By: Rachel Lau, Social Media & Marketing Associate, Guardian Data Destruction Just like post-surgery checklists that ensure gauze and instruments aren’t mistakenly left inside the body and then trigger a bigger problem, written data destruction operational processes and procedures promote compliance, reduce errors and provide a high level of vendor-supplier trust. In addition, they comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act and other privacy laws as well as records and information management (RIM) policies. In a nutshell, it’s best practice! What are “data destruction processes” anyway? Fortune 500 companies often require process documentation from their vendors to understand employee background screening, EHS (environmental, health and safety) plans, and, for high value equipment or data-bearing products, procedures for audit and document control (including Chain of Custody, Asset Transfer Forms, Certificates of Data Destruction, Erasure and/or Recycling. Clients and partners may also want to know device quarantine procedures, step-by-step shred operations (including inspecting the trucks when a job is complete), serial number audit and verification and information security. And it can be esoteric too. Lately, we’ve seen requests for policies that describe the type of company we are. These asks include our stand on quality, environmental sustainability, social responsibility, human rights, diversity, anti-bribery and corruption. What is the purpose of a written policy? Compliance. Our partners and their customers want to be assured that their data destruction (or logistics, packing and shipping) is going to pass an audit or other high jump test. Simply put, they want to ensure that, by employing us, they’ve followed legal and industry standards to ensure that their data, business and customers are not at risk. We know that our standards meet and possibly exceed the request. And, if we don’t, let’s improve. Assured level of professionalism. Why trust your data to someone questionable? A process audit can take that challenge off the table from the get-go. If you work with a NAID AAA certified data destruction partner like Guardian Data Destruction, they’ll have a vetted set of policies in place (and that are followed), so that you’ll feel comfortable with your own end-of-life, end-of-lease, equipment migration projects. Consistency. Enterprise companies want a vetted, known process for all their locations whether it’s in New Jersey or California — every time. No matter the location or appointment, they want to be assured that the mobile shred truck that is coming to shred their hard drives, SSDs, tablets, etc. is set up the same way, following the same rules and providing the same documentation. Customization. End-clients in highly regulated or high profile markets have very specific, very particular policies that mirror the procedures that their IT, legal and compliance teams have developed based on their own experiences. For Guardian, modifying a policy to improve data security and comfort for a particular client is never a problem and tracking those policies year after year is only good business. Alignment. When Guardian is asked about our guidelines on quality, charitable giving, health and safety and other positions that reflect our company values and mission, we are happy to supply and comply. Who asks for company processes and policies?
Processes and policies protect everyone Any company contracting for data destruction or live data relocation services (whether it’s servers or laptops) wants to be assured that their service providers are looking out for them and their data is safe. The written processes are an essential part of the vetting process. Because the policies are protection. For everyone. We share what we’re going to do and how we do it. No surprises. For anyone. That means, it’s not enough to have a policy that is pulled out and dusted off if it’s asked for. At Guardian, we follow our policies. We enforce them. We review them annually or after an incident. We look to improve and update them regularly. For VARs, ITADs, end-clients and any service provider we work with, we invite you to ask us for our policies for the next job. Not only are we delighted to share them, we’re happy to listen to any suggestions you may have. 100% compliance and 100% protection mean 100% cooperation.
