Phishing, a scam that feels almost as old as the internet itself, is actually on the rise. In 2018, 26,379 people fell victim to phishing, collectively losing over $48 million, according to a report from the FBI’s Internet Crime Complaint Center. That’s a significant increase from the $30 million that phishing victims lost in 2017. As hackers and fraudsters show no signs of slowing down, your company needs to train all employees to recognize and prevent phishing and related data breaches.

Trust Your Gut

The crux of any phishing scam is to trick victims into believing a request for sensitive or personal information comes from a legitimate source. Phishers typically contact potential victims through emails or text messages that, at first glance, appear real. The message may even use the company’s banner and logo. A close look may reveal flaws, but it’s often it’s too little, too late. All a phishing message has to be is convincing enough – then, it takes just one click to give phishers access to your data.

Phishing messages generally open with a story that creates a sense of urgency or panic and prompts the victim to click on a link or open an attachment. A phisher might send you an email on behalf of your bank regarding “suspicious activity,” or a text that you’re eligible for a government refund – but only if you act quickly enough. In corporate situations, employees may receive an email from someone impersonating a superior asking them to open an attachment, visit a webpage, or purchase a gift card. The scammers don’t expect everyone to fall for it, but they can count on a few people letting their guards down and clicking without thinking.

Still not sure if you could spot a phishing scam in the wild? Here are a few warning signs to look out for:

• An incorrect email address. Phishers often create email accounts with company names in the address that are slightly different from the official email address. For example, a phishing email might be from yurgent@yahoo.com instead of the real address, customersevice@yahoo-inc.com.
• A generic greeting. If you have an account with a business or bank, the email would likely use your first name instead of saying “Hi Dear” or “Hi Customer,” as a scammer might.
• A request for sensitive information. In general, companies will not ask you for information like your Social Security number, account number, or password over email or text.
• A message from a company with which you do not have an account. If you receive an email or text message urging you to update account information for an account that does not exist, it’s at best a mistake and at worst a scam.
• A wrong, but almost right, URL. A phisher might direct you to a website like www.paypa1.com instead of paypal.com.
• Spelling or grammatical errors. While everyone makes a typo here and there, consistent errors are unlikely to remain in official company emails.

When in doubt, don’t click links or open attachments from messages requesting payment or account information, especially when you have no reason to expect there is a problem. You can always search for the company’s contact information online and speak with a trusted representative to determine if the message is legitimate or not.

“It won’t happen to me.”

No one thinks they’ll get scammed – until they do. Intelligent, tech-savvy people can become tired, distracted, or overwhelmed and click without thinking. Falling victim to a scam – especially if the scam results in a significant loss of money – can be humiliating. It’s important that companies are clear that phishing can happen to anyone and that employees should always report phishing attempts, successful or not. During training, reassure your employees that all reports will be confidential and that alerting the company is always better than attempting to resolve the problem alone.

Today, companies handle a lot of sensitive information. There’s no time more critical than now to train your teams on data security, with a special focus on scams like phishing. What’s more, remote working is more common than ever. Compliance training programs can help ensure that employees are protected and compliant, even when they’re out of reach of an IT colleague and using personal devices with weaker antivirus software than that of company computers.

Getting off the hook

While your training should be specific to your company and the particular cybersecurity threats your employees may face in their day-to-day work, there are general tips that apply to everyone.

For employees:

• Never open links or attachments from emails requesting sensitive information
• Never share personal or company information over the phone or via email
• Regularly change your passwords
• Use multi-factor authentication to flag phisher attempts to log into your accounts
• Set your phone and computer software to update automatically
• Report phishing attacks to the FTC at ftc.gov/complaint

For companies:

• Install and update antivirus software on company computers
• Install an ad-blocker or spam filter on company computers
• Encrypt sensitive company information
• Train employees to prevent and report phishing attempts

Want to get a leg up on phishing scams? Talk to the Interactive Services team to find out if our Data Privacy Compliance Training Program can help protect the health of your business.

The post Cut the Line on Phishing Scams appeared first on Compliance Training - Interactive Services.

Let’s face it: Your employees groan at a new round of compliance training. Who could blame them? The typical corporate training is notoriously boring and, in the eyes of busy teams, less important than daily work. But this can change. Training doesn’t have to be something you force your staff to endure. When done right, compliance training can actually increase employee engagement and retention.

We’ve been in the compliance industry for a long time, so we can tell you: Every office is different. However, we’ve identified some tried-and-true ways to execute compliance training that will keep your employees happy and help build a culture where they feel empowered to have a voice, speak up, and hold one another accountable.

Effective Onboarding

New hires enter a workplace naturally uncertain about how their new employer will treat them. Effective compliance training early on can reassure fresh employees that their company is committed to looking out for them, their rights, and their place in the office. For instance, a training program that includes a clear, robust definition of discrimination communicates to new employees, particularly those of minority groups, that their employer understands the kind of workplace problems they could face – and is prepared to prevent or resolve them. Consequently, these new hires will feel confident in their choice to join your team.

Training will also likely be a new hire’s first brush with company culture and your chance to make a positive first impression around important topics like office ethics, core company procedures, and more. If organizations want their team members to uphold a larger business vision, sticking the landing here is where it all starts. When done effectively, new employees are more likely to behave in the spirit of the company, contributing to a cohesive workplace culture that people want to work in.

Preserving a Positive Work Environment

Most people want to do the right thing. The role of compliance training is twofold: It reinforces this good behavior and also dissuades those few employees who may be tempted to act inappropriately from acting at all. What’s more, when good behavior becomes a workplace virtue, team members feel more empowered to call out bad behavior and hold their peers accountable, which can be a serious boon to office culture.

By clarifying definitions and regulations, such as those around harassment, discrimination, fraud or negligence, compliance training can prevent employees from doing things that negatively impact those around them. The training process can also demonstrate to new employees that HR is available and ready to answer their questions, field their concerns, and mediate any conflicts. If your employees take this message to heart, they’ll turn to HR when issues arise, instead of making non-compliant moves that can cost the business and office culture down the line.

