Wednesday, July 29, 2015

Jason Atchley : Data Security : New Standards Coming, Time for a Data Security Check

jason atchley

New Standards Coming, Time for a Data Security Check

, Corporate Counsel
    | 1 Comments

It appears that hackers don’t take the summer off. From the U.S. Office of Personnel Management to online dating site Ashley Madison, cybercriminals have been proving that they will go after just about any sort of target that holds people’s personal data.
At the same time, regulators have been trying to fight back—particularly in the European Union, where new rules on data protection are emerging that may be finalized as early as the end of this year. Although these regulations are European, many U.S. companies that do business in the EU and work with customers and employees there will still have to worry about complying.
Given the one-two punch of increasing cyberattacks and impending regulatory changes, now might be a good time for companies to take a hard look at the way they process and protect their data. “Most companies nowadays are going above and beyond anything that’s out there right now and looking forward to the future,” Kristoph Gustovich, director of hosting and security at Mitratech, told CorpCounsel.com. “They’re always looking to meet what’s going to be the next stage of regulations.”
To help direct companies’ energies and attention toward the cybersecurity issues that matter, Mitratech has released a white paper titled A 6-Step Health Check for your Organization’s Data Privacy Program.
One major action that companies should be taking in anticipation of regulatory changes from Europe, according to the white paper, is ensuring that they’ve taken account of how new rules will redefine their roles in data protection activities. Many companies that managed to avoid a certain amount of responsibility for their customer data by being labeled “data processors” will have the same amount of responsibility as “data controllers” under new regulations. This leveling means that some companies will have to toughen their security stance when it comes to dealing with customers’ personal data.
It’s not just the roles of some companies that are changing, however. Roles of individuals within the companies also have to evolve to meet heightened legal and security needs. The new EU regulations, for example, may require companies with a certain number of employees and a certain amount of data to appoint a data protection officer from either inside or outside the company. This person will be responsible for making sure the company complies with privacy requirements.
General counsel are also seeing their roles evolve as breach risks rise and regulatory risks grow. "The laws are always going to change, and unless you have a general counsel involved to understand that, to present that to the technologist in a way that they can understand, there’s no way the technologist will be able to understand all the nuance,” said Gustovich. He also warned of putting cybersecurity responsibilities in silos—whether they are IT’s or legal’s. In his experience, he noted, that approach is doomed to fail.
One of the most important jobs in-house counsel have for cybersecurity is ensuring that the company’s contracts are compliant with data security laws. The white paper identifies use of contract language as an area where companies covered by new European regulations will probably have to make substantial changes.
The new rules will likely require that companies tell users and customers, in the company’s contracts, what data of theirs the firm will use and how it will use the information. Then, they must get the users to “opt in.” In contrast, a good number of U.S. companies have customers opt in to data collection by default, and insist that they explicitly “opt out.”
Another contractual issue the white paper addresses is the need for very specific language in user contracts. It explains that blanket contract terms will no longer cut it, in terms of compliance with emerging data security laws. And if a company intends to conduct data mining, this has to be made contractually clear to customers and users.
For companies, it’s essential to stay ahead of the curve on the increasingly difficult security environment and on the new European regulations, which may very well set the pace for other future data privacy rules in the U.S. and abroad, said Gustovich. He pointed out that when budgets and contracts need to be adjusted, companies shouldn’t wait to get started—even if the EU gives the two-year lead time between finalization and implementation that it has indicated it will give. Adjusting to serious regulatory changes takes time and planning. “It will come up much faster than people expect,” Gustovich warned.


Read more: http://www.corpcounsel.com/id=1202732943057/New-Standards-Coming-Time-for-a-Data-Security-Check#ixzz3hI0IPaS1