0 Comments
By: Joseph Imperato, Sr., Partner, XSolutions Consulting Services, LLC Results of Verizon’s Recent Survey Verizon recently summarized its research findings in a newly released Mobile Security Index 2021 report. They surveyed 856 IT professionals across many disciplines Here’s what they found:
What Do The Above Results Mean? Plain and simple: The majority of workers aren’t doing what needs to be done to secure personal and professional information. 45% believe their companies were rushed to mobilize remotely and sacrificed security in the process is a significant cause for concern. With all of the advances in technology, you would have thought that working from home was becoming more common and that IT departments were ready to implement. Apparently not. Why Businesses Fell Short During COVID 19 IT Departments did not foresee a long-term lockdown and the need for a forced work-from-home to survive strategy. I could bet that this scenario was not included in any written Disaster Recovery Plans! Had they included long-term work-from-home scenarios in their disaster planning, they would have seen the need to harden home networks, just like protecting the corporate infrastructure. They would have also issued and secured mobile devices to maintain security when accessing company networks remotely. Although the Pandemic took the world by surprise, Disaster Planning should have foreseen lockdowns, whether due to pandemics, or natural disasters, as a risk, and companies should have planned accordingly. Is Remote Working Here To Stay? In some form, it will be; time will only tell how extensive. As the country reopens, it will be interesting to see which companies require a total return to the office, embrace a total remote footprint, or use a blended approach. We’re likely to see all three of the above scenarios as some companies realize that they can get the job done without paying for the overhead and costs of maintaining physical offices. Working-From-Home Has Increased The Threat As mentioned (many times) before, this new business landscape meant ample opportunity for hackers to take advantage of our uncertainty and the general public’s lack of knowledge in cybersecurity matters. Mobile phones became the primary way of communicating for many remote workers, but when was the last time you considered the device’s cybersecurity risks? And that smartwatch that is linked to your device? Another door that might get left open accidentally to your information. It isn’t that you aren’t trying to be diligent at all times; it is just that the connection to a virus or ransomware may have been embedded into your psyche when it comes to using laptops or desktop computers, but your guard may be down as you use mobile devices. Besides, it’s harder to hover over a link when you’re viewing it on your watch, right? And logging in and out on your phone? That’s very unlikely to happen – you leave the apps running in the background all of the time. And, don’t forget the Internet-of-Things (IoT) in your home. Is Alexa listening and recording your business conversations? How To Protect Home Workers
Conclusion The threat is there, it isn’t going away, and we need to collectively work to make the “new normal” safer every day. Stay safe. XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. By: Bill Passarotti, SVP, HUB International Northeast As the COVID-19 vaccine becomes more widely available and distribution progresses, there is a light at the end of the tunnel with a focus on rebuilding. At the same time, employers are tasked with assessing and/or developing a vaccination policy and plan, and learning about the implications pertaining to employment law, compliance, employee well-being and education. Developing a COVID-19 Vaccine Program Successful vaccination programs combine marketing with education to reduce fears and misconceptions. As the vaccines become more accessible, employers have a responsibility to address employee concerns. Organizations can compare COVID-19 vaccination program development to mandated influenza vaccination programs for healthcare workers. Since 1984, the CDC has recommended that all healthcare workers be immunized against influenza. Vaccination rates of at least 80% are needed to prevent infection. While many cases of serious illness and death from COVID-19 occur primarily in older, high-risk individuals, people of any age who have underlying medical conditions are at increased risk. To improve vaccination rates among employees, it is recommended that employers implement the following strategies:
