Contractors Insurance

The pain of GDPR compliance and the long term effects

Posted by 7 September, 2018 (0) Comment

 

GDPR has no exemptions that organisations I work with can rely on, perhaps for the first time with data, we are all in it together.

The challenges facing organisations trying to comply are magnified by the amount of “fake news” surrounding it. I haven’t been surprised by the feeding frenzy from those trying to cash in yet I am somewhat alarmed by the number of “experts” on this untried legislation. I understood that it took 10,000 hours to become an expert in something and I’m wondering how the experts managed that. C’est la vie.

What truly concerns me is that this is a massive cultural change and I fear that the policies being written and disseminated are not going to empower the people that need to deal with data on a daily basis. During my 29 years in the field of risk, insurance and business continuity I have seen many issues that could have been avoided by educating people. Yet it seems that policies are written to ensure employment or contracts can be terminated rather than actually encouraging people to comply. I realise that this is partly due to legal precedent yet motivating people by fear is far weaker than motivating them by other means.

Having listened to many people and taking in copious amounts of information, I think that the feeding frenzy has prevented people from understanding the “mission” of the data regulators. They want organisations to be careful with data and respect the wishes and privacy of people like you and I.  It is not a lot to ask yet achieving that aim is undoubtedly awkward. It is a lot less awkward if the culture of an organisation recognises this.

I have this awful nagging doubt that people will not be motivated to do the right data thing if they are told off or, disciplined when they make mistakes. I’ve seen many policies that tell people what to do yet they are rarely allied with the cultural piece. Even rarer is the right level of education and reinforcement that motivates.

The deadline will come and go yet the mission of the regulator is not going to be achieved if the culture of blame continues to be the most pervasive in organisations. One issue that no-one seems to have thought about is the way salespeople treat data. Arguments over who owns it are regular, especially with the advance of online networks. Roughly 50% of people take data with them when they leave one organisation for another. There are at least two companies in breach when this happens and the individual has broken the law. It is theft after all.

The existing regulations state that this shouldn’t happen yet half of the population think it’s OK to take it when they really know that they shouldn’t. It could be argued that the policies that discipline people have worked because they have stopped the other half from doing this. Yet half is not enough. It should be a single digit number, at the very worst.

So policies and procedures are not working now. New ones will not change that if they don’t address the cultural side of human behaviour.

What can be done?

A new type of policy is required. Naturally, it should start at the top of an organisation. It should motivate people to change the way they think about data. It should be readable, not shrouded in jargon. It should reward people for doing the right thing. It should be something that everyone is reminded about. But not “beaten up” over.

 

Jason Cobine is an Insurance broker in London who works with businesses and charities. He has built a business from scratch, without pilfering data so he knows how hard it is. Yet it was a cultural decision that has been proved to be correct.

 

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Personal Insurance,Solicitors insurance,Uncategorized Tags : , , , , , , , , , , ,

The GDPR is coming. Time to sit down, relax and take stock

Posted by 3 May, 2018 (0) Comment

This article is about the feeding frenzy taking place, how to avoid it and what to look out for in the run up to GDPR lift off.

 

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

 

The vultures have been circling for some time now.

 

Plenty of people are putting the frighteners on good people that just want to survive the supposed relentlessness of heavily armed Data Commissioners issuing fines aplenty. Which will not actually happen. The ICO simply haven’t got enough resources to do that. Much like other agencies that are not for profit.

 

Speaking of which, it is those that are for profit that we need to be wary of. I’ve received several updated contracts from insurance companies dictating how data issues need to be resolved. My first piece of advice is to establish what your partners expect of you because, whilst the data commissioner might give you 72 hours to report certain types of breach, I am now contractually bound to give others 24 hours notice. Probably because they want the lions share of the deadline to get themselves ready. They also insist on certain types of data security and issue tight deadlines on “data subject access requests”. Cheeky but true.

 

So have you read all your contracts recently?

 

At least some of our partners are decent enough to tell us they’re being updated. Other contracts, like insurance policies, already cater for the change with clever wording. Where it states that they expect you to be complying with the law it actually means that as soon as the law changes, you have to be compliant with the new one. They don’t need to wait for the renewal of a contract to make you keep up with legislation. They’ve already taken care of it.

