Monthly Archives: April 2018

April 30, 2018 · 10:32 am

23 & you

Lots of positives from sharing your genetic information online.  You can find distant relatives and explore your heritage.  Or locate a serial killer.

“Use of Database Raises Questions,” The Wall Street Journal, April 30, 2018 A6.  Private genetics website used to link the DNA from a murder scene to the suspected Golden State Killer.

I haven’t read the terms and conditions of the site at issue, but suspect that it does not prohibit the use of the data by law enforcement (perhaps unlike Uber in the Greyball case).  Does it invade your privacy for the government to look at data that you have made available to a large groups of “others”?  Who can the suspect sue for violating the terms and conditions?  And what would be his damages?

So, add genetics to the definition of “information.”

Leave a comment

Filed under Access, Analytics, Controls, Corporation, Data quality, Definition, Duty, Governance, Information, Ownership, Policy, Privacy, Third parties

April 30, 2018 · 10:19 am

Public information

Can you get in trouble for disclosing public information?  If you’re a naturalized American citizen of Chinese heritage, maybe.

“Worker Wins Ruling in Spy Case,” The Wall Street Journal, April 30, 2018 A4. Court orders government to reinstate and pay back pay to a hydrologist at the Commerce Department fired two years ago for providing publicly-available data to a a former classmate who just happened to be a water-resources official in China.

Interesting questions about what controls (if any) apply to public information, and the steps that an employer can take against its employees for providing information to friends.

Can James Comey take solace?  Or does it need to be public information?

Leave a comment

Filed under Access, Compliance (General), Controls, Duty, Governance, Government, Information, Oversight, Ownership

April 28, 2018 · 1:55 pm

Tell me it ain’t so, Joe!

“EU Presses Tech Firms on Search Results, Fake News,” The Wall Street Journal, April 27, 2018 B5.  The EU looks into how Google and Facebook control what EU residents see, requiring more transparency as to how they filter what we see.

Wonder if the US Congress will follow suit, or develop its own solution.

From a Governance perspective, how can a government control this?  Are Google and Facebook something other than private businesses?  Utilities?  Media?  What rules apply and who makes (and enforces) them?  Maybe you can require all information to be searchable, but then how do you limit and group the number of responses?

From a Compliance perspective, how will Google and Facebook be able to comply with different controls imposed by different governments, some of which don’t have the same press protections as the US has (assuming Google and Facebook are “the press”).  Do we need a squad of fact-checkers?  And who would govern them?  Oops.  There’s a link to Governance.

From an Information perspective, we’re all drowning from the fire hose of information overload.  We want and need filters.  But we need trustworthy and reputable filters, don’t we?  And a space without filters?

Yes, I know.  Question, not answers.

Leave a comment

Filed under Access, Accuracy, Analytics, Compliance (General), Controls, Culture, Data quality, Duty, Governance, Government, Information, Oversight, Policy, Technology, Third parties, Who is in charge?

April 28, 2018 · 1:40 pm

When it rains, it pours

Wells Fargo, much in the news of late, make Page One, again.

“Wells Fargo Faces 401(k) Probe,” The Wall Street Journal, April 27, 2018 A1.  Investigation as to whether the bank pressured people in cheaper corporate 401(k) plans to roll their investment over into more expensive programs run by the bank.

Certainly a bank accused of similar conduct with respect to accounts, credit cards, mortgage loans, and auto insurance wouldn’t do anything so dastardly.  I mean, gosh, isn’t a bank a fiduciary?  Did they have a policy forbidding this behavior?  Are they just cheaters?  What else have they done?

I suspect they now know what a pinata feels like.

Who’s responsible for the culture at the bank that allowed all this to happen?  How much will this cost the shareholders?

Leave a comment

Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Internal controls, Oversight, Oversight, Policy

April 28, 2018 · 1:29 pm

Fake money, squared

“India’s Central Bank: Faux Coins? Fake News!,” The Wall Street Journal, April 27, 2018 A16.  Central Bank tries to quash rumors on social media that certain coins (introduced to replace paper money) are counterfeit.