Clarifying Rule Changes

Rules can change and evolve quickly, and businesses should expect some employees to have trouble keeping up or just be plain resistant to change. That’s why it’s important to continuously adapt compliance training as norms evolve. As the workplace undergoes changes, make sure it’s clear to your team that their company is on their side and working for them.

Consider gift-giving: For a long time, it was common practice to woo prospective clients with lavish meals, entertainment, and other luxuries.  Today, things are a bit different. In some offices, this sort of treatment is considered inappropriate – or, at worst, bribery. Does this mean everyone has stopped taking clients out? Not at all, but many companies have put a dollar maximum on client dinners or gifts that employees may accept. In the case of a change like this, routine compliance training can keep your teams up to speed and make sure employees are not non-compliant due to lack of awareness.

Connecting with Culture

Gift policies are simple when compared to the more pressing cultural issues an office may experience, such as sexual harassment, workplace discrimination, or microaggressions, to name just a few. Mitigating prohibited behavior is a constant challenge for HR departments, but it’s important to stay vigilant if you want to keep employees on board. Though not necessarily a cure-all solution, compliance training can be an invaluable tool to this end.

For organizations that want to ensure a healthy office culture – or transform one that has veered off course – customized compliance training can be particularly effective. Every office is different, with its own team dynamics, politics, and hierarchies. Tailored courses can account for these nuances and offer paths to compliance that make sense in the context of your team’s day-to-day.

First Steps

Compliance training plays a crucial role in shaping and preserving a workplace where all employees feel safe and supported. With the right program, you can successfully retain talented employees and attract new ones.

Before your company can utilize compliance training to increase employee retention, you have to get employees to participate. Read this article for suggestions on how to foster active employee participation in compliance training.

The post How Compliance Training Can Keep Your Teams Happy appeared first on Compliance Training - Interactive Services.

The California Consumer Privacy Act (CCPA) marks a new chapter in the global privacy and compliance conversation. Considered by many to be the General Data Protection Regulation (GDPR) of the US, CCPA was signed into law in September 2018 and officially went into effect on January 1, 2020. At its simplest, the Act aims to protect California consumers’ personal information from businesses that collect user data.

Regardless of whether your company is headquartered in California, CCPA is a big policy shift that you should understand. Keep reading to learn more about this new regulation and what it means for your organization’s compliance program.

Breaking Down CCPA

Under this new law, a business that serves or employs residents of California and collects personal data about consumers must:

• Disclose what personal information it collected, from where it was collected, for what purpose, and with whom it shares that data, after receiving a consumer request
• Disclose the consumer’s right to delete personal information, either on its website or in its online privacy policies
• Comply with a request by a consumer to delete their personal information from its records and direct third parties to delete that information from their own records
• Disclose to consumers whose data it sells, what personal information was collected, sold, or disclosed for a business purpose, and to which third parties it sold the information
• Refrain from selling the personal data of consumers who exercised their right to opt-out to third parties

Under CCPA, businesses cannot discriminate against consumers who exercise any of these rights. The Act requires companies to make two or more methods for submitting information requests available to consumers, to deliver requested information within 45 days, and to resolve violations within 30 days.

The penalty for each violation is $2,500 unless the violation is found to be intentional. In that case, the penalty is $7,500. All fines will be deposited into the Consumer Privacy Fund, a special fund created specifically to offset the costs of enforcing CCPA guidelines.

Some organizations are exempt from these requirements. These include:

• Banks
• Brokerages
• Insurance companies
• Credit reporting agencies
• Healthcare providers, covered entities, and clinical trials

Though CCPA sets strong regulations for protecting consumer information, it does clarify that its privacy requirements do not prevent a company from using personal information to complete a transaction with a consumer, stop illegal activity or security threats, exercise free speech, or utilize collected data for “solely internal uses.” As such, your first step should be to determine whether your company’s collection of consumer data falls into one of these categories, or if your company will have to comply with CCPA’s new standards at all.

Distinguishing Privacy Laws

The General Data Protection Regulation (GDPR) is a European Union regulation that went into effect in 2018 to protect personal data from companies and organizations that process user information. Many have drawn a parallel between GDPR—the preeminent global privacy law—and CCPA—the US’ newest (and most stringent) privacy law.

GDPR-compliant companies may have an easier time making changes to comply with CCPA, as they are likely to have systems for handling consumer data and meeting compliance already in place. However, CCPA goes further than GDPR in its right to opt-out, and the differences in scope, enforcement, and extent of corporate responsibility are enough to warrant a dedicated focus on CCPA compliance, no matter your company’s history with GDPR.

Complying with CCPA

According to the Data Protection Report, the primary significance of CCPA is the precedent it sets for a “sweeping” definition of personal information. Beyond standard pieces of data like name, address, and email, CCPA defines personal information as including browsing and search history, purchasing tendencies, and geolocation data. Moreover, the law includes any “inferences” used to “create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” as pieces of personal information.

Given this broad categorization of information for which consumers have a right to privacy, businesses must begin training employees to meet compliance. Forbes outlines an example nightmare situation that non-compliant companies could face under CCPA. Imagine your company has failed to deliver on 1,000 customer requests to delete their personal information. You have 30 days after being notified of your non-compliance to delete this information or face $7.5 million in civil fines if a court determines your business intentionally violated CCPA. If a court finds your violation was not intentional, you’ll have to pay $2.5 million – still no small sum.

If GDPR is any indication, regulators are serious about compliance. Don’t find your firm on a list of the biggest fines in CCPA’s first year.

Moving Forward with CCPA

This new law requires attention, not to mention company resources. Invest in a worthwhile compliance training program that will effectively prepare your employees and protect your company in the era of CCPA.

At Interactive Services, we’ve built a CCPA compliance training program that engages users with customized lessons, relevant examples, and clear instruction. Talk to us to see if our program is right for your company.

