business issues 2009rev2

Business Issues 2009:Data Breach

Victoria Wors

BBA and MS in Human Resources Management

Certified Birkman Method® Consultant

Human Resources Generalist Professional with numerous years in various industries and working with different levels of the organization as well as different cultures

Currently consultant to small and mid-sized businesses to improve productivity and efficiencies through better communications within teams and between specific individuals

Continuing Education Business Course Instructor for St. Louis Community College

Retained Human Resources Consultant to Premier Employee Services, (a St. Louis based PEO)

Agenda

Business Issues Overview Employment Legislation Benefits Legislation

Data Breaches Risk of Data Breaches Identity Theft / Fraud Regulatory

Cost to Business

What is Required

Business Issues

Employment Legislation

EFCA (Employee Free Choice Act)

The “New” National Labor Relations Board (NLRB)

SHRM Legislative Activity Report Week of September 17

EFCA LegislationSenator Arlen Specter said that the legislation

would contain Three planks unions want:

– faster turnaround for elections to certify unions

– Increased penalties for companies that violate organizing rules

– binding arbitration for contracts once a labor union is certified

Does not include the controversial “card check” provision


The “New” NLRB to reverse more than 50 Bush board decisions affecting:Equitable PayBack Pay IssuesDefinition of SupervisorDefinition of threats, intimidation and

coercion by employer“Salting”, refusal to hireUse of company e-mail for union

organizing purposes

And more…..

Business Issues

Benefits Legislation

Healthcare Reform Costs

Pension Plans 401(k) Advisors


Health Care Costs U.S. Employer Actions If Health Care Reform

Increases Employer Costs(% responding very likely or likely)

Reduce benefits 87%

Increase prices for customers 38%

Reduce employment 30%

Reduce salaries/direct compensation 27%

Accept reduced profits 11%

Other 6%

Source: Towers Perrin’s Health Care Reform Pulse Survey, September 2009.


Employee Benefits Security (EBSA)

The U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) will make enforcement a priority in fiscal year 2010 and will address 401(k) fee disclosure investment advice regulations issues regarding target-date funds

used as qualified deferred investment accounts (QDIA’s)

Business Issues

Data Breach…Loss of Information

External Access..”Hackers” Internal Access…Employee(s)Old Documents…Inappropriately

Stored Improper DisposalLost Laptops and PDA’sMemory Chips…Copier/Fax/Printers

Risk of Data Breach

Risk Perspectives of Data Breach / Identity Theft

Event Chance this Year Car stolen 1 in 100 House Catch Fire 1 in 200 Die from heart disease 1 in 280 Die in car wreck 1 in 6,000 Identity Theft 1 in 8 or 1 in 6 depending on

where you live Data Breach will depend on 3 in 10 or 7 in 10

depending in your industry and location

Identity Theft / Fraud – Data Loss

Person Corporation Clients / Customers Vendors

Types of Identity Theft

MedicalCharacter CriminalPassport / Driver’s

LicenseFinance

Social Security

Fastest Growing Segment = Healthcare

Committed by Three Types of People

Individuals that are not connected to larger groups

Small Organized Groups Domestic Organized Criminal Group Foreign Organized Criminal Groups

Regulatory

*FACTA & FACTA “Red Flag Rules” – up to $2500 in fines per occurrence

*HIPPA – up to $250,000 in fines *Gramm Leach Bliley - up to $1million

in fines plus change of management and jail

State Statutes

*The Federal Trade Commission is the primary regulatory enforcement agency

Business Issues

Costs

RegulatoryFines, Fees & Penalties

MitigationCustomer and / or Employee NotificationsCredit

Liability

Costs: Workplace Facts and Statistics

Identity Theft Resource Center reports cost to Business and Consumers in 2005 = $56.6B

Forester Research reported Data Breach costs in a range from $90 to $305 per customer record

A reported 247,491,255 personal records have been compromised by stolen or lost data between 2005 and 2008

What Is Required

Appointment of a Chief Information Security Officer

A Written Non-Public Information Policy

Training of Employees Notification of Vendors of their

requirement to Meet the Standards Mitigation Plan

QUESTIONS?

VICTORIA WORSFor additional information contact:

[email protected]