Group items tagged

This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009. More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA. Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments. Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well. With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.

While the recession injured many industries in 2008, health care was one of the few bright spots in the employment picture, growing by 372,000 jobs last year, according to the U.S. Bureau of Labor Statistics' January 2009 Employment Situation Summary. The large aging population has health care employers in need of qualified workers: stat. Therefore, despite the current economic conditions, health care employers will continue to increase staff in 2009, according to CareerBuilder.com's annual health care hiring forecast, conducted online within the U.S. by Harris Interactive. Close to one-in-five (17 percent) of large health care employers (50 or more employees) plan to increase the number of full-time, permanent employees in 2009, while 67 percent foresee either making no change in the number of employees or are unsure. Sixteen percent plan to decrease the number of employees. "The health care industry continues to boast high demand for qualified workers. Employers are reacting to this need by continuing strong recruiting efforts this year," says Jason Ferrara, vice president of corporate marketing for CareerBuilder.com. "Half of health care employers, the highest among industries we surveyed, have open positions for which they can't find qualified candidates. In response, health care employers will have to adjust their recruitment and retention strategies to find and keep top talent."

The new Obama Administration and a stronger Democratic party control of Congress set in the midst of a struggling economy and foreign policy issues, has created an interesting environment for legislation and regulations affecting customer interactions both federally and at state levels. While contact center-and-direct marketing-affecting issues such as offshoring, privacy, and telemarketing may haven been pushed offstage, they are not out of the hall. Ironically, economic pressures may shove them back into the spotlight as governments, especially states, seek ways to keep jobs and revenue sources, which contact centers provide. Federal Legislation Here is an examination of federal industry issues that lawmakers and regulators are and may be addressing in 2009: * Offshoring Federal lawmakers may reintroduce a bill similar to HR 1776, The Call Center Consumer's Right to Know Act, which would require contact center agents to disclose the physical location of such employee at the beginning of inbound and outbound calls. Firms would also have to annually certify to the Federal Trade Commission (FTC (News - Alert)) their compliance with such requirement. HR 1776 is an attempt to restrict offshoring by making customers aware that their calls may be going to or originating out of country. The bill's supporters hope customers and negative publicity would pressure firms to bring such jobs back to the U.S. The downsides are that such bills may significantly add to contact center costs in both onshoring and time spent location disclosing and in compliance, which would ultimately be paid for by consumers. In doing so bills like it that hike contact center expenses may also be self-defeating as they may result in fewer domestic jobs. "The particular type of disclosure contemplated by HR 1776 is a burdensome additional disclosure without clear benefit to the consumer," American Teleservices Association (ATA) CEO Tim Searcy told the House Energy and Commerce subcom