The post CCPA: Are You Ready for California’s New Privacy Law? appeared first on Compliance Training - Interactive Services.

It’s a new year and a new decade full of potential for growth and opportunity. In the spirit of looking ahead, we’ve identified the top compliance training trends to look out for in 2020. Getting the jump on these now will help keep your compliance training relevant and effective and will demonstrate the value in training beyond just meeting requirements to your employees.

As we get into the swing of things in 2020, keep these trends top of mind.

Cybersecurity will be a top priority

High-profile instances of cybercrime in 2019 mean organizations will act more proactively in 2020 to thwart online threats. Consider last year’s rash of Apple gift card scams, where fraudsters compelled victims to make false emergency payments over the phone by purchasing Apple App Store and iTunes gift cards – some for thousands of dollars. Victims would share the card numbers to “complete” the payment, allowing the thief to make off with the cash. As a result, Target, grocery stores, and other marketplaces began warning customers to be wary of the scam.

The lesson is this: Cybercriminals are crafty, and normal people often don’t realize a con until it’s too late. Organizations can’t count on their employees to identify scams until they’ve trained them to do so. To protect corporate, client, and personal data, teams need to both leverage technology, like antivirus software and encryption, and also receive training to make them more capable of spotting suspicious activity before it becomes a threat.

Companies will get more data-compliant

It’s been two years since the EU put the General Data Protection Regulation (GDPR) into effect, and data rights continue to be an important consumer issue. Moreover, with the California Consumer Privacy Act (CCPA) in effect as of the new year, businesses can expect to see more and more pressure to be transparent in how they collect and use consumer data.

If your firm collects personal information from users or consumers, now’s the time to start standardizing your privacy policy and code of conduct to account for changing regulation and consumer expectations around data privacy. Obviously, if you’re expected to abide by GDPR or CCPA, it’s important to get and stay compliant. However, if your company is not required to comply with any set regulations just yet, you may still want to preemptively train your employees so they are ready to comply with the additional data privacy regulations we’ll likely see in the coming years.

AI training will jump more hurdles

It seems like AI is poised to transform every industry, and compliance training is no exception. Intelligent systems are already being used to enhance non-compliance detection and, in the future, could make it easier to personalize training at scale, allowing for tailored curriculums made for specific employees, organizations, or laws. That potential considered, there are still several hurdles to clear before embracing—and expecting employees to embrace—AI.

According to Oracle’s AI At Work study, only 6% of HR professionals and 24% of all employees use AI in their day-to-day work. Yet the study also found that 93% of people would trust orders from a robot, leading researchers to question the gap between the strong consensus on the potential of AI and the low rate of AI adoption.

Research says fear of change may be behind that discrepancy. An estimated 90% of HR leaders said they are worried that they won’t be able to adapt to AI in the workforce or support their employees in making the same shift. Even so, many of these same HR leaders (79%) agree that failing to adopt AI creates a missed opportunity to improve productivity, close skill gaps, and retain employees. This leaves HR professionals and employees alike torn between two bad options: falling behind without AI or struggling to keep up without proper training. To effectively embrace AI, your company will have to invest in robust and effective training programs that ensure the success of your company’s AI adoption.

As your company searches for the right AI training program, stay cognizant of the concerns around AI. Your employees may have worries about encoded discrimination, the extent of machine listening that in-office AI may involve, or even just being “automated out.” Address these concerns honestly and with clear, accessible information, and your employees will feel more confident in your company’s ability to lead them through the transition.

The crypto compliance conversation will continue

As cryptocurrency grows in prevalence, regulation of the emerging currency will continue to develop.  Right now, regulation of the crypto market is, compared to conventional markets, slim. For many, if not most cryptocurrencies, that’s by design. This poses a unique challenge for HR and compliance professionals who want to clarify policy and outline best practices for employees.

Determining compliance for cryptocurrency transactions is especially complicated for companies that conduct international business. Two countries may have vastly different approaches to cryptocurrency, whether it’s an outright ban (such as in Morocco and Vietnam) or more formalized support and regulation (such as in Spain and Luxemburg). Even so, most countries agree that the rise of cryptocurrency calls for stronger protection against fraud and money laundering.

As you select a cryptocurrency training program, consider including anti-money laundering (AML), anti-fraud, and cybersecurity training to provide your employees with a comprehensive understanding of cryptocurrency compliance. Setting your own standards for your employees may be an effective approach until standardized rules and laws are passed. However, you can communicate to your employees that they should be prepared for rules to change and that your company will offer updated training if changes do occur.

Employees will get even more culture-minded

Modern job seekers expect organizations to stand for something and have a set of values. According to Glassdoor, the Best Places To Work in 2020 are companies that “stand out for promoting transparency with employees… and providing work driven by impact and purpose.” From adopting more eco-friendly policies to implementing socially responsible investment choices, companies are eager to prove that they do business with a set of values in mind.

Employers who want to attract and retain talent in 2020 will have to understand and define what their internal culture is, especially as an even more cause-driven Gen Z enters the job market. Compliance training presents a unique opportunity to show potential and existing employees that your company values ethical behavior. Effective training that is specific to your company and engaging to your employees can help bolster an image of conscientiousness, awareness and transparency, as well as offer a consistent set of values to all members of your ranks.

Social Media will continue to blur the line between employees personal and professional lives  

Whether in the office or online, employee behavior reflects the organization. That gets complicated with social media in the mix. Ultimately, a personal Facebook or Twitter is not exclusive from an employee’s professional identity, and therefore not exempt from professional standards. However, standards can’t be enforced by an employer unless employees are made aware that they are being held to a standard at all – else you seriously risk damaging trust.

Quality online compliance training will be increasingly important, and should be frank, non-accusatory and should educate employees on appropriate online behavior with examples of positive- and negative-impacting content. Also, proper compliance training can instruct employees on the importance of checking sources before posting and can clarify company policy on what kind of social media content would warrant disciplinary action.

