Monthly Archives: June 2018

Happy Birthday!

Vendors with whom you deal can (and do) capture lots of information about you.  They use that information.  Hopefully to improve customer service.  Can they disclose what they know to others?  What if your traveling companions don’t know it’s your birthday because you don’t want them to know?

“What  the Airline Knows About The Guy in Seat 12A,” The Wall Street Journal, June 20, 2018 A11.  What information on you do airlines collect and how do they use it?

If the information is correct and used positively, that’s one thing.  What if it’s wrong, or used negatively?  What if it leaks?  What if it’s sold?

Advertisements

Leave a comment

Filed under Access, Accuracy, Collect, Controls, Corporation, Duty, Duty of Care, Governance, Information, Management, Oversight, Ownership, Privacy, Protect, Use

Conflicts as information

“McKinsey Held Back Chapter 11 Positions,” The Wall Street Journal, June 20, 2018 B1. Consultant advises in bankruptcy proceedings while holding undisclosed interests in the outcomes.

Did McKinsey not know that they had these investments?  Did they not have a process for checking for conflicts?  Or did they not care?  Did the lawyers not ask when employing an agent?  Was there no policy, at McKinsey or the court or the attorneys, about conflicts?

Maybe they need an outside consultant to review their processes.  Lots of really cool slides.

Leave a comment

Filed under Access, Accuracy, Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Duty of Care, Governance, Information, Internal controls, Lawyers, Oversight, Third parties, To report

Car 54, Where Are You?

Is where you are “information”?  If so, who owns it?  Can one piece of information be owned by more than one person, at the same time?  Is this something unique about “information” generally?

“Phone Giants Cut Off Two Location Services,” The Wall Street Journal, June 20, 2018, A1.  Verizon, AT&T, and Sprint will stop selling your location to two middlemen.

This decision wasn’t a recognition that your location is your information.  Rather, it was because one middleman allowed law enforcement agencies to see location data without a warrant. So, the phone companies are protecting your privacy from the government, but not from the phone companies.

One would hope that you could decide how and when your location data could be used by someone else.  But that is your decision, on your information.

Toody and Muldoon, where are you?

 

Leave a comment

Filed under Access, Controls, Corporation, Definition, Duty, Information, Internal controls, Ownership, Privacy, Third parties

It’s not just VW

Often, a corporation’s violation of law don’t result in a conviction of the senior officers or directors.  Sometimes it does, and when it does, that’s a powerful compliance message.

“Audi CEO Is Arrested In Emissions Scandal,” The Wall Street Journal, June 19, 2018 A1. Executive jailed in Germany to prevent obstruction of ongoing investigation into emissions testing scandal at VW.

This goes to Governance, Compliance, and Information.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, To report, Who is in charge?

Information – Use

In a robbery investigation, the victim gave police an Instagram photo of the suspect and the police ran that photo through a facial recognition system and the state’s drivers license database, and a driver’s license photo was identified.  The driver was arrested.

Is it okay for police to use (a) the Instagram photo or (b) the driver’s license photo to identify a robbery suspect?  Who’s information is it?  Is this an invasion of privacy?  As long as the suspect can contest the accuracy of the facial recognition software, do his rights count more than the victim’s?  Do restrictions on the use of biometrics in some states (Texas, Illinois, and Washington that I know of) change the calculus?

“Police Use of Driver Photos Stirs Debate,” The Wall Street Journal, June 18, 2018 A3.

Leave a comment

Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, Ownership, Privacy, Third parties

Poster boy for Information Governance

Years ago, while teaching a course to MBA students at Rice University, I used the Target credit card breach as a case study.  It touched a lot of bases.  Now we have a better one.

While there have been a lot of information governance-related stories in the news over the past two years, including Equifax and Facebook and VW and Wells Fargo, my nominee for the one name associated with the most significant teaching example in information governance and compliance is the former FBI Director, James Comey.

First, he gave us The Day That Information Governance Died, with his July 5, 2016 pronouncement that, notwithstanding her clear violations of several applicable legal laws dealing with the handling of confidential or secret information (and the destruction of information subject to a subpoena), Secretary Hillary Clinton’s use (and wiping) of a private server to store government email was not going to be prosecuted.  Such a pronouncement deviated “‘from well-established Department policies'” that the FBI does not comment about  ongoing criminal investigations.

Then he wrote a memo ostensibly commemorating a meeting he had with his boss on government business on a government computer (while in a government vehicle) during the work day, and declared that that was his personal correspondence that he could (and did) distribute as he pleased.

And now we learn that he conducted government business over his own private gmail account {that information does not appear in the WSJ article – Ed.}, and actively avoid his boss’ oversight (and his bosses failed to adequately supervise him).  “Report Blasts FBI Agents, Comey Over Clinton Probe,” The Wall Street Journal, June 15, 2018 A1. Inspector General releases his report on the Clinton Investigation.

Recap:

  • Violations of law are not enforced
  • Evidence is destroyed notwithstanding a subpoena
  • Senior employees ignore long-standing policy
  • Senior employees treat documents prepared by them in the course of business as their personal information
  • Senior employees use private email accounts to transact government business
  • Employees hide things from their bosses
  • Bosses failed to adequately supervise their reports

And this is at the FBI, by a lawyer.

Does anyone wonder why we have a hard time getting traction on information governance initiatives?  Certainly an argument for an Information Governance case study of just the Clinton email investigation and its aftermath.  Not sure you could cover it all in one semester, at both law schools and business schools.

 

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Culture, Discovery, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Lawyers, Managers, Oversight, Ownership, Ownership, Policy, Requirements, Supervision, Who is in charge?

A billion here, a billion there

Eventually, you’re talking real money.

“Volkswagen Fined $1 Billion in Germany,” The Wall Street Journal, June 14, 2018 B4. Fine for “dereliction of management oversight” following the diesel emissions-testing scandal.  Somewhat broader than a Caremark claim.

Will the directors have to pay anything out of their pockets?  Or just their shareholders’ pockets?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Governance, Internal controls, Oversight, Oversight