“Court Rejects SEC Judge Process,” The Wall Street Journal, June 22, 2018 A2. Supreme Court rules administrative law judges appointed by lower level staff are not constitutional.
This doesn’t speak to information. It is more Governance and Compliance; these concepts are close, but different.
Compliance: The process for appointment was unconstitutional. Does this mean that every decision they made was invalid? What does it say that the agency did not follow the appropriate processes? What did other agencies do (ALJ’s are everywhere in Washington, D.C.)? The Executive Branch sort of overlapped with the Judicial?
Governance: Appointing judges in an unconstitutional manner seems to suggest a failure of governance. Who decided to do this this way? Is he or she going to be held accountable for the decision? What about other agencies? What type of risk assessment was performed, if any?
“Europe’s Privacy Law Fails to Stoke Demand for Cyber Insurance,” The Wall Street Journal, June 21, 2018 B10. Companies aren’t buying as much privacy insurance as people thought.
Certainly, in the wake of the GDPR rollout, the risk of a privacy law violation has increased. Apparently companies think that they have adequate controls in place, and don’t need the protection of insurance to backstop their controls. Insurance is a mitigation in case your controls aren’t totally effective.
Are these companies doing the same with other risks to other assets? Or is you private data somehow different?
Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Internal controls, IT, Management, Oversight, Ownership, Privacy, Protect, Protect assets, Protect information assets, Security, Third parties
Sometimes tracking is a good thing.
“Tech to Track Errant Kegs,” The Wall Street Journal, June 21, 2018 B4. Sensors installed to reduce 10% shrinkage rate from theft or misplacement of beer kegs. Could also track temperature.
Do you track similar information? Is this more or less valuable than knowing what records you have and where you have them?
“Tesla Accuses Former Employee of ‘Sabotage,'” The Wall Street Journal, June 21, 2018 B3. Did a former employee hack Tesla’s manufacturing software and trade secrets and transfer information outside the company? Was this for convenience, or was it theft? Or to give to the press?
Do you have adequate controls to prevent this? Or to discover it? Who’s responsible if your controls fail?
Will the directors or senior officers be punished? Did they fail in their obligations to protect the corporation’s assets? Or is it just the shareholders who pay? And pay, and pay.
Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Management, Oversight, Oversight, Protect, Protect assets, Protect information assets, Third parties, Value
Vendors with whom you deal can (and do) capture lots of information about you. They use that information. Hopefully to improve customer service. Can they disclose what they know to others? What if your traveling companions don’t know it’s your birthday because you don’t want them to know?
“What the Airline Knows About The Guy in Seat 12A,” The Wall Street Journal, June 20, 2018 A11. What information on you do airlines collect and how do they use it?
If the information is correct and used positively, that’s one thing. What if it’s wrong, or used negatively? What if it leaks? What if it’s sold?
Filed under Access, Accuracy, Collect, Controls, Corporation, Duty, Duty of Care, Governance, Information, Management, Oversight, Ownership, Privacy, Protect, Use
“McKinsey Held Back Chapter 11 Positions,” The Wall Street Journal, June 20, 2018 B1. Consultant advises in bankruptcy proceedings while holding undisclosed interests in the outcomes.
Did McKinsey not know that they had these investments? Did they not have a process for checking for conflicts? Or did they not care? Did the lawyers not ask when employing an agent? Was there no policy, at McKinsey or the court or the attorneys, about conflicts?
Maybe they need an outside consultant to review their processes. Lots of really cool slides.
Filed under Access, Accuracy, Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Duty of Care, Governance, Information, Internal controls, Lawyers, Oversight, Third parties, To report
Is where you are “information”? If so, who owns it? Can one piece of information be owned by more than one person, at the same time? Is this something unique about “information” generally?
“Phone Giants Cut Off Two Location Services,” The Wall Street Journal, June 20, 2018, A1. Verizon, AT&T, and Sprint will stop selling your location to two middlemen.
This decision wasn’t a recognition that your location is your information. Rather, it was because one middleman allowed law enforcement agencies to see location data without a warrant. So, the phone companies are protecting your privacy from the government, but not from the phone companies.
One would hope that you could decide how and when your location data could be used by someone else. But that is your decision, on your information.
Toody and Muldoon, where are you?