“Insider Trade Alleged After Equifax Breach,” The Wall Street Journal, March 15, 2018 B1. The CIO of an Equifax unit indicted for insider trading after learning of the Equifax hack, but before that information was disclosed. Sold nearly $1 million in stock 10 days before the disclosure.
This reminds me of the lawyer who approved the sale by some Equifax execs of some stock after the breach but before disclosure. See post here. Those executives have since been cleared, as they didn’t know of the breach at the time of the sale.
The company said it had cooperated in the investigation (no doubt having re-read a copy of the Yates memo). The defendant had been promoted to be Equifax’s CIO before the trading was discovered, at which time the offer was “rescinded.” He hadn’t been told about the breach, but figured it out. Avoided $117,000 in losses. But not getting fired and indicted.
Filed under Access, Compliance, Controls, Duty, Employees, Governance, Internal controls, IT, Oversight, Security, Uncategorized
“In a First, U.S. Firms Reveal Workers’ Pay Gap With CEO,” The Wall Street Journal, March 12, 2018 A1. US law requires disclosure of comparison of CEO’s pay to that of the median worker in the CEO’s company.
Noodle on this for a minute. Who “owns” the information as to what you earn? Do you? If so, you could, if you wanted to, publish that information or post it on your door. Does your employer encourage you not to do that? Who’s hiding what from whom? Would you be interested to learn that Joe in the next cubicle is paid 10% more than you are? Is his job or his qualifications that much different? Why don’t companies post this information by position? Why are you nervous about posting your salary? Are you embarrassed?
What does blockchain have to do with information governance?
It’s early days yet, but think about what happens with information. It gets created, modified, transferred, stored, used, reused, exchanged, and, hopefully, deleted at the end of its life. Would it be useful to be able to track who owns the information and where it is at each step of its life? Is a piece of information that much different than a cargo container being tracked from origin to destination?
“Blockchain Has Power to Transform,” The Wall Street Journal, March 12, 2018 B4.
Filed under Operations, IT, Information, Use, Governance, Interconnections, Controls, Third parties, Analytics, Access, Accuracy, Supervision, Technology
Sometimes, the federal government and state governments clash over who controls some activity. For example, marijuana, the sale or distribution of which is prohibited by federal law. But some states have “legalized” it. There’s a supremacy clause in the Constitution (Article VI), as well as the Tenth Amendment, and people disagree which applies, and when.
“Fight Over Student Loans Intensifies,” The Wall Street Journal, March 10, 2018 A4. Federal government asserts sole authority over companies that collect federal student loans. States object.
What does this have to do with information governance? Don’t you need to know who make the rules that you need to comply with?
“Disney Rebuffed Over Pay For CEO,” The Wall Street Journal, March 9, 2018 B1. Shareholders refuse to endorse Chairman’s new pay package.
This is really quite large. Shareholders invest their money and elect a Board of Directors to manage the company. Normally, shareholders of a large public company have little say in what the Board decides to pay the managers who actually run the company. Or really any influence at all over anything. If they like it, they stay. If not, they sell their shares.
So who is really governing Disney? The shareholder vote is not binding, but does send a message to the directors.
What is governance?
Who’s at fault when your technology doesn’t work? Isn’t that an inherent risk in any technology?
“NYSE to Settle With SEC Over Malfunctions,” The Wall Street Journal, March 7, 2018 B15. NYSE penalized $14 million for not preventing “outages of critical market infrastructure” in August 2015.
Crazy the the government can create a rule making you liable if technology fails. But then, you have to comply with the applicable requirements.
It’s bad enough trying to control your own employees, and those of your agents (and vendors). But how do you control the employees, agents, and vendors of your various affiliates and ventures? Do you all have the same Code of Conduct? The same policies on a whole host of sensitive matters?
“KPMG Scandals Stay Local,” The Wall Street Journal, March 8, 2018 B10. KPMG deals with alleged non-compliance at three international affiliates involved in auditing.
Does a client know the difference? Do you ask prospective consultants about the compliance history of the larger firm? Do you exercise enough control to also get liability?
Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Duty, Governance, Internal controls, Managers, Oversight, Third parties