Uncategorized

The pain of GDPR compliance and the long term effects

Posted by 7 September, 2018 (0) Comment

 

GDPR has no exemptions that organisations I work with can rely on, perhaps for the first time with data, we are all in it together.

The challenges facing organisations trying to comply are magnified by the amount of “fake news” surrounding it. I haven’t been surprised by the feeding frenzy from those trying to cash in yet I am somewhat alarmed by the number of “experts” on this untried legislation. I understood that it took 10,000 hours to become an expert in something and I’m wondering how the experts managed that. C’est la vie.

What truly concerns me is that this is a massive cultural change and I fear that the policies being written and disseminated are not going to empower the people that need to deal with data on a daily basis. During my 29 years in the field of risk, insurance and business continuity I have seen many issues that could have been avoided by educating people. Yet it seems that policies are written to ensure employment or contracts can be terminated rather than actually encouraging people to comply. I realise that this is partly due to legal precedent yet motivating people by fear is far weaker than motivating them by other means.

Having listened to many people and taking in copious amounts of information, I think that the feeding frenzy has prevented people from understanding the “mission” of the data regulators. They want organisations to be careful with data and respect the wishes and privacy of people like you and I.  It is not a lot to ask yet achieving that aim is undoubtedly awkward. It is a lot less awkward if the culture of an organisation recognises this.

I have this awful nagging doubt that people will not be motivated to do the right data thing if they are told off or, disciplined when they make mistakes. I’ve seen many policies that tell people what to do yet they are rarely allied with the cultural piece. Even rarer is the right level of education and reinforcement that motivates.

The deadline will come and go yet the mission of the regulator is not going to be achieved if the culture of blame continues to be the most pervasive in organisations. One issue that no-one seems to have thought about is the way salespeople treat data. Arguments over who owns it are regular, especially with the advance of online networks. Roughly 50% of people take data with them when they leave one organisation for another. There are at least two companies in breach when this happens and the individual has broken the law. It is theft after all.

The existing regulations state that this shouldn’t happen yet half of the population think it’s OK to take it when they really know that they shouldn’t. It could be argued that the policies that discipline people have worked because they have stopped the other half from doing this. Yet half is not enough. It should be a single digit number, at the very worst.

So policies and procedures are not working now. New ones will not change that if they don’t address the cultural side of human behaviour.

What can be done?

A new type of policy is required. Naturally, it should start at the top of an organisation. It should motivate people to change the way they think about data. It should be readable, not shrouded in jargon. It should reward people for doing the right thing. It should be something that everyone is reminded about. But not “beaten up” over.

 

Jason Cobine is an Insurance broker in London who works with businesses and charities. He has built a business from scratch, without pilfering data so he knows how hard it is. Yet it was a cultural decision that has been proved to be correct.

 

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Personal Insurance,Solicitors insurance,Uncategorized Tags : , , , , , , , , , , ,

Power (back) to the people?

Posted by 4 May, 2016 (0) Comment

 

 

Have the EU given data Power (back) to the people?

 

This blog is about data protection, how the laws are used against us and how the new broom will try and take miscreants to the cleaners .

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

 

Data protection

 

It has always miffed me when the data protection act was used against me, especially when I know it was designed for me…to actually protect me. And you of course. I’m referring to the times when, with no malice in mind, I have been refused access to bank accounts, utility bill payments and more with the comment “It’s against our data protection policy to” help you.

I know that some of the people that have told me this were on a work avoidance programme (known as WAP when I worked in corporate’s). Their colleagues confessed in the bar. I now know privacy “defence” is used against us when it suits the data controller.

Thanks to this video showing how defences fold when a little “social engineering”, also known as lying, is used to break an individual’s defence down. The video shows how hackers (in 30 seconds) get access to personal or private information with a little trickery involving children of all things. Thank God the children aren’t real. It left me wondering why I can’t access my information when others can.

 

Plan of the insurers

 

Perhaps this is why European legislation fines companies 4% of turnover (not profits) following avoidable breaches. Even more interesting are the requirements to notify interested parties of a breach within 4 days of it happening. Since the old act was introduced, times have moved on and technology has increased the speed of such change. Surprisingly enough, insurers do have a plan. Not the Insurer’s you’ve heard off.

