Category Archives: Uncategorized

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Ill. Court: Non-Injured Plaintiffs Cannot Sue for Violations of Consumer and Workplace-Related Laws

Posted on by

In Maglio v. Advocate Health and Hosps. Corp., (Ill. App. Ct. June 2, 2015), the Illinois Appellate Court was asked to decide whether individuals have standing to bring suit for violations of consumer data protection laws where their personal data, while compromised, has not been used to harm the individuals. The Illinois Appellate Court, in holding that such individuals do not have standing, established that, at least in Illinois, plaintiffs who suffer no concrete harm, but instead allege only technical statutory violations, cannot sue for violations of consumer and, presumably, workplace-related laws.

The decision of the Illinois Appellate Court could have implications beyond Illinois. As we previously reported, the U.S. Supreme Court recently granted certiorari in Spokeo, Inc. v. Robins (U.S. Apr. 27, 2015). In the Spokeo matter, the U.S. Supreme Court will confront a nearly identical issue: Do individuals have standing to sue for violations of the Fair Credit Reporting Act (FCRA) even when they have not suffered any harm or injury? If the U.S. Supreme Court reasons in the same way that the Illinois Appellate Court did and answers this question “no,” the decision would likely discourage the current wave of consumer, workplace, and other class actions seeking millions in statutory damages.

Case Background

Advocate is a network of hospitals and doctors. On July 15, 2013, burglars stole four computers from Advocate’s administrative building that contained the personal information of about four million of Advocate’s patients. Advocate notified these patients of the theft on August 23, 2013.

Two sets of plaintiffs filed class actions against Advocate, claiming that Advocate violated two state consumer data protection laws by failing to maintain adequate procedures to protect the personal information of plaintiffs and putative class members and by failing to notify the plaintiffs and putative class about the breach in a timely matter. The plaintiffs also sued Advocate on theories of negligence and invasion of privacy.

Advocate moved to dismiss both class actions, arguing that the plaintiffs lacked standing because they had not suffered any injury as a result of their data being stolen. Both trial courts dismissed the class actions. The trial courts found that “[t]he increased risk that plaintiffs will be identity theft victims at some indeterminate point in the future . . . . did not constitute an injury sufficient to confer standing,” and that the plaintiffs’ “allegations concerning anxiety and emotional distress . . . . were insufficient to establish standing, where they were not based on an imminent threat.” The plaintiffs appealed.

Appellate Court’s Decision

The Appellate Court pointed out that, under Illinois law, a plaintiff only has standing if he or she has suffered “some injury in fact to a legally cognizable interest. [T]he claimed injury may be actual or threatened and it must be: (1) distinct and palpable; (2) fairly traceable to the defendant’s actions; and (3) substantially likely to be prevented or redressed by the grant of the requested relief.”

The Appellate Court then considered whether the plaintiffs had suffered a “distinct and palpable” injury under Illinois law. It found, in light of Chicago Teachers Union, Local 1 v. Bd. of Educ., – a case in which the Illinois Supreme Court held that physical education teachers did not have standing to challenge a statute allowing school districts to waive mandatory physical education requirements because the teachers were not “in immediate danger of sustaining a direct injury as a result of enforcement of the challenged statute that is distinct and palpable” – that the plaintiffs’ allegations of injury were speculative and the plaintiffs thus did not have standing to bring suit.

The Appellate Court reasoned that this result was supported by federal case law on standing. It observed that, “[i]n federal courts, to show standing under Article III of the Constitution, a plaintiff must establish the existence of an injury that is: (1) concrete, particularized, and actual or imminent; (2) fairly traceable to the challenged action; and (3) redressable by a favorable ruling.”  To meet the first requirement, “an ‘allegation of future injury may suffice if the threatened injury is ‘certainly impending,’ or there is a ‘substantial risk’ that the harm will occur.” (quoting Susan B. Anthony List v. Driehaus, 2014). “Allegations of possible future injury are not sufficient,” nor is an “objectively-reasonable-likelihood” that the future injury will occur.

The Appellate Court went on to find that an increased risk of harm is not sufficient to confer standing. While agreeing that the Seventh Circuit appears to have held that an increased risk of harm can confer standing in Posciotta v. Old Nat’l Bank Corp., it found that the later-decided Clapper case compelled rejection of this position. (Citing Strautins v. Trustwave Holdings, Inc., (N.D. Ill. 2014).

Finally, the Appellate Court found that alleged “appreciable emotional injury” did not confer standing on the plaintiffs. Specifically, the Appellate Court found that, because the purported emotional injury did not flow from an “imminent, certainly impending, or substantial risk of harm,” it could not, on its own, confer standing.

