Monthly Archives: October 2018

Who’s spreading the news?

“Egypt Send Actress to Jail for ‘Fake News,'” The Wall Street Journal, October 1, 2018 A9. Woman posting video on Facebook claiming sexual harassment posted on Facebook sentenced to two years in jail.

Publishing fake news with intent of toppling regime.  Egypt has some problems with sexual harassment.  Appeal expected.

Notice that the government prosecuted the woman, and not Facebook.


Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Culture, Data quality, Definition, Duty, Governance, Information, Internal controls, Oversight, Third parties

Facebook again. Again.

“EU May Fine Facebook $1.63 Billion Over Breach,” The Wall Street Journal, October 1, 2018 B1.  The hack of 50 million Facebook users reported earlier may lead to a large fine against Facebook (4 times its annual revenue).  The regulator in Europe has demanded more information.

Impact of stock value not reported.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Value

Inside baseball

“Panel Votes to Release Probe Records,” The Wall Street Journal, September 29, 2018 A3.  House committee votes to release some but not all of the transcripts of testimony given behind closed doors about possible Russian interference in the 2016 elections.

Interesting that, as an interviewee, you have no control over what investigators then do with what you said.  You don’t “own” that.  So, the government “governs” that information, and can ask that it be declassified; you can’t object.  But the government can decline to make some of this public, as they did here (testimony of two members or Congress were not in the interviews to be released). Power is an interesting thing.

And, as the public, you have no “right” to that information unless Congress and various intelligence agencies agree.

Leave a comment

Filed under Access, Communications, Controls, Duty, Governance, Government, Information, Internal controls, Oversight, Ownership, Third parties, To report

FB in the news. Again.

“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1.  Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code.  May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.

Is Facebook responsible for making sure its site is secure?  How did the executive in charge of safety and security miss this?  Does the Board at Facebook have liability?  Facebook no longer has a Chief Security Officer.

1 Comment

Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties

Hidden rebates

“FBI Probe Examines Ad Firms’ Practices,” The Wall Street Journal, September 28, 2018 B1.  Did ad agencies receive “rebates” from media outlets, without telling their customers?

How much would your business be hurt if your customers found out you were taking something on the side from the companies you contract with on behalf of those customers?  Would they take their business away from you and do it themselves?

Does your Code of Conduct prohibit cheating your customers?  Who must have known about this practice?  Who reported it?

Leave a comment

Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Third parties


What you do when an important executive is alleged to have violated company policy says a lot about your compliance program.

“Claims About Executive Tested Uber Overhaul,” The Wall Street Journal, September 27, 2018 B3.  Senior executive investigated; rather than being terminated, he received a formal warning (apparently, informal was not sufficient), his bonus was reduced Why do you give bonuses to people who violate company policy?), and was required to take sensitivity training.

This at a company that had a rather sordid history of sexual harassment.

How will Uber convince its remaining employees that this time it is serious?  Do you believe them?  Is this an effective compliance program under the Federal Sentencing Guidelines, assuming that’s the appropriate measure?

Where’s the Board?  Do they care?

Leave a comment

Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Uncategorized

Is this Governance?

“Google CEO Faces GOP Scrutiny,” The Wall Street Journal, September 25, 2018 A6.  GOP lawmakers look to discuss Google’s work in (and with) China, market power, and political bias affecting search results.

Does Washington, much less the GOP, have the power to govern Google?  From whence does that power to govern come, and what does that power control?  What is Google alleged to have done wrong?

Watch this space.

Leave a comment

Filed under Compliance, Controls, Governance, Oversight, Who is in charge?