Monthly Archives: January 2017

Grappling with unstructured data

Unstructured data (largely data outside of a database, like emails and edocuments) is a challenge for information governance.  How do you know what you have and where you have it, and how do you manage it, use it, and dispose of it?  Lawyers conducting discovery think in terms of technology assisted review.  What about real-world applications?

“McKesson Develops Tool To Analyze Medical Records,” The Wall Street Journal, January 26, 2017 B5.  Company develops tool to read and analyze information contained in multiple and diverse data sources.  Goal is to improve patient care.

Think for a moment about the challenge.  Data on specific patients are in several doctors’ files (and hospital reports and files), likely at different locations on different computer systems, and the potentially applicable medical literature is vast and widely distributed. Hopefully, most of this information is electronic and machine-readable.  How do you access all that information and then determine what’s useful for your particular patient?

Technology is the only way.

Leave a comment

Filed under Access, Analytics, Collection, Data quality, Governance, Information, Interconnections, IT, Management, Use, Value

Sharing passwords

Banks say, and rightfully so, that you shouldn’t share your password for your bank account with anyone else.  Including sites like TurboTax.  This caused some “issues” when TurboTax users tried to download bank account data.

“Bank, Intuit End Spat on Passwords,” The Wall Street Journal, January 28, 2017, B5.  The bank will provide a token, which obviates the need for the user to give Intuit their bank password.

Interesting question about who is responsible for protecting the security of your account from third parties.  And you.

Leave a comment

Filed under Access, Controls, Interconnections, Internal controls, IT, Security, Third parties

Are scheduled inspections a bad thing?

“Wells Branches Alerted on Monitors,” The Wall Street Journal, January 25, 2017 B2. Branches of Wells Fargo were notified 24 hours in advance of regular compliance inspections.  Bank has since supplemented regular inspections (that have at least 24 hours’ notice) with surprise compliance inspections.

I’m all in favor of the occasional surprise inspection as a compliance tool, but I’m not sure that regular inspections, with notice, are a bad thing.  Don’t we normally get prior notice of an audit?  Or of visits by auditors?

I’d be more troubled by the reports of the flurry of activity after notice was received.  Why weren’t things being done in a compliant manner to begin with?

Leave a comment

Filed under Controls, Governance, Internal controls, Oversight

Inspections are part of governance

“Theranos Failed Second Inspection,” The Wall Street Journal, January 18, 2017 B4.  The CMS (Centers for Medicare and Medicaid Services) inspected Theranos in late September, and a few days later “Theranos said it was exiting the medical-testing business altogether.”  Theranos failed the inspection.

If you don’t takes steps to monitor performance, it’s hard to make sure people are complying with all the applicable laws and regulations (and policies).  But we knew that.


Filed under Board, Compliance Verification, Controls, Corporation, Duty, Governance, Government, Internal controls, Oversight, Third parties

Why do supervisors get the big bucks?

Sometime head feints are acceptable; sometimes they are felonies.

“Citi to Pay Fine Over ‘Spoofing’ Tactics,” The Wall Street Journal, January 20, 2017 B12.  Traders entered large orders, intending to immediately cancel them, hoping thereby to fool the market.  This has been against the law since 2010.  Cost: $25 million in fines.

The supervisors of the traders were accused of failing to supervise.  Scolding, but not reporting, the offending trader was not sufficient.  Unclear whether the supervisors will themselves be prosecuted.

What does it say about governance when the people responsible for making sure traders operate legally aren’t penalized when the traders stray?  Perhaps if the government or the company penalized the supervisors (or their supervisors), the traders and others would get the compliance message.  Citi paid the fine, but the Citi shareholders bear the costs.


1 Comment

Filed under Controls, Duty, Employees, Governance, Internal controls, Managers, Supervision, To report

A Higher Duty

A lawyer for a company has a duty under company law to protect the company’s confidential information.  As a lawyer, he or she has a professional ethical obligation to preserve the confidentiality of materials submitted to the lawyer in order to secure or provide legal advice.

But what happens if the lawyer learns information that indicates the client has broken or is breaking US criminal law?  Is there a duty to blow the whistle outside the company?  To whom is that duty owed?  Which controls, state legal ethics rules or federal law?

“Trial to Focus on In-House Lawyers,” The Wall Street Journal, January 17, 2017 B2.  A company’s general counsel is fired.  The company says he was fired because he messed up security filings and failed to detect bribery that led to $55 million in fines.  He says he was fired because he blew the whistle on the company’s “possible” bribery in China.  The judge ruled in December that the lawyer can use privileged information to support his claim.

Will this case eviscerate attorney-client privilege or force attorneys to become unwilling participants in criminal activity?

Leave a comment

Filed under Access, Business Case, Compliance, Controls, Duty, Employees, Governance, Internal controls, Legal, New Implications, Privilege, Risk, Third parties, To report