Posts

Showing posts with the label Risk Assessment

Evolving AI Tools and Reliance in the Workplace: Key Developments Employers Need to Know

It started as merely trying out artificial intelligence (AI) tools. Now, more and more employers (and their employees) are relying on AI for their everyday operations, including drafting emails and summaries, screening and ranking applicants, managing employee performance, and answering routine questions. This expanded role has changed AI from a casual acquaintance into a new “co-worker” that can influence employment decisions, outcomes, and experiences. Employers are reviewing AI tools, assessing risks and deciding which tools are authorized in their workplace and for what purpose. Courts and regulators are also reviewing AI tools more closely, focusing on discrimination, transparency, monitoring, and protection of confidential information. AI Is No Longer Just a Tool – It’s a ‘Co-Worker’ As AI becomes embedded in workflows, its role can be difficult for employees to distinguish from the input or output of employees. For example, an employer might not know that some resumes never rea...

The 5-Step Compliance Risk Management Process: A No-Nonsense Guide

Your risk and compliance functions are probably costing you more than they should. Not just in budget, but in drag. When your functions are siloed, they create redundant work, blind spots and a bad habit of reactivity that stops your business from looking ahead. Compliance might feel like it boils down to a series of audits, while risks feel like a vague list of hypotheticals. So, what’s the alternative? Our suggestion is to properly fuse them in your framework. Think of an integrated system where compliance data provides a real-time feed into your risk model – like a weather forecast for business uncertainty. This 5-step risk management process shows you how to build it. Step 1: Conduct a brutally honest risk assessment To build a solid foundation, you need to map your obligations directly to what could actually go wrong – but most risk assessments are too polite. They list regulations and what requirements you need to meet without connecting them to the specific operational points ...

New California Regs Will Impact Your AI and Privacy Policies: FAQs on Automated Decision-Making, Risk Assessments, and Cybersecurity Audits

California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses subject to the California Consumer Privacy Act . The regulations will impose significant new obligations on businesses regarding pre-use notices, opt-out rights, annual cybersecurity audits, and detailed risk assessments. The California Privacy Protection Agency (CPPA) must now submit the regulations to the Office of Administrative Law , which has 30 working days to review them for compliance with the Administrative Procedure Act . Approval is expected. We’ll explain the new requirements for covered businesses and provide key action items to help you comply. Automated Decision-Making Technology (ADMT)   What is an ADMT? An ADMT is any technology that processes personal information and uses computation to replace or  substantially   replace human decision m...

OCR’s Risk Analysis Initiative: Lessons From Recent HIPAA Enforcement Actions

Health care organizations are under pressure to shore up their cybersecurity response efforts. Much of this pressure is coming from the  US  Department of Health and Human Services Office for Civil Rights ( OCR ) , which has made clear through recent enforcement actions that conducting a proper risk assessment under the Health Insurance Portability and Accountability Act ( HIPAA ) Security Rule is not optional. These enforcement actions ratcheted up during the Biden Administration and have continued during the Trump Administration, signaling that risk analysis remains a top compliance priority for organizations charged with complying with HIPAA. HIPAA’s Risk Assessment Requirement and Why It Matters Under the HIPAA Security Rule (as codified in 45 C.F.R. § 164.308), all HIPAA covered health care providers, health plans, health care clearinghouses (covered entities), and their business associates (collectively, regulated entities) must “[c]onduct an accurate and thorough a...