Implications for Employers

This case is welcome news for Illinois employers, who can use this case to defeat consumer and workplace class actions based on technical violations of state laws without any resulting harm to consumers or employees. Outside of Illinois, if the U.S. Supreme Court interprets federal standing requirements as the Illinois Appellate Court did, employers could be handed a significant win in the Spokeomatter. If Spokeo is decided as Maglio, employers nationally should have a powerful tool to achieve dismissal of class action lawsuits based on technical violations of both federal and state consumer and worker protection laws. Stay tuned.

This column previously appeared on the Seyfarth Shaw LLP website.

Smaller Companies At Higher Risk of Employee Theft

Posted on by

While every organization is at risk of employee theft–with the typical company losing 5% of revenue to fraud each year–smaller organizations with less than 500 employees (72%) were the most targeted.

According to The 2015 Hiscox Embezzlement Watchlist: A Snapshot of Employee Theft in the U.S., of the smaller companies targeted, four out of five had less than 100 employees and more than half had fewer than 25 employees. Smaller organizations also had the largest losses, according to the survey. Financial services companies were most at risk (21%), followed by non-profits, labor unions and municipalities.

Hiscox noted steps organizations can take to minimize employee theft, adding that this is most important for small- to medium-sized businesses, which can be more impacted by theft. In fact, the survey found that 58% showed no recovery of their losses.

Perpetrators of crime include tellers, bookkeepers and office managers. There is also a wide variety of schemes that have been used. 

Mastering IT Risk Assessment

Posted on by

The foundation of your organization’s defense against cyber theft is a mastery of IT risk assessment. It is an essential part of any information security program, and in fact, is mandated by regulatory frameworks such as SSAE 16, SOC 2, PCI DSS, ISO 27001, HIPAA and FISMA.

Compliance with those frameworks means that your organization not only has to complete an IT risk assessment but it must also assess and address the risks by implementing security controls.

In the event of a breach, an effective IT risk management plan—which details exactly what your IT department is going to do and how they’re going to do it—and implementation of the critical security controls that have the potential to save your organization millions of dollars in direct response costs, legal fees, regulatory fines, and costs associated with rebuilding a damaged corporate reputation.

Evaluating the potential compliance, operational and reputational risks to your organization and then ranking their importance and likelihood is not easy. Even more challenging is developing and then implementing the IT risk management plan. If your IT department is undergoing an IT risk assessment now or strengthening its cybersecurity strategy, look to qualified industry professionals and innovative technologies to help you master the process and stay compliant.

Here are six tips to keep in mind:

1. Get professional help. Hire an independent third party auditor and/or attorney.

buy bactrim online www.arborvita.com/wp-content/uploads/2023/10/jpg/bactrim.html no prescription pharmacy

Your IT hosting provider may even provide compliance and auditing services. These consultants can provide a comprehensive risk analysis, audit assistance and privacy and security guidance, including identifying potential risks, exposures and liabilities.

2. Use private cloud technology to protect sensitive data. Moving all or part of your infrastructure to a professionally managed, compliant private cloud offers benefits that drive business value. Your organization’s data and apps are hosted by experts in an environment that is independently audited for the specific regulatory compliance that you need, which is a big help in passing your own audit. Also, your IT department is freed up to focus on strategic projects without bearing the burden of solving compliant hosting complexities, hassling with maintenance and support, managing staff allocations, and providing expensive training.

3. Invest in annual IT risk assessments. Be sure to work with an unbiased, fully independent auditing team, which typically includes certified engineers and compliance experts. Comprehensive risk assessments pinpoint the many risks faced by your organization and address network security vulnerabilities. They are designed to give you the education, expertise, support and protection that you need to plan your security strategy, pass your audits and maintain a continuously-compliant IT environment.

buy pepcid online www.arborvita.com/wp-content/uploads/2023/10/jpg/pepcid.html no prescription pharmacy

4. Schedule frequent penetration testing and vulnerability scans. These uncover critical IT vulnerabilities and show how well you are protecting your network and data. Ask your auditors, compliance experts or compliant hosting provider to perform monthly or quarterly tests, help you to establish critical processes (such as data encryption and hardened authentication), and develop a clear understanding of how to avoid IT compliance disasters. Get a full report on external, internal and web application testing as well as strategies for remediation.

5. Ensure application security.  A good auditor or compliance team can help secure the design, development and deployment of your web-facing applications by thoroughly assessing any vulnerabilities and addressing design flaws or security gaps that impact compliance. Managing and remediating risks now saves time and money later.