Monday, July 27, 2015

Jason Atchley : Compensation : 5 Lessons for a Compensation Department of None

jason atchley

5 Lessons for a Compensation Department of None

Stickman comp dept of noneOver the last few years, we have seen a rise in attention to the all too common, “HR Department of One”. These jacks-and-jills-of-all-trades, (and master of many), must be the policy maker, recruiter, trainer, confidant and much more for many companies. Often, on this very site, we talk about “compensation departments and compensation professionals” as if every company has one or both. But, what if, as is often the case, a company has NO compensation professional on staff? Or, what if the company has a great compensation analyst with little or no training in executive compensation, sales compensation or some other important specialty?
Many successful companies operate with a compensation department of none. What do the people know at these companies that allow them to continue to move forward without internal compensation expertise?
  1. They try and keep things simple. These companies seldom use a wide range of compensation elements. The elements they use usually refrain from a lot of bells and whistles. This allows them to manage the programs effectively, even when the programs may not fully support their needs. They know that a limited program that works is better than an amazing program that doesn’t.
  2. They stick to a schedule. They have limited periods to think about and act on compensation issues. They intensely work on pay during these periods and put little focus on it during the rest of the year.
  3. They delegate. They tend to ask (and trust) more of finance, managers and the employees themselves. There isn’t a lot of time for handholding. People from multiple areas of the company often perform analysis, communication and management of programs as a series of small projects.
  4. They focus on the big things. Another compensation plan or a small tweak to an incentive program may make things better or more interesting, but getting salaries and bonuses right is the priority. Since compensation and HR are part of the same job at most of the companies, the approach is more holistic than at many larger companies.
  5. They know when to ask for help. They have less of their ego involved in the pay programs. This means they reach out to colleagues and consultants earlier and more often. They are comfortable leaning on others’ expertise (and are usually willing to share their own in return.)
What should they know?
  1. Survey data is useful, but it is not compensation consulting or compensation planning. Compensation departments of none may only have access to a single data source. Often that source is an aggregated or “scraped” data set. This data does not have the nuance and detail available from more comprehensive data sources. This may be fine for a while, but it can result in long-term pay policies that cannot be supported when better data or analysis expertise does become available.
  2. Variable pay programs are harder than they seem. The ongoing management and communication required for these programs is often not possible. Poorly designed, managed or understood plans can result in actions, decisions or payouts that can irreparably damage a company.
  3. Without a compensation philosophy and strategy, things will get very messy (but it may take a few years.) Operating without a set of rules is operating without a safety net. Even a simple list of two or three objectives is enough to help ensure consistency.
  4. Payroll isn’t really the same thing as compensation. Payroll is a result of compensation. Many people confuse the two. Compensation is about everything that happens before someone gets paid. Payroll is about everything that happens because someone gets paid. It is absolutely essential both are done correctly, but each can exist and be performed to perfection even if the other is in disarray.
  5. Pay usually eats up more company revenue than any other piece of your budget. Even small improvements can have a huge impact.That’s right, companies with no internal compensation expertise, often have the greatest need for expertise. Compensation can consume more than seventy cents of every dollar your company brings in. This leaves thirty cents for every other department and activity at your company. If you can increase compensation effectiveness even by 5%, it can be a game changer for the success of your company. In mist of budget discussions, you are the most important person in the room.  Respect that incredible responsibility.
It would be great if every company could have a team of compensation experts in the office, but that simply isn’t possible for many companies. The lack of internal compensation expertise does not need to result in a lack of compensation excellence. Are you, or have you been, in this situation? Is there anything you can share to help others succeed?
Dan Walter is the President and CEO of Performensation a firm committed to aligning pay with company strategy and culture. Do you want to know more about Performance-Base Equity. Dan was written a new comprehensive issue brief on the topic. Dan has also contributed to “Everything You Do in COMPENSATION IS COMMUNICATION”, with Comp Café writers, Ann Bares and Margaret O’Hanlon. And if youp;re still not bored with Dan, he has co-authored“The Decision Makers Guide to Equity Compensation”and “Equity Alternatives.” Connect with Dan on LinkedIn. Or, follow him on Twitter at@Performensation and @SayOnPay.

Monday, July 20, 2015

Jason Atchley : Data Security : Hackers Gain Access to Extramarital Dating Databases

jason atchley

Hackers Gain Access to Extramarital Dating Databases

, Legaltech News
    | 0 Comments

Few things in life are as private as our romantic entanglements. So with hackers announcing they’ve made off with as many as 37 million records from the parent company of extramarital dating site AshleyMadison.com, you can be sure there are plenty of people sweating over the potential fallout.
The group, which calls itself “The Impact Team,” released a statement on July 20 saying that it has gained access to the databases of Canada-based Avid Life Media, which runs Ashley Madison and other dating sites.  The hackers said that if ALM does not comply with its demand to shut down services, it will release private information on its clientele. In addition to the notification, the group has also released a small portion of the data stolen as a demonstration of its intent.
In an interview with cybersecurity blogger Brian Krebs, Avid Life Media CEO Noel Bidderman, said that the company is investigating the breach, which he called “criminal” in nature. “We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Avid Life Media’s services differ from traditional dating sites in that they target subsets of dating culture. Ashley Madison bills itself as a dating site for married people, using the tagline “Life is Short. Have an Affair,” to illustrate that point. The site EstablishedMen.com offers affluent males dating connections to younger women, but hackers charge that it is also used to facilitate prostitution and human trafficking.
Avid Life Media offers a “full delete” option designed to help users cover their tracks, a service they charge $19.99 for. However, the hacking group said that the service did little to protect information collected from users.
Impact Team wrote in the statement: “Full Delete netted Avid Life Media $1.7 [million] in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.” 
While Avid Life Media has not announced how it intends to react to the request, it is unlikely that they will shutter site operations. If hackers are successful in leaking Avid Life Media user information, legal action stemming from the breach is inevitable. That’s likely to include not only the standard class action against the breach victims, but probably an uptick in divorce filins as well.