Leadership’s support of vaccination programs and campaigns is extremely important to program success. A company’s leaders can ensure policies are in place, reduce or eliminate barriers to access and implement a culture in which the vaccination is an expected safety and risk mitigation measure. Despite national and international medical recommendations for vaccinating workers, voluntary efforts to vaccinate in healthcare settings have historically been poor. For this reason, some employers may consider requiring their workers to be vaccinated, so long as the requirement accounts for employee protections under federal law. Vaccines & Employment Law Employer-driven vaccination programs require a thorough understanding of employment law, compliance, employee well-being and education. As a general rule, employers, under certain circumstances, may require employees to receive the COVID-19 vaccine. However, there are specific and certain limitations. Primarily, employer vaccination policies are subject to two significant federal laws, The Americans with Disabilities Act (ADA) and Title VII of the Civil Rights act of 1964 – Religious Discrimination, among other legal considerations, such as protections for pregnant employees (with respect to the Pregnancy Discrimination Act or PDA) and Health Insurance Portability Accountability Act (HIPAA) requirements. Building a compliant vaccination program is complex and filled with a myriad of legal risks and pitfalls. It is strongly recommended that employers work with outside counsel when building an employer vaccination program. Workers’ Compensation What happens if an employee experiences a medical complication from the vaccine that was either offered or required by the employer? Under certain circumstances, an employee’s medical complications associated with the vaccine may be deemed compensable and covered by the employer’s workers’ compensation (WC) insurance. Generally, an injury may be compensable when a claimant can demonstrate that the injury can be attributed to some event or circumstances connected with work. An employee who receives the vaccine while at work may be able to demonstrate that the medical complications were “in the course of employment in the sense of continuity of time, space, and circumstances.” Employers should check with their insurance advisor regarding their WC coverage to better understand the compensability of medical complications associated with the COVID-19 vaccine in their state. Since the very start of the pandemic, leading global insurance brokerage, HUB International, has continued to put out timely content to educate our clients on the rapidly evolving COVID-19 information, whether it be safety best practices or vaccine considerations for employers. Please visit HUB’s COVID-19 Resource Center for a plethora of resources to help you prepare and protect your business and employees: www.hubinternational.com/coronavirus Watch HUB’s On-Demand Vaccine Webinar Series to learn more:
CIANJ member, Bill Passarotti, currently serves as Senior Vice President with leading global insurance brokerage, HUB International. Based out of Summit, NJ, Bill works with businesses in a wide variety of industries on custom-tailored, comprehensive risk & insurance solutions. He can be reached at 908-666-6200 or [email protected]. For the latest information, guidance and resources on COVID-19 to help you protect what matters most, please visit www.hubinternational.com/coronavirus. Employee Retention Credit (ERC) Now Available for All of 2021 and PPP Loan Recipients Can Claim ERCs4/8/2021 By: Joel Boff, Tax Partner & Dana Fried, Managing Director – National Tax Services, CohnReznick For 2020, certain employers whose operations were fully or partially suspended due to a COVID-19-related government order or whose gross receipts for 2020 Quarter 2, Q3 or Q4 were less than 50% of their gross receipts for the same quarter in 2019 were eligible for a fully refundable federal payroll tax credit called the Employee Retention Credit (ERC). However, if the employer or any member of its controlled group received a Paycheck Protection Program (PPP) loan, the entire controlled group was ineligible for an ERC. The December Consolidated Appropriations Act of 2021 provided for both retroactive applicability of the ERC for 2020 and extending and expanding the ERC for the first two quarters of 2021, and liberalized the ERC requirements for 2021. Significantly, it made it so that an employer that did not take an ERC for 2020 because it or its controlled member received a PPP loan may now be eligible for ERCs for 2020. Now, as of the March 11 passage of the American Rescue Plan Act, the ERC is available for all four quarters of 2021. The newer Act also added new eligibility opportunities. Definition of ‘eligible employer’ To receive an ERC, an employer must qualify as an “eligible employer.” “Employer” here includes all members of a controlled group under IRC Section 52 (greater than 50% ownership test) or Section 414(m) (affiliated service group) on an aggregated basis. “Eligible employer” is defined as: For 2020 Q2, Q3 and/or Q4 (for Q2, including March 13 - March 31, 2020), an employer that: (1) Fully or partially suspended its operations due to a governmental order limiting commerce, travel, or group meetings due to COVID-19, or (2) Had gross receipts for such quarter that