The post Foresight is 2020: Looking Ahead to 2020’s Compliance Training Trends appeared first on Compliance Training - Interactive Services.

The #MeToo movement brought workplace sexual harassment prevention to the forefront of the international consciousness and sparked a conversation about workplace ethics and conduct. But it didn’t stop there. Today, many organizations around the world are continuing to shape and reshape their policies, gain a greater understanding of the threats and mistreatment their employees face or could face, and attempt to resolve issues before they become a problem.

Still, whether you’re reshaping your workplace sexual harassment prevention policies or building a program from the ground up, it can be difficult to know where to start. Here are some resources and guidelines to help you.

Policies: Your company handbook and beyond

The first resource you have at your disposal is your own company policy. It may have been in place for decades or longer, so it’s probably time to revisit it, especially in light of new laws and circumstances. Pull out aspects that seem to be working and take a long, hard look at those that aren’t. It’s a good idea to get the input of a chief compliance officer or chief integrity officer — who should be involved in any workplace sexual harassment prevention program overhaul anyway. You should also involve your human resources and legal teams to gain better insight into the requirements your policy must meet.

Another helpful tool can be your staff. An anonymous survey can allow you better understand issues in your workplace of which you may not even be aware. Ask your employees questions about whether they’ve experienced workplace sexual harassment at your company, whether they felt comfortable reporting it, and if the issue was resolved to their satisfaction. Make it clear that the feedback they provide is truly anonymous.

State and federal policies

Another important tool you should use when reshaping your policies is state and federal laws. Several states, including New York and California, have recently overhauled their requirements, including workplace sexual harassment prevention training specifications. When you revise your company policy, be sure to take your state’s laws, as well as the federal laws, into account, ensuring that it meets (and preferably exceeds) the requirements.

Defining roles

People are also important resources for establishing a workplace sexual harassment prevention program and policy at your organization. Consider the roles involved. They include:

• Your chief integrity/compliance officer

This person should be integral in shaping the policy and procedures and should have a clear agenda to promote a healthy company culture. If an employee violates the policy or someone reports an incident, this executive should be the go-to person for handling and resolving the issue.

• Management

There should be a clear chain of command for reporting incidents, and managers should have defined roles. They must know how to handle matters employees bring to their attention, usually as a result of training.

• Employees

Employees should be able to recognize and report sexual harassment when it occurs without fear of retribution. Again, training is crucial to ensuring that employees understand what constitutes sexual harassment. This includes people who witness actions that violate your workplace sexual harassment prevention policy as well — bystanders have a responsibility to report incidents, too, and should be able to do so without fear of retaliation.

• Your entire organization

From your board of directors to the interns, everyone has a fundamental role in ensuring that people feel comfortable and safe in the workplace. It is everyone’s duty to promote a culture of integrity and awareness.

Reporting procedures

Reporting procedures are an important reference tool to help you ensure that you’re investigating and resolving issues completely. As with your policy (which should include these procedures in clear language), your current procedures may require an overhaul, but they’re a good starting point. Ultimately, these procedures should offer:

• Complete guidelines for reporting harassment, including the channels involved
• An explanation for how the complaint will be handled and investigated
• An assurance of confidentiality for the complainant, whether it’s the victim or a bystander
• Clearly articulated consequences for misconduct
• A summary of the personnel involved in handling complaints and their roles

Training, awareness, education, and prevention

Training is one of the most important and useful steps employers can take to ensure awareness and prevention. Through a comprehensive training program, employees will learn what sexual harassment entails — after all, there are many “gray” areas — proper conduct and responsibilities in the workplace, how to be part of the solution, and what to do in the case of a violation.

Many states have very specific requirements when it comes to the number of hours, content, and type of workplace sexual harassment prevention training managers and employees must receive. For example, California requires all employers with five or more employees to receive at least one hour of sexual harassment and abusive conduct prevention training or two for managers at least once every two years, among other stipulations. Programs such as Interactive Services’ Sexual Harassment Prevention for All 50 States can help you ensure that you’re meeting your state laws and keeping your employees safe.

The post Resources for Sexual Harassment Prevention in Your Workplace appeared first on Compliance Training - Interactive Services.

Introduction

In July 2018, the UK government commissioned Frank Field MP, Maria Miller MP and Baroness Butler-Sloss (the former president of the Family Division of the High Court) to undertake an independent review of the Modern Slavery Act 2015; their final report and recommendations were published in May 2019.

The report makes clear that the Modern Slavery Act has not achieved its intended effect of ensuring that there is no slavery or human trafficking in UK businesses or their supply-chains.  It asserts that it is ‘time for the Government to take tougher action’ and must act ‘quickly and effectively’ to ensure thousands of victims of modern slavery in the UK are protected.

In response to the review, on July 9^th 2019, the government announced; ‘The UK government has committed to strengthening section 54 (transparency in supply chains requirements) of the Modern Slavery Act. We are gathering views on proposed measures intended to increase transparency and compliance, improve reporting quality and extend the scope of the legislation.’

It seems clear that new legislation will soon be enacted which will place additional pressures on businesses operating in the UK.  Compliance training will be essential if firms are to understand their obligations with regard to the Modern Slavery Act.

The Modern Slavery Act 2015

In 2015, Home Secretary Amber Rudd introduced the new legislation: ‘Modern slavery is a heinous crime and tackling it is a top priority for this Government and for me personally as Home Secretary…But my message is clear. Businesses must not be knowingly or unknowingly complicit in this horrendous and sickening crime.’

Section 54 of the Modern Slavery Act 2015 places obligations on UK businesses with a turnover of £36 million or more to ensure that their businesses, and their supply chains, are free from modern slavery. They must also include a “modern slavery statement” in their annual report; a link to the statement has to be included on their business website. The statement must set out any steps they have taken during the financial year to ensure that modern slavery is not occurring in their supply chains and in their own organisation.