There are a new breed offering services as well as covering fines, legal costs and clean up costs. Having said that, very few of our data breach enquiries end up with insurance policies being required. It’s usually education that reduces risk. If you think that’s what you need get in touch to get a free trial (it’s on us). Because I have no doubt that we will adopt the EU data act, sooner or later. If we are not in Europe there will be greater scrutiny in weaknesses in the offerings of UK Plc.

It will become a business imperative to have the highest threshold of data security in the World. If the Panama Papers haven’t made people think carefully about what they have that’s important, private or confidential, nothing else will. Once the high risk data has been secured in your version of fort knox, you can then secure the next level of lower risk data and so on.

 

What now?

 

So you may well start preparing now. Or you could wait for the authorities to point the finger and aim their inspectors at someone else. These issues are extremely rare. The new breed of data inspectors will be targeted to find breaches so they can fine people. Now that the £35 per year Data Protection Register annual charge is being scrapped, the DPA will only get paid if they manage to raise funds through fines.

Data breaches will be a lot easier to spot than health & safety breaches so anticipate people with an axe to grind to start blowing the whistle. I also anticipate the forces that drove the compensation culture (whiplash anyone) will be a problem for those that don’t meet the regulations. I have no doubt that Data Protection inspectors will offer low paid workers (like cleaners) fees for “introducing them” to parties that have weak security. It will cost them nothing, they have a degree of protection from being disciplined when the whistle is blown, if it is for the “greater good”. If it were a Panama Papers employee that went rogue, I doubt they would suffer a severe penalty.

Wrap up; The people that were behind whiplash claims being made fraudulently or exaggerated have moved on. At the moment there are chasing ambulances (an American term) straight into the A&E departments. This because it is easier to exaggerate or commence a fraudulent injury claim when there is no car involved. It’s only a matter of time before they move sideways into data.

Top tip; As for the referendum, have a plan for staying and another for going. Keep both simple.

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Health & Safety,Intellectual Property Insurance,Solicitors indemnity,Uncategorized Tags :

Contracts, Consultants and indemnity‏

Posted by 11 January, 2016 (0) Comment

Jason really was amazing, he managed to find insurance cover for me as a consultant valuation surveyor when no one else could. He  kept me informed of progress continually. I  would thoroughly  recommend him.”

                                –  Robin Smith, FRICS

Getting your contracts in order

 

Robin called me saying “I need urgent assistance”. I’ve won a contract yet they’re asking me for insurance and nobody can provide me with what’s needed. This is something we deal with every week because a lot of insurance providers have placed their products on the Internet and don’t have the facilities to give advice as to what fits.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

The contract wasn’t complicated or onerous yet it was specific. The type of work to be carried out was slightly unusual yet the problem wasn’t the work it was the availability of cover. Robin also had a deadline to meet and so the frustration in finding red herrings all over the Internet was understandable. There were many providers that said they could offer the cover Robin needed but as soon as he scratched the surface they turned and ran in the opposite direction.

 

Insurance and contracts are usually at odds

 

Another challenge for Robin was that the contracts told him the terms and conditions of undertaking the project yet the insurance available has to be compare to the contract to ensure they dovetail. There are clauses in contracts that relate to insurance and there are clauses in insurance policies that relate to contracts.

Most insurances available via the Internet are no good when compared to contracts. The fact that so many insurance providers allow people to buy insurance without speaking to anyone is brilliant. Especially when you need something in a hurry. It’s not so brilliant when you need to speak to somebody and find that the Internet and, in particular the website that you found it on, doesn’t take your calls.

 

Whatever next?

 

Sometimes those awarding the contract start reading the insurance themselves and asking questions. Being cynical, they often ask these questions when they are due to pay an invoice. I’m not saying that they use this as a tactic to delay payment yet, if the insurance doesn’t meet the requirements, they will delay payment.

This happens most often when small businesses are working with a large company with an in-house legal team. They accept the insurance documents and only start checking the details when they are due to pay. This is so common we make sure that the insurance stacks up before it’s issued rather than suffer the pain of the late payment at a later date.


Wrap up
; Temptation to accept a contract with a large company is great. The offer may seem fantastic yet their requirements can offer the water down the profitability.

Top tip; Make sure you check the cost of the insurance before you negotiate your fees or payment terms. You might need insurance for a contract yet you don’t want to end up with zero profit.