Read more: http://www.legaltechnews.com/id=1202732567355/Hackers-Gain-Access-to-Extramarital-Dating-Databases#ixzz3gT58JOxB




Jason Atchley : Data Analytics : Applying Analytics to Sales Incentive Plan Design

jason atchley

Applying Analytics to Sales Incentive Plan Design
The cost of not evaluating your sales incentive plan can be steep

By Chad Albrecht, ZS   1/7/2015
Permissions
 

Sales compensation analytics in the U.S. have been woefully lacking, even though companies allocate more of their budget to sales compensation than to advertising. Yet while every dollar of advertising is thoroughly scrutinized to maximize the return on investment (ROI) of the marketing budget, the assessment of sales compensation spending is far less rigorous.
That’s unfortunate, because the cost of not evaluating and analyzing the sales incentive plan can be steep, given that an effective plan design can have a double-digit impact on sales as compared to a mediocre or poorly designed plan. Moreover, using analytics appropriately is the best way to objectively assess the effectiveness of your plan design.

Sample Analytics

Below are examples of sales compensation analytics that can help shed light on incentive plan effectiveness.
 Payout Ranges.
One of the most effective uses of sales compensation analytics is assessing the plan’s ability to pay for performance. The idea is simple—pay high performers more and low performers less. But this turns into a question of how much more or less. What degree of differentiation will send the appropriate message to both high and low performers and help the company maintain financial responsibility?
One simple way to assess the pay-for-performance relationship is to evaluate the incentive payments for the 10th and 90th pay percentiles and compare them to the target incentive amount.
For the 10th percentile performer, there is typically a payout range from 10 percent to 30 percent of the target incentive. Anything below this range means there may be too many people earning little to no incentive, risking turnover and a disengaged salesforce. Anything above that range may mean that bottom performers are being overpaid.
For the 90th percentile performer, there is typically a payout range from 200 percent to 300 percent of the target incentive. Anything below this means you may not be rewarding your top performers generously enough, potentially causing them to look elsewhere for a job. Anything above this range may indicate poor quota setting and/or windfalls.
 Percentage of Revenue Generated.
Another useful analytic to implement—in cases where a particular product or product group is of strategic importance to the organization—is to divide the percentage of incentive paid by the percentage of revenue generated. A ratio more than 1.2 is appropriate for an emphasized product, while a ratio less than 0.8 is appropriate for a less important product.
Take, for example, a company that sells both license and software-as-a-service (SAAS) software. The company was particularly interested in driving SAAS business in 2014, and the goal for SAAS revenue amounted to roughly 20 percent of the total while license revenue encompassed the remaining 80 percent.
To ensure focus on SAAS products, the company put 40 percent of the incentive weight on the SAAS sales and 60 percent of the incentive weight on license sales. The resulting metrics showed the relative importance of SAAS sales to the organization:
 License “Relative Importance” = 60 percent of incentive / 80 percent of sales = 0.75 (signifying low emphasis).
 SAAS “Relative Importance” = 40 percent of incentive / 20 percent of sales = 2.0 (signifying high emphasis).
 Assessing ‘Fairness.’
“Fairness” is another important incentive concept for which analytics is critical. A plan is considered “fair” when no territory characteristic other than the effort and ability of the salesperson impacts territory performance, and therefore incentive pay.
The importance of fairness cannot be underestimated for salespeople. In practical terms, designing for fairness requires the company to address two challenges: 1) know which territory characteristics to test for bias, and 2) if bias is observed, understand how to adjust the plan or quotas to eliminate or reduce it. Field sales managers can provide input about what fairness tests to run, increasing the odds of diagnosing fairness issues before faith in the plan is diminished.
To determine perceptions of unfairness in the plan, one good question to ask field salespeople and their manager is, “If you could have any territory in the country, which would you choose and why?” These answers will begin to reveal field perceptions of territory unfairness and provide the basis for further analytic evaluation.

