Monthly Archives: April 2018

Shameless

A small promotional message.  I was honored to provide a presentation at the ARMA Spring Conference in Houston yesterday.  The title of the presentation was “Headlines: A Year’s Worth of Information Governance Failures.”

The presentation described the top seven IG failures since April 25, 2017, and then discussed other headlines that fell into a number of buckets.  The source materials were the headlines from this blog in the last year, pulled from the Archives.

If you want to see and hear a rough draft of the presentation, or to just see the slides, go to www.LiipfertConsulting.com/articles.

 

Leave a comment

Filed under Uncategorized

Google this

“Google’s Practices Threaten Privacy, Too,” The Wall Street Journal, April 23, 2018 B1. Google’s practices may expose more information related to you.

What is you information worth to you?  What is it worth to someone else?  Who profits? What controls are in place and how effective are they?

Do you read their policies?  Do you care?

Leave a comment

Filed under Access, Analytics, Controls, Information, Ownership, Privacy, Third parties, Uncategorized, Value

Reliance

“U.S. Prosecutors to Weigh Criminal Case for McCabe,” The Wall Street Journal, April 20, 2018 A1. The DOJ Inspector General referred the case/matter of former FBI Deputy Director for criminal prosecution over his responses to investigators looking into leaks.

What does it say about the culture of an organization when two of its top officers, both of whom are lawyers, may have lied to federal investigators?  And what if that organization’s mission is the investigation of crimes?

How much do we rely on institutions and professionals to provide governance and to stand as examples of compliance?  Is that reliance justified?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Government, Lawyers, Legal, Requirements

Porsche raid

“Porsche Executive is Arrested,” The Wall Street Journal, April 21, 2018 B6.

In continuing fallout from the VW emissions cheating scandal, a senior Porsche executive (head of engine development) was arrested by German police and several offices and factories were raided.  A member of the Porsche board is also under investigation.

Fooling the emissions tests was not a great idea.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Corporation, Directors, Duty, Employees, Governance

Early warning

“SunTrust Sees Risk of Breach,” The Wall Street Journal, April 21, 2018 B3.  A SunTrust employee may have stolen information (names, addresses, account balances, and phone numbers) on 1.5 million customers.

The bank became aware of a problem in February, but only recently became aware that the (now-former) employee was trying to share the information outside the bank.

Good for the bank to have systems that notice the unusual activity and for the bank to have given relatively early notice.

 

Leave a comment

Filed under Communications, Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Privacy, Protect assets, To report

Phone companies can’t conspire, can they?

“Probe Focuses on Cellphone IDs,” The Wall Street Journal, April 21, 2018 B1.  DOJ investigates.

Are phone companies (and a standard-setting company) conspiring to make it harder for you to keep your phone number if you change carriers?  Or are they trying to make phones smaller?

Is your phone number information?  If so, to whom does it belong?  Is this just about whether you have to remove the SIM card to change carriers?

Just asking.

Leave a comment

Filed under Access, Controls, Definition, Information, Interconnections, Internal controls, Ownership

Going back to law school

“Comey’s Handling of Memos Is Investigated,” The Wall Street Journal, April 21, 2018 A1.

Apparently, the former head of the FBI (and a lawyer) considers memos he wrote in the course of his employment, about a meeting with his boss in his capacity as an employee, on his employer’s computers, to be personal documents, rather than government documents.  I don’t think he learned that at the University of Chicago’s Law School.

Forget, for the moment, whether these contained classified information, the leaking of which would be a crime a well as a violation of the duty of an employee.  He decided to transfer these memos to an outside party (a law professor!), so that they would be leaked to the press.  Another crime if classified information was involved.  But the law professor just became a member of a conspiracy involving the theft of government property.

But think about it from the employer’s point of view.  Didn’t Mr. Comey just convert an employer asset into a personal asset?  Allegedly, he created these contemporaneously as a business record.  Business records belong to the business.

I (another lawyer, mind you) take the view that everything an employee receives or creates in his or her role as an employee is the property of his/her employer.  How could a government employee decide to release them to the media in his/her role “‘as a private citizen.'”  Does this mean an employee of your company can decide on their own to broadcast your trade secrets, not as an employee, but as a private citizen?

Leave a comment

Filed under Compliance (General), Controls, Duty, Employees, Government, Information, Internal controls, Lawyers, Ownership

Costly

Wells Nears $1 Billion Settlement,” The Wall Street Journal, April 20, 2018 B1.

Wells Fargo is about to be (has been) fined close to $1 billion for irregularities regarding auto loans, auto insurance,  and mortgage loans.  This is the civil side.  This is in addition to the $185 million for the account cramming scandal in 2016, where the bank opened new accounts and credit cards that consumers did not request.  The Chief Risk Officer is also retiring.

Once again, the shareholders pay mightily for the sins of (mis-)management.