Categories : All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Design Insurance,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Patent Insurance,Trade,Trademark Insurance,Uncategorized Tags : , , , , , , ,

Property Managing Agents- Part of our fees are for NOT arranging cover

Posted by 16 August, 2014 (0) Comment

A shameful article about Property Managing Agents failing their client when looking after their property, favouring one leaseholder over another and, critically, failing to arrange insurance despite collecting the premium.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Treating customers fairly?

 

I have claims to make, yet no service

 

I first met Paul at breakfast and found him hugely charming and terrible engaging. Not many people will dance their way through a presentation yet that’s exactly what he did. We clicked and discussed many things other than dance and risk reduction.

He introduced me to Gail who was having difficulty getting any service from their property’s managing agent – it was a terraced house in central London split into four apartments – despite water leaks needing to be fixed and repairs to her flat undertaken. Gail explained that the Property Managing Agents were so unresponsive they had decided to start their own company and take matters in-house. However, they had already paid for an annual insurance and wanted to make a claim.

There’s no cover!

 

For the right person, I am always happy to take over a policy and ensure that the claim is settled fairly. Gail and her neighbours authorised me to do this and Axa Insurance acknowledged receipt of our letter within days of it being submitted. It then slowed down and despite many calls Axa were unresponsive.

Another leaseholder raised the urgency when a lender requested evidence of insurance in order to authorise a remortgage. We pressed the Axa panic button, making contact with the most senior contact we have at that insurer and were told in hushed tones “the Property Managing Agent did not pay the premium so we cancelled the cover…..last year”. What is it about people not being able to bring themselves to give you bad news? I’ve never shot a messenger in my life.

All systems go!

 

I arranged an alternative within minutes of Gail authorising me to do so. We are talking about a property close to £1,000,000 with a history of water damage so it’s lucky we know which insurers want to cover these. Axa were unable to help in the timescale required! The annual investment was settled by credit card and documents were sent to the lender to ensure funds were released in time.

Gail has been trying to obtain a refund, to no avail, and is going to the Insurance Ombudsman. I fully expect the Property Managing Agent to be struck off the FCA register although I doubt their governing body will prevent them managing properties. The saddest thing is that it appears that one of the leaseholders is loosely connected to the fraudsters so it is a tricky scenario. They are an absent landlord and their lack of care in selecting tenants is causing problems for all the residents, not to mention their neighbours. Legal process is the only avenue open to them yet that has already started.

Wrap up: Leaseholders have a right to know where their fees are being spent. If you ask an agent what they are earning from insurance they have to tell you. They can be struck off for remaining silent.

Top Tip: Some Property Managing Agents charge ridiculously low fees but they top them up with hidden charges in insurance premiums. It has been know for them to cream 40% off the top and an accountant I know recovered £80,000 in fraudulent fees from a particularly deceitful company.

Categories : All Risks Insurance,Business Insurance,Company Insurance,General Requirements,Legal expenses insurance,Liability Insurance,Uncategorized Tags : , , , , , , ,

Efficient insurance isn’t always friendly

Posted by 23 June, 2014 (0) Comment

This article is about how improvements in technology should help providers improve the service to their clientèle. Read on to find out how IT has made life easier, where it has failed, and the backlash that is “in the post”.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Treating customers fairly?

 

Recently I have been learning how to use a new IT system which will increase our efficiency and profit. The people showing us how to use the system are terribly nice and say some nice things, yet also some very surprising things. One that really did surprise me relates to the way the system allows us to meet all the compliance regulations that are bestowed upon us, by the FCA (Financial Conduct Authority) I was pleased to find that the system made our life easier when ticking the compliance boxes.

It was during a discussion about “treating customers fairly” (TCF) that I was so surprised. TCF involves doing what it says on the tin – making sure that the customer is at the centre of what you do. This ensures that they are well treated and their aims are met whilst your business meets its aims too. For me, this is the most valuable thing you can do in a business, because customers are always right and when they are wrong, its usually because they have not been well informed. This is a statement that most business owners don’t want to hear, yet when they are the customer they realise that it’s actually true.

What’s the surprise?

 

The comment that surprised me so much was after I complimented the trainers on showing us how to add efficiency into our compliant processes. Our training lady announced that no one usually cares about this, to which I exclaimed “pardon!” because I couldn’t believe that a sector so beaten and bowed by criticism still fails to take its customers’ rights seriously. I enquired what the lady meant by “no one usually cares” and she reiterated that all the other people she trains (all is probably an overstatement) find ways to avoid ticking the compliance box of TCF. I am not surprised that this happens, but I am surprised that it is an industry wide problem. However, it does explain one scenario that has puzzled me somewhat.