 

Are you going to read all your supplier or partner contracts? Probably not. Who has the time? I hear you sigh! Keep these in mind when you are changing your policies that are affected by GDPR. There might be a clash. You might want to notify them with 72 hours, yet they might stipulate immediately. Forewarned is forearmed and I don’t think fines are going to cause the biggest headache. I think it will be interruptions to business and loss of reputation and/or clients.

 

Government crack the whip

 

I have a feeling that the government announcement last week, that it would try and reduce the compensation culture by cracking down (again) on so called “whiplash” claims, might fuel the class action culture that Morrisons supermarkets find themselves subject to. There are a lot of companies that rely on that revenue stream (it’s in the billions) and they will switch to the next as quick as they went from PPI to holiday sickness claims. And PPI is coming to an end.

 

Wrap Up: We’re not overly concerned about the deadlines imposed by our supply chain because we have the resources to cope with them. Yet we’re very pleased we know what they are because a data breach causes enough confusion on it’s own.

 

Top Tip: Once you’ve assessed your position, review your contracts to see what else you might need to weave in. This is a once in 20 year opportunity to engage with your stakeholders. Done well, it will build trust regarding data and how you want to keep it safe. That trust is gold dust in the current climate.

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Intellectual Property Insurance,Liability Insurance,Solicitors insurance Tags : , , , , , , , , , , , , ,

Power (back) to the people?

Posted by 4 May, 2016 (0) Comment

 

 

Have the EU given data Power (back) to the people?

 

This blog is about data protection, how the laws are used against us and how the new broom will try and take miscreants to the cleaners .

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

 

Data protection

 

It has always miffed me when the data protection act was used against me, especially when I know it was designed for me…to actually protect me. And you of course. I’m referring to the times when, with no malice in mind, I have been refused access to bank accounts, utility bill payments and more with the comment “It’s against our data protection policy to” help you.

I know that some of the people that have told me this were on a work avoidance programme (known as WAP when I worked in corporate’s). Their colleagues confessed in the bar. I now know privacy “defence” is used against us when it suits the data controller.

Thanks to this video showing how defences fold when a little “social engineering”, also known as lying, is used to break an individual’s defence down. The video shows how hackers (in 30 seconds) get access to personal or private information with a little trickery involving children of all things. Thank God the children aren’t real. It left me wondering why I can’t access my information when others can.

 

Plan of the insurers

 

Perhaps this is why European legislation fines companies 4% of turnover (not profits) following avoidable breaches. Even more interesting are the requirements to notify interested parties of a breach within 4 days of it happening. Since the old act was introduced, times have moved on and technology has increased the speed of such change. Surprisingly enough, insurers do have a plan. Not the Insurer’s you’ve heard off.

There are a new breed offering services as well as covering fines, legal costs and clean up costs. Having said that, very few of our data breach enquiries end up with insurance policies being required. It’s usually education that reduces risk. If you think that’s what you need get in touch to get a free trial (it’s on us). Because I have no doubt that we will adopt the EU data act, sooner or later. If we are not in Europe there will be greater scrutiny in weaknesses in the offerings of UK Plc.

It will become a business imperative to have the highest threshold of data security in the World. If the Panama Papers haven’t made people think carefully about what they have that’s important, private or confidential, nothing else will. Once the high risk data has been secured in your version of fort knox, you can then secure the next level of lower risk data and so on.

 

What now?

 

So you may well start preparing now. Or you could wait for the authorities to point the finger and aim their inspectors at someone else. These issues are extremely rare. The new breed of data inspectors will be targeted to find breaches so they can fine people. Now that the £35 per year Data Protection Register annual charge is being scrapped, the DPA will only get paid if they manage to raise funds through fines.

Data breaches will be a lot easier to spot than health & safety breaches so anticipate people with an axe to grind to start blowing the whistle. I also anticipate the forces that drove the compensation culture (whiplash anyone) will be a problem for those that don’t meet the regulations. I have no doubt that Data Protection inspectors will offer low paid workers (like cleaners) fees for “introducing them” to parties that have weak security. It will cost them nothing, they have a degree of protection from being disciplined when the whistle is blown, if it is for the “greater good”. If it were a Panama Papers employee that went rogue, I doubt they would suffer a severe penalty.

