LLC recently surveyed its nationwide client base on this crucial topic.

Here are some of the key takeaways from the nearly 600 responses:

  • 80% of respondents said their business activities include at least five of the following key cyber risk factors:

-  Processing credit card transactions
-  Holding past or present employee records
-  Processing/accessing banking information
-  Using computers connected to the Internet
-  Hosting websites that collect personal or confidential information
-  Holding client, customer or supplier information
-  Using the Cloud
-  Holding information subject to HIPAA
-  Linking employee laptops/PDAs to the employer's network

  • Most respondents indicated that they outsource many of these business activities that expose them to cyber risk.  Nearly 40% of the respondents have no process to ensure their protection in the event the vendor’s data is breached.  Among those companies that have a procedure, most have processes that are inadequate.
  • Nearly 61% of respondents had little understanding of how their insurance policies would respond to a cyber loss. Of that group, 83% had little to no understanding of cyber insurance policies.
  • 60% of respondents do not have a corporate disaster recovery plan in place.
Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

Subscribe to Email Updates

Top Posts

Follow Us