I have been quiet for several reasons. One, The Wall Street Journal was having delivery problems for several weeks. While I use the digital edition for my posts, I read the paper copy each day to find my material. Two, I was on vacation. Three, I try to avoid politics in this blog, and it’s been a busy time, politically.
Hard to report dispassionately the decision by the FBI Director not to recommend indictment of the former Secretary of Commerce based on the facts the Director laid out, and the language of the applicable statutes. It seemed that he was saying that the Secretary had likely/possibly violated the law but no reasonable prosecutor would bring such an action.
What does it say about information governance when the rules are not applied to the higher-ups? Why have these rules?
I’m not recommending prosecuting if there is no likelihood of conviction — that would be a waste of time. But this one seems to be a close call, and there are policitcal consequences of both action and inaction. What is the impact on compliance throughout the US government with applicable law of the decision to not even bring the case before an impoartial fact finder (either court or jury), but to instead to leave it to the investigator to make the decision?
What does this say about the average (or reasonable) prosecutor?
If the Chief Executive of your company doesn’t follow company policy, and everybody in the company knows it, do you take disciplinary action against him/her? If not, can you expect people to follow any policies at all? Is that a fundamental failure to fulfill duties, on multiple levels? How does the Board explain this to the shareholders?
How can you enforce information security and retention policies in your company when this is what is rolling out on the TV screens every day?