Wrap up; The people that were behind whiplash claims being made fraudulently or exaggerated have moved on. At the moment there are chasing ambulances (an American term) straight into the A&E departments. This because it is easier to exaggerate or commence a fraudulent injury claim when there is no car involved. It’s only a matter of time before they move sideways into data.

Top tip; As for the referendum, have a plan for staying and another for going. Keep both simple.

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Health & Safety,Intellectual Property Insurance,Solicitors indemnity,Uncategorized Tags :

Contracts, Consultants and indemnity‏

Posted by 11 January, 2016 (0) Comment

Jason really was amazing, he managed to find insurance cover for me as a consultant valuation surveyor when no one else could. He  kept me informed of progress continually. I  would thoroughly  recommend him.”

                                –  Robin Smith, FRICS

Getting your contracts in order

 

Robin called me saying “I need urgent assistance”. I’ve won a contract yet they’re asking me for insurance and nobody can provide me with what’s needed. This is something we deal with every week because a lot of insurance providers have placed their products on the Internet and don’t have the facilities to give advice as to what fits.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

The contract wasn’t complicated or onerous yet it was specific. The type of work to be carried out was slightly unusual yet the problem wasn’t the work it was the availability of cover. Robin also had a deadline to meet and so the frustration in finding red herrings all over the Internet was understandable. There were many providers that said they could offer the cover Robin needed but as soon as he scratched the surface they turned and ran in the opposite direction.

 

Insurance and contracts are usually at odds

 

Another challenge for Robin was that the contracts told him the terms and conditions of undertaking the project yet the insurance available has to be compare to the contract to ensure they dovetail. There are clauses in contracts that relate to insurance and there are clauses in insurance policies that relate to contracts.

Most insurances available via the Internet are no good when compared to contracts. The fact that so many insurance providers allow people to buy insurance without speaking to anyone is brilliant. Especially when you need something in a hurry. It’s not so brilliant when you need to speak to somebody and find that the Internet and, in particular the website that you found it on, doesn’t take your calls.

 

Whatever next?

 

Sometimes those awarding the contract start reading the insurance themselves and asking questions. Being cynical, they often ask these questions when they are due to pay an invoice. I’m not saying that they use this as a tactic to delay payment yet, if the insurance doesn’t meet the requirements, they will delay payment.

This happens most often when small businesses are working with a large company with an in-house legal team. They accept the insurance documents and only start checking the details when they are due to pay. This is so common we make sure that the insurance stacks up before it’s issued rather than suffer the pain of the late payment at a later date.


Wrap up
; Temptation to accept a contract with a large company is great. The offer may seem fantastic yet their requirements can offer the water down the profitability.

Top tip; Make sure you check the cost of the insurance before you negotiate your fees or payment terms. You might need insurance for a contract yet you don’t want to end up with zero profit.

Categories : All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Design Insurance,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Patent Insurance,Trade,Trademark Insurance,Uncategorized Tags : , , , , , , ,

Efficient insurance isn’t always friendly

Posted by 23 June, 2014 (0) Comment

This article is about how improvements in technology should help providers improve the service to their clientèle. Read on to find out how IT has made life easier, where it has failed, and the backlash that is “in the post”.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Treating customers fairly?

 

Recently I have been learning how to use a new IT system which will increase our efficiency and profit. The people showing us how to use the system are terribly nice and say some nice things, yet also some very surprising things. One that really did surprise me relates to the way the system allows us to meet all the compliance regulations that are bestowed upon us, by the FCA (Financial Conduct Authority) I was pleased to find that the system made our life easier when ticking the compliance boxes.

It was during a discussion about “treating customers fairly” (TCF) that I was so surprised. TCF involves doing what it says on the tin – making sure that the customer is at the centre of what you do. This ensures that they are well treated and their aims are met whilst your business meets its aims too. For me, this is the most valuable thing you can do in a business, because customers are always right and when they are wrong, its usually because they have not been well informed. This is a statement that most business owners don’t want to hear, yet when they are the customer they realise that it’s actually true.

What’s the surprise?

 

The comment that surprised me so much was after I complimented the trainers on showing us how to add efficiency into our compliant processes. Our training lady announced that no one usually cares about this, to which I exclaimed “pardon!” because I couldn’t believe that a sector so beaten and bowed by criticism still fails to take its customers’ rights seriously. I enquired what the lady meant by “no one usually cares” and she reiterated that all the other people she trains (all is probably an overstatement) find ways to avoid ticking the compliance box of TCF. I am not surprised that this happens, but I am surprised that it is an industry wide problem. However, it does explain one scenario that has puzzled me somewhat.