A guide to the Act can be found here.

Business Compliance with the Modern Slavery Act 2015

The modern slavery statement must be “written in simple language that is easily understood” and include all the steps, if any, that the business has taken. It could include:

• The structure of the business and its supply chains
• Policies in relation to slavery and human trafficking
• Due diligence processes in relation to slavery and human trafficking
• Those parts of the business and its supply chains where there is a risk of slavery, and the steps taken to assess and manage that risk
• The business’s record in ensuring that slavery and human trafficking is not taking place, as measured against performance indicators

Findings of the Independent Review

The review was positive about the intent of the modern slavery law, describing it as “an innovative piece of legislation that has influenced parliaments across the world”.  However, it said that the section targeting businesses has had limited impact because of a lack of enforcement or consequences; there are no direct penalties for not complying with the law, and although businesses are required to produce statements, these can simply state that they have taken no steps to address modern slavery in their supply chains.  ‘While [the Modern Slavery Act] has contributed to greater awareness of modern slavery in companies’ supply chains, a number of companies are approaching their obligations as a mere tick-box exercise, and it is estimated around 40 per cent of eligible companies are not complying with the legislation at all.’

‘Stakeholders were clear that the lack of clarity, guidance, monitoring and enforcement in modern slavery statements needed to be addressed to increase compliance and quality. We agree and recommend that companies should not be able to state they have taken no steps to address modern slavery in their supply chains, as the legislation currently permits, and that the six areas of reporting currently recommended in guidance should be made mandatory. We also recommend that Government should set up a central repository for statements; that the Independent Anti-Slavery Commissioner should monitor transparency; sanctions for non-compliance should be strengthened; and that Government should bring forward proposals for an enforcement body to enforce sanctions against non-compliant companies.’

Recommendations

The final report’s recommendations concerning the Section 54 disclosure/transparency requirements can be found in full on pages 39-47 of the report.

• Scope clarification – the Government should establish an internal list of companies in scope of Section 54 and check with companies whether they are covered by the legislation; non-inclusion in the list should not be an excuse for noncompliance, i.e. individual companies should remain responsible for determining if they need to produce a slavery statement;
• No steps taken abolition – Section 54(4)(b), which allows companies to report they have taken no steps to address modern slavery in their supply chains, should be removed;
• Mandatory coverage areas – in section 54(5) ‘may’ should be changed to ‘must’ or ‘shall’, with the effect that the six areas set out as areas that an organization’s slavery statement may cover will become mandatory. If a company determines that one of the headings is not applicable to their business, it should be required to explain why;
• Coverage areas template – the guidance should be strengthened to include a template of the information organizations are expected to provide on each of the six areas that a slavery statement (currently) may cover;
• Future steps inclusion – the UK government official guidance should make clear that reporting should include not only how businesses have carried out due diligence to prevent modern slavery in their supply chains but also the steps that they intend to take in the future;
• Supply chain coverage – the legislation should be amended to require companies to consider the entirety of their supply chains in respect of modern slavery. If a company has not done so, it should be required to explain why it has not and what steps it is going to take in the future;
• Annual financial reports coverage – the Companies Act 2006 should be amended to include a requirement for companies to refer in their annual reports to their slavery statement. Section 54 should be amended to impose a similar duty on non-listed companies that meet the £36 million threshold but would not be captured by the Companies Act 2006 reporting requirements;
• Board member responsibility – businesses should be required to have a named, designated board member who is personally accountable for the production of the slavery statement;
• Compliance failure criminalization – failure to fulfil slavery statement reporting requirements or to act when instances of slavery are found should be an offence under the Company Directors Disqualification Act 1986;
• Government statement repository – there should be a central government-run repository where companies are required to upload their slavery statements, which should be easily accessible to the public and free of charge;
• Compliance role for Commissioner – the ‘Independent Anti-Slavery Commissioner’ should monitor businesses’ compliance with the Section 54 compliance disclosure/transparency requirements;
• Further sanctions over time – the Government should make the necessary legislative provisions to strengthen its approach to tackling non-compliance (with Section 54), adopting a gradual approach of initial warnings, fines (as a percentage of turnover), court summons and directors’ disqualification. Sanctions should be introduced gradually over the next few years so as to give companies time to adapt to changes in the legislative requirements;
• New enforcement body – the Government should bring forward proposals to set up or assign an enforcement body to impose sanctions on non-compliant companies that fail to publish a slavery statement; fines levied for non-compliance could be used to fund the enforcement body; and,
• Procurement ban – the Government should strengthen its public procurement processes to make sure that non-compliant companies in scope of Section 54 are not eligible for public contracts.

The Future

In its response to the review, the government announced a public consultation on proposed changes to the Modern Slavery Act 2015, specifically with regard to transparency in supply chains.  This consultation closes at midday on 17 September 2019.

Responses to the consultation are invited at: https://www.homeofficesurveys.homeoffice.gov.uk/s/06W8A

Meanwhile, in anticipation of imminent measures to strengthen the legislation, businesses need to take stock and ensure that they have solid and defensible modern slavery practices in place. The two starting points here are to have in place a modern slavery policy and to undertake compliance training.

Some Warning Signs That Modern Slavery May Be Taking Place

(from Gold S, Trautrims A, Trodd Z. (2015) Modern slavery challenges to supply chain management. Supply Chain Management: An International Journal, 20(5): 485-494.(DOI: 10.1108/SCM-02-2015-0046)

It is advisable that supply chain managers, auditing teams, and certification bodies take an especially careful approach if one or more of these conditions apply:

• Low worker protection due to inadequate laws, enforcement, and government accountability
• High percentage of working poor
• Lack of other employment opportunities and domination of labour market by one or a few employers
• Agent-based recruitment of labourers
• Social acceptance of worker exploitation
• Widespread discrimination against certain groups of workers
• High percentage of migrants or minorities in the workforce
• Location of production activities in conflict zones
• High proportion of low skilled labour in industries such as raw material extracting and/or processing industries

The post The Independent Review of the Modern Slavery Act UK; the Government responds to calls in the Final Report for tougher government action. appeared first on Compliance Training - Interactive Services.