6. Educate employees about security.  Frequent security awareness trainings and daily reminders throughout the workplace will help reduce violations. Your auditor or compliance team should customize a workplace awareness program for your business.

buy priligy online www.arborvita.com/wp-content/uploads/2023/10/jpg/priligy.html no prescription pharmacy

Ensure that the training is situational and fully engaging.

Mitigating Risk with Predictive Modeling

Posted on by

One of most effective risk management philosophies is to work smarter, not harder, implementing holistic tools, such as predictive analytics to ensure it is minimized. More often than not, companies implement blanketed management programs, applying the same strategies to all employees regardless of performance. With this approach, employers waste time and effort focusing on employees who are not at risk, leaving room for at-risk employees to go unnoticed. On an opposing front, many companies use the “squeaky wheel” approach, diverting all of their attention to employees that actively demonstrate troublesome behaviors. While this approach targets a greater amount of at-risk employees, it still leaves room for some to go undetected.

buy rybelsus online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

Alternatively, a strategic employee-specific management program allows employers to identify at-risk employees regardless of how “squeaky” they are. The theory behind an employee-specific management program is simple – monitor your employees for changes that indicative risky behavior.

More often than not, these changes are subtle and undetectable to employers. Even with a team of risk management professionals, the necessary attention to detail is near impossible for companies with thousands of employees. So, how can we efficiently monitor for and detect these subtle changes?

Enter predictive modeling

Predictive modeling is an effective tool that addresses the needs of many industries – turning hundreds of thousands of data points into tangible data that can predict anything from consumer demands to credit scoring and anything in between. Challenging traditional personnel management practices, predictive modeling shines a light on the psychology behind today’s work force.

Predictive modeling has become an essential tool for companies across the globe, playing a role in nearly every industry, from marketing to finance, trucking, and the risk management sector. It provides employers with a unique look into the subtle, yet profound, fluctuations in employees’ behaviors that often go undetected. Examining thousands of data points and trends from past events, predictive modeling possesses the power to identify changes in behavioral patterns and predict the outcomes of future events, arming managers with the knowledge needed to proactively intervene with the right employee, on the right subject, at the right time to avoid events such as workers’ compensation claims and voluntary employee turnover.

With this information on hand, employers are able to replace their blanketed risk management program with a streamlined, employee-specific program, saving time and money—and most importantly, lowering risk. To understand the value offered through predictive modeling, one must understand that most employees would not be classified as “at-risk” at the time of employment. It’s the events that occur after the onboarding that mold the employee’s work behavior and create liabilities.

Notably, it is not just work-related problems that can put employees in the “at-risk” category. Often, medical or personal issues can cause changes in an employee’s work habits and behaviors. Tapping into historical data, predictive modeling is able to detect subtle changes and bring at-risk employees forward for remediation. With this information on-hand, managers can proactively connect with their employees to address an issue before it snowballs into a costly incident.

As one of the most risk-prone industries, the transportation space leverages predictive modeling to monitor employees for unsafe driving behaviors which can result in hefty violation fines and accidents. For example, if a driver is dealing with an ill grandmother, he or she may be paying less attention to the road and spending more time on the phone scheduling doctor appointments and responding to calls. Based on past performance, his or her manager will be alerted that the employee is hard-braking more than usual and spending more time in idle. By opening the channels of communication between the driver and manager, they can work together to identify a solution, whether it be an adjusted work schedule or a reduced workload.

Additionally, predictive modeling can help managers focus on causation rather than correlation. When an incident occurs, many managers tend to put emphasis on what happened, not why it happened. As a result, they often work to fix the correlating issue rather than addressing the root cause.

buy valtrex online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/valtrex.html no prescription pharmacy

By analyzing the data gathered through predictive modeling, managers can reflect on the changes in employee behaviors, corporate management or workload leading up to the incident. Recognizing the fluctuation leading up to the accident, managers can proactively monitor for similar incidents and intervene.

An example of this is a risk all managers dread – workers compensation claims. Many companies have accepted workers comp claims as a cost of doing business, failing to understand the factors leading up to the claim. Prior to filing a claim, an employee may be feeling under-motivated and overworked, often putting in the bare minimum and cutting corners with little attention to detail. The reduced attention span lands him or her in trouble when there is a resulting injury on the job and puts the company at risk for a costly claim. With predictive modeling, the manager is able to identify the changes in the employee’s work performance and identify the root cause. Further down the line, the manager can also monitor for similar situations and proactively work with the employee to make his or her work experience more positive.

As managers continue to look beyond traditional methods to better manage their employees and overall company operations, they will be able to capitalize on innovative technologies, such as predictive analytics, to help retain top talent, reduce risk, and build better, longer-lasting relationships with their employees. With growing adoption of proactive risk management solutions, today’s workplace will continue to become a safer, stress-free environment for all.