Monitoring Performance with Critical Metrics

There is no one-size-fits-all approach for sales compensation analytics. However, ZS has found in our experience across various industries that a best practice for companies is to define target “zones” for many key metrics. Some typical target zones are shown in the table below.
Typical Target Zones for Key Incentive Compensation Plan Metrics
  SPIFFs = sales performance incentive funds, used to provide an immediate bonus for a sale.
 IC = incentive compensation.

Conclusion

Sales analytics are a key element of a successful sales compensation program. In addition to providing efficient, timely and accurate payout calculations, use of analytics presents companies with a big opportunity to enhance sales compensation plan diagnosis and design.
 
Chad Albrecht is a principal with ZS in Chicago, where he leads the firm’s business-to-business sales compensation practice. He is a Certified Sales Compensation Professional (CSCP) with more than 15 years of experience implementing motivational incentive plans in the software, business services, medical devices, telecom, distribution and manufacturing industries. He is a co-author of The Power of Sales Analytics (ZS, 2014).
- See more at: http://www.shrm.org/hrdisciplines/compensation/articles/pages/sales-incentive-analytics.aspx#sthash.LWylDZCO.dpuf

Friday, July 17, 2015

Jason Atchley : Compensation Data : Is Your Company Lying About Pay?

jason atchley

Is Your Company Lying About Pay?

Stickman Are You Lying About PayDavid Larcker and Anastasia Zakolyukina did some research in 2012 for the Rock Center for Corporate Governance at Stanford University. Luckily, it recently made its way back into circulation. The paper, “Detecting Deceptive Discussions in Conference Calls”, attempts to predict the level of deception or truthfulness of CEO communications to shareholders. They found “that the answers of deceptive executives have more references to general knowledge, fewer non-extreme positive emotions, and fewer references to shareholder value. In addition, deceptive CEOs use significantly more extreme positive emotion and fewer anxiety words.”
1)     Less truthful CEOs tend to speak in generalities, rather than getting into details. Example: “Everybody knows”, instead of “I know.”
2)     Less truthful CEOs tend to use hyperbolic terminology when discussing positives. Example: Using the word “great” instead of “good.”
3)     Less than truthful CEOs tend to reference the company or group rather than themselves. Example: “We, instead of I.”
While the research paper indicated there was still more work to be done in this area, it found that it could predict deception with far more accuracy than random selection. In short, it seems as if an astute listener can determine deception with enough confidence to know when a deeper dive is recommended. The results are not perfect, but they are convincing.
These conclusions led me to reevaluate the communications of companies with compensation programs that have failed in the past. Perhaps, it was an equity compensation plan that failed to motivate individuals or drive company success. Maybe, it was a sales compensation program that did not impact revenue or profits. Or, it was a company with a compensation philosophy that claimed to focus on attracting, retaining and motivating world-class talent, while actually delivering none of these. Without writing a 70-page research paper, I have found enough anecdotal evidence to make me think twice. Is it possible that HR and compensation professionals use similar language and techniques when being disingenuous about pay programs? Is it possible that you are guilty of this without even realizing it?
Ask yourself if there has been a difference between how you discuss the plans you like versus those you wish the company would “fix.” Look at your past management presentations. Was your lack of confidence in market data or the recommendations you provided reflected by some of the issues listed above?
The truth is simple. Your employees and executives are both fairly good at seeing through pretext. Unlike many shareholders, your employees are not hoping that you will confirm everything is OK. They are looking for you to provide real information about an incredibly important and complex topic. Can you find examples of these indicators in your programs? Have you seen them in prior positions? If you can detect your own deceiving communications, my guess is that your employees can detect them too.
Dan Walter is the President and CEO of Performensation a firm committed to aligning pay with company strategy and culture. By now you probably have a copy but if not… “Everything You Do in COMPENSATION IS COMMUNICATION”,by Comp Café writers, Dan Walter, Ann Bares and Margaret O’Hanlon, lays out a practical approach to communications (with helpful worksheets for each step). Dan’s new comprehensive issue brief on Performance Equity will be available late-July 2015. Dan has also co-authored of several other books you may find useful including “The Decision Makers Guide to Equity Compensation”and “Equity Alternatives.” Connect with Dan on LinkedIn. Or, follow him on Twitter at @Performensation and @SayOnPay.