Gallagher Bassett We Guide. We Guard. We Go Beyond.

When Billie Holiday sang that song, the old familiar places were reassuring, familiar - the small café, the children's carousel, the wishin' well.* A new survey of workers in the UK by the Trades Union Council (TUC) puts a far more sinister spin on the idea. A significant portion of the employees queried are certain that their employers are monitoring them at work and even after hours, snooping on their social media use and other activities. TUC general secretary Frances O'Grady said: "Employers must not use tech to control and micromanage their staff. Monitoring toilet breaks, tracking every movement and snooping on staff outside of working hours creates fear and distrust, and it undermines morale."

Why might employees think that they are being watched? Well, consider the just following items which have been covered in the media quite recently: Google admitted it stores users' whereabouts even when they have turned off location tracking on their device. (Hi, Google. Or should I say, Mr. Alphabet?) According to the Wall Street Journal (08/18/2018), "Car makers are collecting massive amounts of data from the latest cars on the road. Now, they're figuring out how to make money off it." Dozens of recent articles have celebrated the Internet of Things and how devices now exchange information on their own, leaving us to wonder what our toaster might be saying about us behind our backs.

Employee perception of what the bosses are up to in these times of massive electronic snooping becomes a new type of risk which must be understood, quantified if possible, and managed. Bizfluent published a neat, short overview late last year pithily titled "The Negative Effects of Workplace Surveillance". Don't shrug this one off on HR. Workplace surveillance cuts in many different directions. Employee perception, whether well-grounded or not, creates morale issues, but actual surveillance and how the information derived from snooping is deployed creates very real risks, the kinds that can make a dent in your E&O, even your D&O.

This is another area of risk where risk management and HR need to link hands. What is your corporate policy on employee/workplace surveillance, what data do you collect and archive and when/how do you use it? It's easy to create an appearance, for example, of illegal discrimination through simple inconsistency. If you review CCTV tapes of accidents reported as comp claims, look at the tape for every claim, not just the case of the employee you never liked anyway.

Oh, incidentally, what does the microwave in the break room know? Anything juicy?

(*Hey, millennials - it's on You Tube. If you don't know Billie, do yourself a favor and listen up.)

Rocky Mountain My, Oh My

Do you have operations or even clients in Colorado? Colorado Bill HB18-1128, "Protections for Consumer Data Privacy," officially setting some of the most stringent requirements for personal information data disposal and data breach notification in place in any U.S. state, went into effect September 1, 2018. Ready or not. While 18-1128 is primarily a concern for IT, the legal department, and compliance, it has plenty of potential impact left over for risk management (great summary here).

Consumer data privacy and disclosure laws and regulations are changing rapidly. This Journal noted the impact of the EU's GDPR regs a couple of months back, while California has a major GDPR-like initiative measure coming up in the November election there. One aspect of this should look familiar to any risk manager. As one attorney who tracks this type of law notes in the summary report cited above, "States are the incubator for these laws right now. I think in the next legislative session, you'll see a few states with these GDPR-like proposals. I think that'll be the next thing." With no clear path of Federal action currently visible, we all have to do the state by state fast polka we know so well from comp and other lines of insurance.

Good ol' 18-1128 appears to be the most stringent law of its kind now on the books, so taking Colorado as a kind of "safe harbor" for your efforts to wrap effective risk measures around these burgeoning new privacy/breach exposures may be a wise course. The larger point, of course, is that this growing body of regulation around data privacy creates a daunting new field of potential risk which you need to consider in policy renewals, captive use, TPA selection, and internal risk reporting - all the tools you use to safeguard corporate financial well-being.

The good news? They'll be ice skating in Hell before a computer algorithm can replace a professional risk manager like you.

[Note: the opinions expressed in this Journal are not qualified legal advice.]

A Word About the Ho-Ho-Holidays

Fall isn't quite here, so it's time to talk about the holidays and the risks they bring before the craziness hits in full force. The Lancet is one of the oldest and most prestigious medical journals in the world. When they publish a new research paper, you can be certain that it has gone through a thorough vetting by the experts in the field. That's why a new report in the current issue needs our attention. The report has the cumbersome title "Alcohol use and burden for 195 countries and territories, 1990–2016: a systematic analysis for the Global Burden of Disease Study 2016" (see CNN for a very professional summary).

The point of this complex and rigorous study is simply told: no amount of alcohol, no matter how trifling, does not reduce your life expectancy. Or, bluntly, any drink kills you. This vast new research puts the lie to the comforting but largely incompetent studies that told us that one or two drinks a day could actually be good for our health. NOT TRUE. While very small amounts of alcohol do seem to help a handful of specific conditions, the overall impact on health, even in these cases, is net negative. Alcohol consumption is utterly incompatible with healthy best practices, the behaviors like good diets and exercise that your organization probably promotes as part of employee health management.

Think about this as your organization begins to plan for the holidays. Even generally straight-laced organizations often loosen up and include a bar, even an open bar, at holiday parties or include bottles of wine in business gift packages. Is this really the message you want to communicate? This Journal has run study after study explaining and documenting the impact of employee health on risk management, how employee obesity, for example, can double the average cost of indemnity comp claims or how chronic sleep deprivation drives up operator accidents in your fleet. The holidays are the one time of the year when every company or other organization has to make a serious statement about alcohol, safety, and health unless it declines to sponsor holiday events at all.

As a risk manager, you have an important voice in minimizing and controlling holiday-related risks. No one likes to play Scrooge, but minimizing or eliminating alcohol is not about saving money. It's about saving lives. The Lancet study makes that completely clear. Dead simple, in fact.