Why is it important?

 

When I first went “alone” I carried out research and found that a healthy percentage of people that had purchased insurance were not sure that it was right for them. This meant there were people who would find our service useful. This gave us immense confidence as we ploughed our furrow and provided a service that isn’t available to all. It still isn’t available to all, because we could not possible service the entire commercial insurance buying public, not by ourselves. But watch this space. We have no immediate plans to dominate the UK, yet what I have discovered over the last few years has shown us that the vast majority of people who buy insurance are not treated fairly. There is work for us to do in changing that. It is a challenge, but one I am ready for.

Wrap Up: Not all insurance policies are the same. Not insurance companies are the same. Not all businesses are the same. So ensure you get what you need, before you need it.

Top Tip: If ever you do have a problem with insurance ask your supplier how they are treating you fairly, whilst dealing with the problem.

 

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,Design Insurance,Domian name protection,General Requirements,Health & Safety,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Patent Insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Trade Secret Protection,Trademark Insurance,Uncategorized Tags : , , , , , , , , , ,

Lambs slaughtered in Den

Posted by 28 March, 2014 (0) Comment

This article is about people eliminating threats to their business, taking risks and getting others interested. Read on to find out how the intrepid pitch for investment yet fail to illustrate their position on risk, never mind secure someone else’s hard earned finance.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Dragon’s Den is a risk worth taking

 

I learn a lot when watching Dragons Den. It is always interesting to see a great idea. Everybody loves those. Yet, a lot of the time we are treated to ‘car crash television’ where it appears that the unprepared have been literally thrown at the Dragons. I have actually cringed when watching the programme, yet it is rarely the Dragons that scare me. It’s some of the characters that arrive and put their “worst” foot forward. On the other hand, my heart does sink when a genuinely warm, credible person drops themselves in it. Even then, I don’t feel sorry for too long because I have a lot to learn myself.

Even though I’m watching on television, it’s not hard to spot the weak points that are being attacked. I’m always alarmed by those who do have a great idea, a coherent plan and still fail because they didn’t think about the objections that would inevitably be raised. When they shoot themselves down in flames I feel their pain. I suppose not all of it can possibly be unwitting. I expect some people do well out of the exposure even if they don’t get the investment they were after. Good luck to them!

Sometimes you can smell the ill-preparation

 

Recently a couple of entrepreneurs explained they had a huge following and people were biting their arms off to extend their travel and tour company business to take in festivals in different places. I had heard of this type of business yet they seemed to have a way of making it cost efficient and therefore more profitable. The Dragons were listening. Right up until one of the Dragons mentioned that they were not happy that the risks to the business had been thought about in detail. The lady announced that “all it takes is for one hotel to go down and you are snookered”. I had heard the guys mention that they were ATOL/ABTA protected which means that their clientèle are flown home in the event of the holiday providers having financial problems.

They should also have mentioned that ATOL/ABTA (and others) provide insurance that covers them for most of the other costs that follow such issues. They didn’t. Why not? Didn’t they realise this protection was available? Had they decided that insurance was too expensive for their business? It didn’t sound right that people who had been sending clients on trips to festivals around Europe hadn’t put any protection in place for their clientèle, never mind their business. I remain puzzled because the investors lost interest. No surprise there then.

When the Dragon questioned whether they would be able to continue if a third party let them down, all they had to do was say they would insure the risk. Even if they hadn’t arranged it at the time they could have accounted for the investment in their plan. It rarely “breaks the bank” to protect oneself.

 

Wrap Up: If you have a great idea think about the threats that could interfere with your business plan. Reduce them or eliminate the impact completely where possible because Dragons are risk averse, they only  take balanced risks. They don’t assume. They gauge their possible ROI based on all the variable outcomes. You can too.

 

Top Tip: If you are looking for investment try and understand just how risk averse your investors are before you pitch to them. Their previous investments will give you clues.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,Design Insurance,Domian name protection,General Requirements,Health & Safety,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Patent Insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Trade Secret Protection,Trademark Insurance,Uncategorized Tags : , , , , , , , ,