Why is it important?

 

When I first went “alone” I carried out research and found that a healthy percentage of people that had purchased insurance were not sure that it was right for them. This meant there were people who would find our service useful. This gave us immense confidence as we ploughed our furrow and provided a service that isn’t available to all. It still isn’t available to all, because we could not possible service the entire commercial insurance buying public, not by ourselves. But watch this space. We have no immediate plans to dominate the UK, yet what I have discovered over the last few years has shown us that the vast majority of people who buy insurance are not treated fairly. There is work for us to do in changing that. It is a challenge, but one I am ready for.

Wrap Up: Not all insurance policies are the same. Not insurance companies are the same. Not all businesses are the same. So ensure you get what you need, before you need it.

Top Tip: If ever you do have a problem with insurance ask your supplier how they are treating you fairly, whilst dealing with the problem.

 

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,Design Insurance,Domian name protection,General Requirements,Health & Safety,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Patent Insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Trade Secret Protection,Trademark Insurance,Uncategorized Tags : , , , , , , , , , ,

Lambs slaughtered in Den

Posted by 28 March, 2014 (0) Comment

This article is about people eliminating threats to their business, taking risks and getting others interested. Read on to find out how the intrepid pitch for investment yet fail to illustrate their position on risk, never mind secure someone else’s hard earned finance.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Dragon’s Den is a risk worth taking

 

I learn a lot when watching Dragons Den. It is always interesting to see a great idea. Everybody loves those. Yet, a lot of the time we are treated to ‘car crash television’ where it appears that the unprepared have been literally thrown at the Dragons. I have actually cringed when watching the programme, yet it is rarely the Dragons that scare me. It’s some of the characters that arrive and put their “worst” foot forward. On the other hand, my heart does sink when a genuinely warm, credible person drops themselves in it. Even then, I don’t feel sorry for too long because I have a lot to learn myself.

Even though I’m watching on television, it’s not hard to spot the weak points that are being attacked. I’m always alarmed by those who do have a great idea, a coherent plan and still fail because they didn’t think about the objections that would inevitably be raised. When they shoot themselves down in flames I feel their pain. I suppose not all of it can possibly be unwitting. I expect some people do well out of the exposure even if they don’t get the investment they were after. Good luck to them!

Sometimes you can smell the ill-preparation

 

Recently a couple of entrepreneurs explained they had a huge following and people were biting their arms off to extend their travel and tour company business to take in festivals in different places. I had heard of this type of business yet they seemed to have a way of making it cost efficient and therefore more profitable. The Dragons were listening. Right up until one of the Dragons mentioned that they were not happy that the risks to the business had been thought about in detail. The lady announced that “all it takes is for one hotel to go down and you are snookered”. I had heard the guys mention that they were ATOL/ABTA protected which means that their clientèle are flown home in the event of the holiday providers having financial problems.

They should also have mentioned that ATOL/ABTA (and others) provide insurance that covers them for most of the other costs that follow such issues. They didn’t. Why not? Didn’t they realise this protection was available? Had they decided that insurance was too expensive for their business? It didn’t sound right that people who had been sending clients on trips to festivals around Europe hadn’t put any protection in place for their clientèle, never mind their business. I remain puzzled because the investors lost interest. No surprise there then.

When the Dragon questioned whether they would be able to continue if a third party let them down, all they had to do was say they would insure the risk. Even if they hadn’t arranged it at the time they could have accounted for the investment in their plan. It rarely “breaks the bank” to protect oneself.

 

Wrap Up: If you have a great idea think about the threats that could interfere with your business plan. Reduce them or eliminate the impact completely where possible because Dragons are risk averse, they only  take balanced risks. They don’t assume. They gauge their possible ROI based on all the variable outcomes. You can too.

 

Top Tip: If you are looking for investment try and understand just how risk averse your investors are before you pitch to them. Their previous investments will give you clues.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,Design Insurance,Domian name protection,General Requirements,Health & Safety,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Patent Insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Trade Secret Protection,Trademark Insurance,Uncategorized Tags : , , , , , , , ,