Routine teaching case

“Insider Trade Alleged After Equifax Breach,” The Wall Street Journal, March 15, 2018 B1.  The CIO of an Equifax unit indicted for insider trading after learning of the Equifax hack, but before that information was disclosed.  Sold nearly $1 million in stock 10 days before the disclosure.

This reminds me of the lawyer who approved the sale by some Equifax execs of some stock after the breach but before disclosure.  See post here.  Those executives have since been cleared, as they didn’t know of the breach at the time of the sale.

The company said it had cooperated in the investigation (no doubt having re-read a copy of the Yates memo).  The defendant had been promoted to be Equifax’s CIO before the trading was discovered, at which time the offer was “rescinded.”  He hadn’t been told about the breach, but figured it out.  Avoided $117,000 in losses.  But not getting fired and indicted.



Leave a comment

Filed under Access, Compliance, Controls, Duty, Employees, Governance, Internal controls, IT, Oversight, Security, Uncategorized

Knowledge is dangerous

“In a First, U.S. Firms Reveal Workers’ Pay Gap With CEO,” The Wall Street Journal, March 12, 2018 A1.  US law requires disclosure of comparison of CEO’s pay to that of the median worker in the CEO’s company.

Noodle on this for a minute.  Who “owns” the information as to what you earn?  Do you?  If so, you could, if you wanted to, publish that information or post it on your door.  Does your employer encourage you not to do that?  Who’s hiding what from whom?  Would you be interested to learn that Joe in the next cubicle is paid 10% more than you are?  Is his job or his qualifications that much different?  Why don’t companies post this information by position?  Why are you nervous about posting your salary?  Are you embarrassed?

Just curious.

Leave a comment

Filed under Access, Business Case, Controls, Duty, Employees, Information, New Implications, Ownership, Privacy


What does blockchain have to do with information governance?

It’s early days yet, but think about what happens with information.  It gets created, modified, transferred, stored, used, reused, exchanged, and, hopefully, deleted at the end of its life.  Would it be useful to be able to track who owns the information and where it is at each step of its life?  Is a piece of information that much different than a cargo container being tracked from origin to destination?

Just saying.

“Blockchain Has Power to Transform,” The Wall Street Journal, March 12, 2018 B4.

Leave a comment

Filed under Operations, IT, Information, Use, Governance, Interconnections, Controls, Third parties, Analytics, Access, Accuracy, Supervision, Technology

Who’s in charge?

Sometimes, the federal government and state governments clash over who controls some activity.  For example, marijuana, the sale or distribution of which is prohibited by federal law.  But some states have “legalized” it.  There’s a supremacy clause in the Constitution (Article VI), as well as the Tenth Amendment, and people disagree which applies, and when.

“Fight Over Student Loans Intensifies,” The Wall Street Journal, March 10, 2018 A4.  Federal government asserts sole authority over companies that collect federal student loans.  States object.

What does this have to do with information governance?  Don’t you need to know who make the rules that you need to comply with?

Leave a comment

Filed under Controls, Duty, Governance, Who is in charge?

Man bites dog

“Disney Rebuffed Over Pay For CEO,” The Wall Street Journal, March 9, 2018 B1.  Shareholders refuse to endorse Chairman’s new pay package.

This is really quite large.  Shareholders invest their money and elect a Board of Directors to manage the company.  Normally, shareholders of a large public company have little say in what the Board decides to pay the managers who actually run the company.  Or really any influence at all over anything.  If they like it, they stay.  If not, they sell their shares.

So who is really governing Disney?  The shareholder vote is not binding, but does send a message to the directors.

What is governance?

Leave a comment

Filed under Board, Controls, Corporation, Directors, Duty, Governance, Investor relations, Third parties

Who’s responsible for your information technology?

Who’s at fault when your technology doesn’t work?  Isn’t that an inherent risk in any technology?

“NYSE to Settle With SEC Over Malfunctions,” The Wall Street Journal, March 7, 2018 B15.  NYSE penalized $14 million for not preventing “outages of critical market infrastructure” in August 2015.

Crazy the the government can create a rule making you liable if technology fails.  But then, you have to comply with the applicable requirements.


Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Requirements

Are you responsible for your brother? Your cousin?

It’s bad enough trying to control your own employees, and those of your agents (and vendors).  But how do you control the employees, agents, and vendors of your various affiliates and ventures?  Do you all have the same Code of Conduct?  The same policies on a whole host of sensitive matters?

“KPMG Scandals Stay Local,” The Wall Street Journal, March 8, 2018 B10.  KPMG deals with alleged non-compliance at three international affiliates involved in auditing.

Does a client know the difference?  Do you ask prospective consultants about the compliance history of the larger firm?  Do you exercise enough control to also get liability?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Duty, Governance, Internal controls, Managers, Oversight, Third parties