Classroom tuition was not an option.  Even small and medium-sized companies find it difficult to have key members of staff unavailable simultaneously for the time needed to complete classroom courses, and major organizations rarely use it; online training allows the trainees to study at times that fit in with their job functions and schedules, and to spend as much or as little time as necessary at their computers, or other devices.

Interactive Services designed and built a digital version of its modular course that could be accessed by the widest possible variety of appliances, which meant that students could work as and when the opportunities arose.  With so many students to be trained, it was inevitable that there would be a range of abilities and experience, and the course had to take account of this.  Also, with regulations changing so frequently, the course needed to be designed in such a way as to allow for frequent adaptations.

The aim of the course was to enable managers and team leaders to conduct effective and legal investigations at every level.  There are five main modules; Investigative Standards, Case Management, Planning an Investigation, Conducting Interviews, and Closing an Investigation.  By the end of the course, the trainees were competent to conduct investigations in accordance with the Company’s standards and understood the processes involved in the various stages of those investigations.  They had been trained in interviewing techniques and knew the procedures for closing an investigation.

When questioned about their experience of the course, the students said that it had been enjoyable and easy to understand and remember.  They liked the videos, the job-aids, and the resources, and we’re confident that, following the training, they could conduct investigations in an efficient and timely manner.

They were also able to provide a thorough recap of the facts that had been gathered.

Key findings from the design and implementation of this training included:

• The high value in providing blended-learning (videos, job-aids, resources, knowledge checks and documents); the impact is high learner-engagement and positive evaluation response.
• The importance of ease of access and navigation of the content, which enhance engagement
• Mobile-friendly content is important in increasing access and availability.
• On-demand access to the resources and job-aids reinforces learning.
• Reporting and measurement are critical to evaluating learning needs and leadership support.
• The technological challenges posed by global operations need to be understood and taken into account.
• The time invested in the front-end assessment of the target audience, their learning needs, limitations, and technology capabilities was crucial to the project’s success.

Feedback from the students on the course was that it had been enjoyable and easy to understand and remember. They liked the videos, the job-aids, and the resources, and were confident that, following the training, they could conduct investigations in an efficient and timely manner. Because they do not conduct investigations day by day, they need to be able to access tools and resources at any time when an investigation arises, and they need to have examples to hand so as to be able to model the behavior expected.

The success of the training is amply demonstrated by the company’s plan to increase the number of users launched in a single day from 3,200 to 8,000, taking the total count to over 15,900 users, and to make the training available in 3 additional languages (Spanish, Japanese, and Mandarin). Ultimately, the plan is to expand the training into even more of the areas in which this global company operates.

The post American Retail  appeared first on Compliance Training - Interactive Services.

All organizations must understand the laws around sexual harassment prevention, and prioritize training to minimize issues and ensure that everyone is aware of the protocol in place for handling incidents that do occur. That being said, sexual harassment prevention is an integral part of compliance training, as it is key for creating a safe work environment and respectful company culture.

So, what can employers do to combat sexual harassment in the workplace?

Top Tips for Sexual Harassment Prevention

1. Know the laws.

Last year, 32 states passed legislation establishing, overhauling, or augmenting sexual harassment policies in place. For example, in California, employers with five or more employees must provide sexual harassment training for at least one hour to non-supervisory employees and two hours to supervisors, among numerous other requirements.

It is imperative that employers know their state laws and comply with them. If you aren’t sure of your state’s sexual harassment training requirements, you can look them up here.

2. Ensure that all employees understand what sexual harassment means.

Some people may not realize that sexual harassment is not limited to unwanted touching or advances. In actuality, sexual harassment encompasses a wide range of behaviors, including lewd and offensive jokes and comments, sending sexually suggestive emails, making sexually suggestive gestures, displaying sexually provocative images, and many others.

Employees must be educated on different examples of sexual harassment that go beyond the obvious. They should also learn about gray areas and nuance within them. Some people may not even know that they crossing lines because they are unsure of what the lines actually are, so organizations must take strides to ensure that their employees understand what sexual harassment really means.

3. Establish a clear policy on sexual harassment.

Your policy should outline the definition of sexual harassment, procedures for reporting violations including the person or persons responsible for handling complaints, and consequences for anyone who violates the policy. The policy should also make it clear that victims or those who speak up by reporting sexual harassment will not be punished and endure any form of retaliation.

Make sure this policy is clear to all your employees by distributing it, posting it in an obvious location, and emailing reminders about it on a regular basis. In order for the policy to be clear — and for you to enforce it — it must be easily accessible to employees.

4. Build a respectful workplace culture.

A workplace that focuses on inclusion is one with which employees want to be associated. It is a place that compels them to do the right thing and treat another with respect and dignity. Organizations should prioritize these values and ingrain them in the mission of the company, as well as work to build a culture that embodies them. People who believe that their employer cares about them are more likely to want to join them in their mission. This type of workplace fosters communication and compassion — ultimately leading to an atmosphere in which predatory and unwanted behaviors such as sexual harassment are less likely to occur.

5. Implement a mandatory sexual harassment training program.

Establishing a sexual harassment training program is the most important step you can take to prevent sexual harassment from taking place and educating your employees about how they need to behave and the consequences that will be enforced if they violate the rules. The training program should include real-life scenarios and examples of what is appropriate and what is not, covering a range of types of situations that apply to managers and non-managers alike. It should also cover the resources available to victims of sexual harassment and procedures for reporting it.

This is an essential step your organization needs to take in preventing sexual harassment and contributing to a healthy atmosphere in the workplace, even if your state laws do not mandate it. All employees must be cognizant of what sexual harassment actually means and entails and understand what will happen if they violate the policy or laws governing it.