Leave a comment

Filed under Compliance (General), Culture, Governance, Risk, Risk assessment, Supervision

Turn-about

For years, securing access to information stored in Europe to support discovery for civil litigation in the US has been, to say the least, problematic.  Changes are afoot, for criminal matters, anyway.

“EU Calls for Access To Foreign Servers,” The Wall Street Journal, April 18, 2018 A7. “National law enforcement” should be allowed access on tech companies’ servers in both the EU and the US “to speed cross-border criminal inquiries.”

So, it looks like those pesky privacy laws won’t slow down law enforcement.  But weren’t those laws enacted in reaction to just such “national law enforcement inquiries”?  Does this mean we don’t have to go through the Hague Convention processes?

Leave a comment

Filed under Access, Controls, Privacy

Catching up

I was out of town for a bit, and am now catching up  So this will deviate from the usual one-story, one-post format.  19 squibs.

“ISS Opposes Five Equifax Directors,” The Wall Street Journal, April 17, 2018 B2.  A proxy advisor recommends against voting for members of the Board’s technology committee, who had responsibility for technology security.  Is that all that happens, they get fired?  157 millions accounts exposed and they get un-elected but not (yet) sued?  No claw-back of director’s fees?

“Facebook Data Dispute Embroils University of Cambridge,” The Wall Street Journal, April 16, 2018 B4. Cambridge says Facebook approved of the University’s use of Facebook data.  Or your data, if you wish.

“Fired FBI No.2 McCabe Misled Probe, Report Says,” The Wall Street Journal, April 14, 2018 A1.  Misleading an internal investigation into leak to the newspaper is not good.

“Volkswagen Prepares to Replace CEO, The Wall Street Journal, April 11, 2018 B1.  CEO who help VW survive the emissions scandal gets replaced. A palace coup after the company spent $25 billion+ on the scandal.  Is this more price for VW to pay?  And let’s not forget the shareholders, who foot the bill.  See also “VW Picks Chief After Boardroom Coup,” The Wall Street Journal, April 13, 2018 B1.

“Blunder Hits Samsung Securities,” The Wall Street Journal, April 11, 2018 B13. An employee’s mistake leads to mistaken issuance of $105 billion in shares, more than 30 times the company’s existing issued shares.  Do you have the right controls in place?  Is this an information governance issue?

“Facebook Hearings Put Regulation In Spotlight,” The Wall Street Journal, April 12, 2018 A1. Will the Facebook data leak/usage lead to new privacy regulation?

“Adviser Urges Shift On Board Of Equifax,” The Wall Street Journal, April 12, 2018 B10.  Does the company’s failure to avoid a cyber attack mean the board has to go?  Maybe.

“China’s Censors Zero In on Apps,” The Wall Street Journal, April 12, 2018 B4.  Chinese government extends control over a smartphone app that had crude jokes.  Now there’s enforcement of a policy, and a demonstration of what “governance” means.

“Zuckerberg Says Sorry for Harm Done,” The Wall Street Journal, April 10, 2018 B4.  Classic crisis management strategy:  admit you’re wrong?

“Sensing Urgency, Facebook Bolsters User Protections,” The Wall Street Journal, April 10, 2018 B5.  Locking the door after the horse bolted.

“Facebook Sets ‘Issue’ Ads Rule,” The Wall Street Journal, April 7, 2018 A1.  Does a background check on advertisers protect your privacy?

“YouTube Policies Stir Bitterness,” The Wall Street Journal, April 6, 2018 B1.  Following attack at YouTube HQ, taking a closer look at YouTube’s policies on filtering/restricting content.

“Facebook CEO: Lax Privacy a ‘Huge Mistake,'” The Wall Street Journal, April 5, 2018 A1.  Not focusing on privacy protections a “huge mistake.”  Really?

“Police Want to Send AI Into the Street,” The Wall Street Journal, April 4, 2018 A3.  Can body cams be used to collect “Person of Interest”-level information, real time?

“WPP’s Sorrell Faces Probe,” The Wall Street Journal, April 4, 2018 B1.  CEO of advertising company under internal investigation for misusing company assets.  It’s really just a question of duty.

“GM Scraps a Standard in Sales Reporting,” The Wall Street Journal, April 3, 2018 B1.  You manage what you measure.  So, no longer reporting this statistic will reportedly make it easier to measure performance.  Huh?

“Oracle Defeats Google In Court,” The Wall Street Journal, March 28, 2018 B1. Appeals court revives copyright infringement suit against Google.  $9 billion+ in damages alleged.

“Wedbush Accused Of Flawed Oversight,” The Wall Street Journal, March 28, 2018 B12.  SEC charges company with failure to properly supervise an employee involved in “long-running ‘pump-and-dump’ scheme.”

 

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Oversight, Ownership, Ownership, Policy, Privacy, Protect information assets, Security, Third parties, Value