Monthly Archives: April 2018

23 & you

Lots of positives from sharing your genetic information online.  You can find distant relatives and explore your heritage.  Or locate a serial killer.

“Use of Database Raises Questions,” The Wall Street Journal, April 30, 2018 A6.  Private genetics website used to link the DNA from a murder scene to the suspected Golden State Killer.

I haven’t read the terms and conditions of the site at issue, but suspect that it does not prohibit the use of the data by law enforcement (perhaps unlike Uber in the Greyball case).  Does it invade your privacy for the government to look at data that you have made available to a large groups of “others”?  Who can the suspect sue for violating the terms and conditions?  And what would be his damages?

So, add genetics to the definition of “information.”

Leave a comment

Filed under Access, Analytics, Controls, Corporation, Data quality, Definition, Duty, Governance, Information, Ownership, Policy, Privacy, Third parties

Public information

Can you get in trouble for disclosing public information?  If you’re a naturalized American citizen of Chinese heritage, maybe.

“Worker Wins Ruling in Spy Case,” The Wall Street Journal, April 30, 2018 A4. Court orders government to reinstate and pay back pay to a hydrologist at the Commerce Department fired two years ago for providing publicly-available data to a a former classmate who just happened to be a water-resources official in China.

Interesting questions about what controls (if any) apply to public information, and the steps that an employer can take against its employees for providing information to friends.

Can James Comey take solace?  Or does it need to be public information?

Leave a comment

Filed under Access, Compliance (General), Controls, Duty, Governance, Government, Information, Oversight, Ownership

Tell me it ain’t so, Joe!

“EU Presses Tech Firms on Search Results, Fake News,” The Wall Street Journal, April 27, 2018 B5.  The EU looks into how Google and Facebook control what EU residents see, requiring more transparency as to how they filter what we see.

Wonder if the US Congress will follow suit, or develop its own solution.

From a Governance perspective, how can a government control this?  Are Google and Facebook something other than private businesses?  Utilities?  Media?  What rules apply and who makes (and enforces) them?  Maybe you can require all information to be searchable, but then how do you limit and group the number of responses?

From a Compliance perspective, how will Google and Facebook be able to comply with different controls imposed by different governments, some of which don’t have the same press protections as the US has (assuming Google and Facebook are “the press”).  Do we need a squad of fact-checkers?  And who would govern them?  Oops.  There’s a link to Governance.

From an Information perspective, we’re all drowning from the fire hose of information overload.  We want and need filters.  But we need trustworthy and reputable filters, don’t we?  And a space without filters?

Yes, I know.  Question, not answers.

Leave a comment

Filed under Access, Accuracy, Analytics, Compliance (General), Controls, Culture, Data quality, Duty, Governance, Government, Information, Oversight, Policy, Technology, Third parties, Who is in charge?

When it rains, it pours

Wells Fargo, much in the news of late, make Page One, again.

“Wells Fargo Faces 401(k) Probe,” The Wall Street Journal, April 27, 2018 A1.  Investigation as to whether the bank pressured people in cheaper corporate 401(k) plans to roll their investment over into more expensive programs run by the bank.

Certainly a bank accused of similar conduct with respect to accounts, credit cards, mortgage loans, and auto insurance wouldn’t do anything so dastardly.  I mean, gosh, isn’t a bank a fiduciary?  Did they have a policy forbidding this behavior?  Are they just cheaters?  What else have they done?

I suspect they now know what a pinata feels like.

Who’s responsible for the culture at the bank that allowed all this to happen?  How much will this cost the shareholders?

Leave a comment

Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Internal controls, Oversight, Oversight, Policy

Fake money, squared

“India’s Central Bank: Faux Coins? Fake News!,” The Wall Street Journal, April 27, 2018 A16.  Central Bank tries to quash rumors on social media that certain coins (introduced to replace paper money) are counterfeit.

How can you respond to fake news?  Normal controls don’t work, as it is “challenging” to shut down social media channels.  But the government has an interest in protecting the reputation and value of its currency.

I guess I’d file this under (a) Governance (How can you control (i) rumors and/or (ii) social media?) and (b) Information (How do you deal with false information? What’s the (negative) value of false information?).  Other suggestions?

Leave a comment

Filed under Accuracy, Communications, Controls, Data quality, Duty, Governance, Government, Information, Protect assets, Third parties, To report, Value

Remember Yahoo?

“Successor To Yahoo Is Fined in Data Hack,” The Wall Street Journal, April 25, 2018 B4. $35 million fine for failure to properly investigate a cyber breach affecting hundreds of millions (billions?) of Yahoo accounts.

Yahoo no longer exists, with surviving pieces owned by Verizon and Alibaba Group Holding.

How to file this?  Was there an obligation way back (in 2014) to notify people when the Russians had hacked their accounts?  What happens to your company if there is a breach of your customers’ security?  And you fail to mention it to anyone?  A fine?  Drawing and quartering?


Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Duty, Governance, Oversight, Privacy, Protect assets, Security, To report

Can you censor?

“China Censors Spark Uproar In Quashing Student Activist,” The Wall Street Journal, April 25, 2018 A7.  Students make a request for open records from the Peking University about 20-year old rape allegations. The government rejects it. And then slams a student who circulated a letter telling her story through social media.  And that story circulates.

It sure is hard to put the genie back in the bottle after information gets to the Internet.  Are your controls adequate?  How do you enforce them?  Even if you have a command and control culture?

Leave a comment

Filed under Access, Compliance, Controls, Duty, Governance, Government, Interconnections, Internal controls, IT, Oversight, Third parties, Who is in charge?