Are you looking to implement a sexual harassment training program at your organization? Some organizations develop their own training programs, but expert advice and education can be enormously helpful in facilitating awareness and prevention. Using examples and real-life scenarios, Interactive Services’ Anti-Harassment & Workplace Harassment Compliance Training eLearning course teaches your employees about the definition of harassment, laws concerning it, retaliation, the impact of all types of harassment, and more, with a special focus on sexual harassment in the workplace. Your employees will come away with a better understanding of the nuances of sexual harassment and what kind of behavior is expected of them.

The post Top Tips for Prioritizing Sexual Harassment Prevention appeared first on Compliance Training - Interactive Services.

In this post, we discuss how to organise compliance e-learning and foster employee participation in employee compliance training. If you are responsible for training in the workplace, read on for tips and timesaving suggestions.

Understand the why

In many work environments, employee compliance training is an annual requirement. In all businesses, it is important. Wide in scope, compliance encompasses areas such as codes of conduct, confidentiality, conflicts of interest, gifts and benefits as well as the ubiquitous Health and Safety regulations. That’s a lot! So how can busy, time-pressed managers be sure that employees buy into the need for employee compliance training and workplace procedures which comply with the law?

Providing access to quality, credible and widely respected training courses forms a major part of the solution.  Understanding the reasons behind training serves to increase learner motivation. It is, therefore, a good idea to advise employees why such courses are important, as well as what knowledge they will acquire. Communicating in this way fosters the perception that employee compliance training is worthwhile.

Last but not least, the employee compliance training ought to be interesting and targeted to their needs – not dry, boring or repetitious.

Topics for Employee Compliance Training

Modern compliance course catalogues often list an overwhelming number of compliance titles. The good news is that it’s now possible to mix and match topics to suit regulations and staff across the globe. Topics you might want to mix and match include:

• Anti-harassment.
• Discrimination.
• GDPR (the General Data Protection Regulation).
• Financial compliance.
• Business Ethics.
• Competition Law.

Anti-harassment and Discrimination

In a world of choice and diversity, harassment constitutes hostile behaviour because of whom someone is – whether initiated by employers, co-workers, client or members of the public. Over the past few years, most countries have introduced legislation that penalises non-compliance.

Because actions, spoken words, written messages and social media posts could convey discrimination or harassment, even inadvertently, employers should have a policy that is clear and easy to understand. It should be designed to deal with harassment quickly. In today’s inclusive work environments, insensitivity and ignorance is not an excuse. Sexual Harassment training is now mandatory in many US states.

Health and Safety

Clearly, of prime importance in the workplace, health and safety awareness dictates that we all have a necessary role in minimising risk, avoiding hazards and reporting accidents. Following the suggestions and recommendations in Health & Safety Executive guidance will help prevent or minimise problems, injuries and work-related strain, along with the possible financial costs and inconvenience of legal action.

Notably, workplace safety compliance depends on:

• Setting out standard working practices and rules to minimise hazards.
• Understanding and co-operation with risk management principles.
• Analysis of accidents, incidents and near misses.
• Continuous improvement.

Financial Compliance

Long subject to regulation, financial sector activities ranges from advisory services to insurance, banking and investment management. Compliance training courses for financial service providers include FCA (Financial Conduct Authority) rules and regulations. Other titles cover the Senior Managers & Certification Regime (SM&CR), extended to apply to investment firms from December 2019. These new regimes will see a marked increase in the number of employees subject to regulatory obligations while making senior managers fully accountable.

Similarly, other financial compliance topics cover risk management and anti-money laundering (AML) rules. The European Commission published a directive covering the exchange of information to reduce tax evasion, improve financial transparency and monitor cross-border sales and your Compliance Programs should address these topics if applicable to your organization.

The Benefits of Compliance Training for Your Company

Companies with effective compliance policies tend to have a high brand reputation, higher rates of staff retention and better overall performance than their unprepared competitors. With local market support, excellent communication and a learning interface that is intuitive to navigate, your organisation will benefit from having an effective, world-class compliance programme in place.

Here at Interactive Services, our courses are easy to customise, so they suit your organisational look and match your corporate values. Within your company, good communication will help to reinforce regulatory compliance and boost integrity. With this in mind, our training uses examples of corporate policies and procedures that should be in place, as well as the need for initial and ongoing staff training.

Why Online Compliance Courses?

Online training now plays a significant part in lifelong learning provision. Ideal for motivated students, it offers variety and instant access to the latest course material with self-paced, on-demand lessons. Additionally, our courses are available in multiple languages and come with guaranteed LMS integration, so they work well with leading learning management systems.

When you use a modern, reliable online platform, it is much more convenient to learn at the time and in the location of your choice. Online training saves time and travel costs while enabling you to progress at your ideal pace. In addition to the desktop, laptop and tablet PC interface, as is common in the edtech (educational technology) field, mobile learning is also possible. Thanks to innovative smartphone applications, it is now possible to read and listen to courses during commutes, unexpected delays and free periods.

Delivery of training material online forms part of encouraging a positive compliance culture. This nurturing also applies throughout company values, beliefs, attitudes and assumptions.

Course Content

Compliance course content includes video presentations, text modules and interactive quizzes. Mastery of modules and stages is the key to success. Interactive Services courses follow the three Rs principle to engage and challenge learners while boosting their learning:

• Relevant content.
• Realistic Scenarios.
• Rich media.

Written by experts in the field of compliance, course materials also cover topics such as integrity and ethics. Customisable training modules include sexual harassment to comply with UK law or, where applicable, US legislation with variations for the states of California and New York.

Compliance Solutions for Global Business

With us, companies can count on an extensive course list, designed to meet the significant training requirement and challenges which today’s employees face. Based on two decades of producing global learning solutions, our experts in educational systems design and build award-winning learning solutions. We invite you to join our global client base with more than three million registered learners, focussed on results and successful outcomes. Additionally, we guarantee your satisfaction with a seven-day free trial of your selected course.

