Risk Roundup for May and June 2018
Our third Risk Roundup of the year is notable for its risks and adverse events with some detectable optimism. Over the last two months, a major regulation took effect; Starbucks found itself in the spotlight for racial bias; Hawaii experienced a volcano; and finally, normally harmless romaine lettuce became harmful due to E. coli. All together, they represent our top risks for May and June.
GDPR. A watershed moment for privacy and data protection
May 25 came and the world changed forever. In case you missed it, the European Union’s General Data Protection Regulation (GDPR) took effect on May 25. Businesses worldwide that hold personal data of subjects residing in the EU now have a compliance challenge or run the risk of a major fine. GDPR also opened eyes to privacy and information security. As Don Elledge, co-founder and CEO of Edgile, opinioned in Forbes: “Some deadlines are good. They can help us transcend mere opportunism and get things done.”
Starbucks works on reputational risk
On a Tuesday afternoon in late May, Starbucks locations across America closed to train 175,000 employees on spotting and managing racial bias. It was after a highly publicized incident where two African-Americans were arrested at a Philadelphia area Starbucks when the manager called the police because the men declined to make a purchase. The result was a public outcry that put Starbucks in the spotlight. Now Starbucks is taking proactive steps to improve racial sensitivity like the company-wide training. What happened to Starbucks is a reminder that all organizations should review their policies and training programs to ensure inclusion of anti-discrimination language.
Hawaii volcano puts tourism trade at risk
Hawaii’s Big Island depends heavily on tourism. It took a major hit when a volcano erupted at Hawaii Volcanoes National Park. As a result, cruise ships canceled stops and hotel rooms sat empty. While we expect the local tourism industry to suffer, the untold story is the associated business impact. Did cruise lines and hotel chains have a business impact analysis for an ecological disaster like a volcano? It brings to mind the importance of business continuity planning and being resilient to events that impact the bottom line.
E. coli infection linked to romaine lettuce impacts food supply chain
E. coli linked to romaine lettuce infected 210 people in 36 states and hospitalized 96. The outbreak is over as of June 28, according to the CDC, but the scare reverberated nationwide. Grocery stores pulled romaine lettuce from their produce aisles. Consumers, alarmed by media reports, stopped buying romaine lettuce or any lettuce for that matter. Did the food chain see this coming? You don’t have to be a food company to face tainted product or suffer a sales decline due to unforeseen events. Every company has a supply chain or product source risk that would benefit from proactive risk management.
That’s it for our July edition of Risk Roundup. We’ll be back in September with a roundup of notable risks from July and August.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.
In many ways, global supply chains are in the crosshairs of the global pandemic. We share three strategies you can pursue now to be ready for when business starts to recover.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.