How can you respond to fake news?  Normal controls don’t work, as it is “challenging” to shut down social media channels.  But the government has an interest in protecting the reputation and value of its currency.

I guess I’d file this under (a) Governance (How can you control (i) rumors and/or (ii) social media?) and (b) Information (How do you deal with false information? What’s the (negative) value of false information?).  Other suggestions?

Leave a comment

Filed under Accuracy, Communications, Controls, Data quality, Duty, Governance, Government, Information, Protect assets, Third parties, To report, Value

April 26, 2018 · 3:01 pm

Remember Yahoo?

“Successor To Yahoo Is Fined in Data Hack,” The Wall Street Journal, April 25, 2018 B4. $35 million fine for failure to properly investigate a cyber breach affecting hundreds of millions (billions?) of Yahoo accounts.

Yahoo no longer exists, with surviving pieces owned by Verizon and Alibaba Group Holding.

How to file this?  Was there an obligation way back (in 2014) to notify people when the Russians had hacked their accounts?  What happens to your company if there is a breach of your customers’ security?  And you fail to mention it to anyone?  A fine?  Drawing and quartering?

 

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Duty, Governance, Oversight, Privacy, Protect assets, Security, To report

April 26, 2018 · 2:50 pm

Can you censor?

“China Censors Spark Uproar In Quashing Student Activist,” The Wall Street Journal, April 25, 2018 A7.  Students make a request for open records from the Peking University about 20-year old rape allegations. The government rejects it. And then slams a student who circulated a letter telling her story through social media.  And that story circulates.

It sure is hard to put the genie back in the bottle after information gets to the Internet.  Are your controls adequate?  How do you enforce them?  Even if you have a command and control culture?

Leave a comment

Filed under Access, Compliance, Controls, Duty, Governance, Government, Interconnections, Internal controls, IT, Oversight, Third parties, Who is in charge?

April 26, 2018 · 2:40 pm

Complaints ain’t facts

“CFPB May Restrict Complaint Database,” The Wall Street Journal, April 25, 2018 A5. Government may restrict public access to a database of consumer complaints that haven’t been verified by the government.

All information is not equally reliable.  Does the government, by allowing people to post complaints, somehow vouch for the accuracy of those complaints?  Is the government in the business of publishing complaints, versus government findings?

Sure, it would be nice to have a central clearing house of complaints.  But is that the role of government?

Leave a comment

Filed under Access, Accuracy, Compliance, Controls, Data quality, Duty, Governance, Government, Information, Third parties

April 26, 2018 · 2:28 pm

Administrative procedures

“EPA Limits Data Used in New Rules,” The Wall Street Journal April 25, 2018 A4. Underlying studies must be made public and the findings must be reproducible before research will be used to justify new regulations.

Does the government need to allow you an opportunity to contest the “facts” upon which regulations are issued?  Is it right for the US government to rely upon scientific studies that in turn rely on secret information in order to establish regulations?  Do the government need to independently validate information before taking regulatory action?   How can an opponent reasonably contest the wording and scope of a regulation if he/she can’t see the evidence?  Or if the evidence doesn’t prove what the scientist says it proves?

Is this about information, or governance, or information governance?  More than one?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Duty, Duty of Care, Governance, Government, Internal controls, Oversight, Third parties

April 26, 2018 · 2:12 pm

Barriers to entry

“Europe’s New Consumer Privacy Law Gives Edge to Tech Giants,” The Wall Street Journal April 24, 2018 A1.  The General Data Protection Regulation, which goes into effect next month, protects consumers but also gives Google and Facebook an advantage.

By wielding their power over advertisers and taking a strict interpretation of the law, Facebook and Google can make it really difficult for competitors to establish competing platforms.

Is this what the European regulators anticipated?

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Privacy, Requirements, Third parties, Vendors