Next Steps

If you are a company training officer, HR consultant or manager and would like further details of how our specialists at Interactive Services can work for your organisation, we invite you to call us or contact us here. Rely on us for compliance e-learning programmes of the highest standard, always kept up to date with continually changing work environments and regulations. We will be delighted to help.

The post Compliance Training. The Essentials In Fostering Employee Participation appeared first on Compliance Training - Interactive Services.

GDPR has now been in effect for over a year, and since then, regulators enforcing its regulations for data portability, security, and privacy have begun flexing their muscles – and handing out whopper fines left and right.

Regulators in the US, the UK, and further afield in the EU are all taking GDPR seriously, and you should be, too. Why? Because if you aren’t taking it seriously and don’t have the proper GDPR training, your company could face a fine – just like the companies we’re going to be looking at in this article. Let’s take a look at some of the biggest fines – and near misses – that have happened since GDPR took effect on May 25, 2018.

British Airways – Fined $229.34 Million For A September Data Breach

The Information Commission Office of the UK has announced that it’s looking to slap British Airways with an absolutely massive fine of £183.39 million (US $229.34 million). This fine would be a record for the ICO under new GDPR regulations, as the largest one ever levied against a non-complying company.

This fine comes after an extremely serious security breach, though. In September 2018, it was found that hackers managed to divert official British Airways web traffic to a fake website, where they were able to steal detailed personal data from an estimated 500,000 customers. This information included:

• Addresses
• Login details including passwords
• Payment cards
• Booking details

Because BA failed to recognize this issue all summer, and only realized in September, regulators are arguing that they failed in their duty to protect their customer’s information. And for that, they will be paying an astonishingly high penalty, if the ICO gets its way and this fine of nearly $230 million USD is leveled against British Airways.

Marriott – Fined $123 Million For A Breach Exposing Data Of 339 Million Customers

Not only is British Airways getting hit with a huge fine, but the American-based multinational conglomerate Marriott is also being targeted with an enormous fine for exposing the data of millions of its customers.

The ICO intends to fine Marriott around $123 million USD for a data breach that exposed the data of more than 339 million customers from around the world. In 2014, hackers gained unauthorized access to the Starwood guest reservation database, and were able to siphon off personal information for years. The breach was only discovered – and reported to the ICO – in November of 2018.

Another interesting wrinkle to this story is that Marriot did not actually own Starwood when the breach started in 2014 – the hotel group was still independent when the breach started. However, Marriott merged with Starwood in 2016, making this data breach their problem.

Unicredit Bank – Fined $145,000 For Improper Protection Of Personal Data

Not every data breach is as serious as the two listed above, but no country or organization is immune to the new, stringent data laws of GDPR. In Romania, for example, the first fine under GDPR was leveled recently at Unicredit Bank, after the National Supervisory Authority found that it failed to implement GDPR-compliant measures to protect the personal data of customers.

Documents with personal details like information related to payments, personal identification numbers, addresses and other information were visible, and about 337,042 people were targeted between May and December 2018.

La Liga – Fined $280,000 For “Spy Mode” In Official App

Recently, the top-flight Spanish football league (soccer, for us Americans!), La Liga, was fined more than $280,000 for a “spy mode” was discovered in its official mobile app, and it was found to be violating its user’s privacy.

La Liga gained unauthorized access to its user’s microphone and GPS coordinates, in an attempt to identify their surroundings – and identify when bars were unofficially streaming games without paying for costly broadcasting rights.

The AEPD, the Spanish data regulation authority, found that this violated Article 5.1 of the GDPR – which requires the lawful, fair, and transparent processing of personal data. It also violated Article 7.3, as it did not gather proper consent from customers, and this function was not reported in the app’s description. La Liga will have to cough up $280K, and remove the functionality from their app or correct its violations.

Municipality Of Bergen – Fined $190,000 For One Misplaced File

Need proof that GDPR adherence is important – and that even a single, innocent mistake can cost you big? Look no further than the Municipality of Bergen, Sweden. Though this is not the biggest GDPR fine, it’s one of the largest on a per-record basis – because the municipality was fined more than $190,000 for just one misplaced file.

A student in the public school system found a file in a public storage area with the login credentials of more than 35,000 students and school employees. The school district was found to be violating Articles 5(1)f and 32 of GDPR, and issued a fine in excess of $190K USD.

Equifax – Fined $625,000 For 2017 Security Breach

 This fine was not issued under GDPR regulations, but was carried out under the Data Protection Act 1998, the penalty was leveled against Equifax in late September 2019. $625,000 was the maximum possible penalty under these regulations.

We’ve put this penalty on this list to illustrate an important point. Equifax received this fine for a data breach which affected 15 million UK citizens and 146 million global customers during a cyber-attack in the summer of 2017.

Because GDPR regulations had not taken effect, Equifax narrowly avoided a gigantic penalty. While Data Protection Act 1998 fines top out at £500,000, GDPR has no such limits. If this breach had taken place after GDPR went into effect, Equifax could easily be facing a multi-million dollar fine – like British Airways and Marriott. So they got lucky this time – but if a similar event happens under GDPR, they’re not going to get away with just a slap on the wrist.

Take GDPR Seriously – And Get The Training You Need

As time goes on, GDPR penalties are only going to get steeper. If you are a business operating in any EU member country, you need to make sure that you are taking the proper steps to comply with GDPR.

While the penalties and fines are smaller for small-to-midsize businesses, a large GDPR fine could still have an enormous impact on your bottom line – and with proper preparation and training, these fines can be avoided.

So if you have not yet implemented GDPR training at your company, and have not taken steps towards proper GDPR compliance, you need to do so right away. Regulators in the US, UK and EU are taking GDPR seriously – and unless you want to be hit with a stiff penalty, you need to do the same.

The post GDPR: A Look At Fines (And Near Misses) Since The New EU Regulations Took Effect appeared first on Compliance Training - Interactive Services.