were less than 50% of its gross receipts for the same quarter in 2019. For 2021, an employer that: (1) Fully or partially suspends its operations due to a governmental order limiting commerce, travel, or group meetings due to COVID-19, or (2) Has gross receipts for such quarter that are less than 80% of its gross receipts for the same quarter in 2019 or for the immediately preceding quarter. Amount of ERC For 2020 Q2, Q3 and/or Q4 (for Q2, including March 13 - March 31, 2020), an employer can receive a credit equal to 50% of the first $10,000 of Qualified Wages paid per employee in the aggregate for all such quarters. The maximum ERC for all of 2020 would be $5,000 per employee receiving Qualified Wages. For 2021, an employer can receive 70% of the first $10,000 of Qualified Wages paid per employee in each quarter. The maximum ERC for each such quarter would be $7,000 per employee receiving Qualified Wages, and the maximum ERC for 2021 would be $28,000 per employee receiving Qualified Wages. ‘Qualified Wages’ What counts as “Qualified Wages” is different for small and large employers. For small employers: All wages paid to and Qualified Health Plan Expenses paid for all employees for the applicable quarter. For large employers: Only wages paid to and Qualified Health Plan Expenses paid for employees for a period or periods that the employees did not perform services for the employer. “Qualified Health Plan Expenses” are amounts paid or incurred by an employer to maintain a group health plan that are allocable to Qualified Wages. (This amount includes employer payments plus employee contributions made on a pre-tax basis.) Even if no wages are paid but health plan coverage is provided (e.g., coverage is continued for furloughed employees), the expenses constitute Qualified Health Plan Expenses and as such, are Qualified Wages. The definitions for “small” and “large” employer are also different for 2020 and 2021: Small Employer: For 2020 Q2, Q3 and/or Q4 (for Q2, including March 13 - March 31, 2020): For 2019, averaged 100 or fewer full-time employees (30 hours per week or 130 hours per month). For 2021: For 2019, averaged 500 or fewer full-time employees. Large Employer: For 2020 Q2, Q3 and/or Q4 (for Q2, including March 13 - March 31, 2020): For 2019, averaged more than 100 full-time employees. For 2021: For 2019, averaged more than 500 full-time employees. The IRS confirmed in early March that the “full-time employee” test does not take part-time employees into consideration, such that the only employees that will be counted are the ones who, with respect to any calendar month in 2019, had an average of at least 30 hours of service per week or 130 hours of service in the month. Thus, employers with many part-time employees that would have been “large employers” if they were counted, but are “small employers” without them, will be able to claim far greater ERCs as “small employers.” ERC/PPP interaction under the Consolidated Appropriations Act Under the December Act, and subject to further IRS guidance, even where an employer received/receives a PPP loan, the employer can still claim an ERC with respect to Qualified Wages. However, the same wages cannot be used both to qualify for forgiveness of a PPP loan and as ERC Qualified Wages. (The IRS has stated in a Notice that the amount of Qualified Wages included in “Payroll Costs” reported on a 2020 PPP loan forgiveness application are not 2020 ERC-eligible to the extent they were needed and used to obtain PPP loan forgiveness; see our full article for details.) 3 possible scenarios in which an ERC would now be allowed include: 1) A controlled group member received a PPP loan and another member of the same controlled group that did not receive a PPP loan wishes to claim an ERC. 2) The employer’s Qualified Wages were not provided by the proceeds of a PPP loan. 3) The employer’s Qualified Wages were provided by the proceeds of a forgiven PPP loan for which forgiveness was not obtained with the same wages that would be used as ERC Qualified Wages. What does CohnReznick think? The best-case 2020 scenario of a $5,000 ERC per employee, combined with the best-case 2021 scenario of a $28,000 ERC, represents significant assistance to employers that meet the eligibility requirements, either due to suspension of operations or a significant decline in gross receipts. We anticipate further regulatory guidance and we will provide additional information as it becomes available. Employers will need to be mindful of the impact of the “controlled group” concept. In that regard, an employer becomes eligible either by any member of its controlled group experiencing a complete or partial suspension of operations, or on the basis of the gross receipts of the entire controlled group. Access our ERC decision trees below to assist your understanding of your ERC eligibility for 2020 and 2021. 2020 ERC Decision Tree 2021 ERC Decision Tree |
Guest Blog
Archives
September 2024
Categories |