Monthly Archives: October 2018

Compare and contrast

Europe is big on privacy.  That’s a good thing.  But perhaps not as good on freedom of speech and freedom of religion.

“Woman Who Insulted Islam Loses in Europe Court,” The Wall Street Journal, October 27, 2018 A7.  Woman fined in Austria for “disparaging” a religious doctrine, and judgment upheld by European Court of Human Rights.

So, the same place that says you have the right to be forgotten also says that you have the right not to have your religious feelings hurt.

Governing information is a tricky area, apparently, especially where the information is speech about religion. That this arose in Austria, which may because of history be especially sensitive to harming the religious feelings of others, may explain this.  Or it may not.  Is this the unintended consequence of a control that in a limited context made sense?  Or is this political, and therefore outside the normal controls?

We’re not in Kansas any more, Toto.

Leave a comment

Filed under Compliance (General), Controls, Duty, Governance, Government, Third parties

What’s worse than a tweet?

“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1.  FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.

What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market?  When does mere puffery become criminal?  What controls would you need to have to prevent this at your company?

Do you have them?  Are they enforced?

Leave a comment

Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report

It’s all information

This blog explores, from time to time, the outer reaches of the intersection(s) of Information, Governance, and Compliance.

Consider, for a moment, a fingerprint.  Not what you normally consider “information.”  And one seldom thinks of “managing” a fingerprint.  Who owns your fingerprint?  But consider the value of a fingerprint, and both the failure to “manage” or control where that fingerprint can be found and the ability to find that fingerprint and locate its owner.  How much information governance is involved in this process?

“Fingerprint Leads to Arrest Of Bomb Suspect in Florida,” The Wall Street Journal, October 27, 2018 A1.  Alleged mail bomber’s fingerprint in a package sent to a legislator leads to arrest of suspect.

Which leads me to the question,”What is there that isn’t information that is managed or controlled in our lives, or a least directly related to information that is managed?”  I struggle to find an example of something that isn’t information, or directly related (perhaps somewhat remotely) to information that is managed or controlled.


Leave a comment

Filed under Access, Accuracy, Analytics, Collect, Compliance, Controls, Data quality, Definition, Duty of Care, Governance, Information, Management, Oversight, Ownership, Records Management, Risk assessment, Use, Value

Too much sharing

“Facebook Draws U.K. Fine Over Sharing Data,” The Wall Street Journal, October 26, 2018 B4. Facebook fined half a million Pounds ($645,000) for allowing Cambridge Analytica for letting them see and use user data.  This is separate and apart from any fines the EU may impose.

Part of the problem is that Facebook didn’t do enough (i.e., anything) after it found out about Cambridge Analytica having accessed the data.

So, some points to consider:

  1. Whose information was it?
  2. Whose (and how many) rules (EU, UK, US, other) apply to (i.e., govern) a data breach?
  3. Why didn’t FB do anything after learning of the problem?  Did it not have a process for handling a vendor that accessed data inappropriately?  Doesn’t Governance require you to have such a process?  Does Compliance entail requiring your vendors to follow a process, and penalizing them when they don’t?
  4. The fine here won’t go to the UK residents whose privacy was invaded.  Is this a fine or a tax?  It certainly isn’t damages.



Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Privacy, Protect assets, Security, Third parties, Vendors

Management moves

No indication that this is Compliance-related; may just have been a personality conflict, or the continued shuffling of chairs under the new CEO.  But it certainly goes to Governance, which is at least tangentially related to information governance.

“Deutsche Bank Dismisses an Executive,” The Wall Street Journal, October 26, 2018 B10.  Bank dismisses its asset-management chief.

This may be just normal comings and goings.  But when a company dismisses/fires a member of its management board, it makes the news (probably has to be disclosed to the market especially since the guy handled the public offering of a major unit).  Especially when the company had fired its CEO earlier this year.

How is the rest of governance going there?  How’s the culture?  Is there a higher scrutiny of the bank this year?  On a whole host of issues?

Leave a comment

Filed under Communications, Culture, Governance, Investor relations

Non-disclosure non-agreement

“SEC Keeps Study On Speed-Bump Trading Under Wraps,” The Wall Street Journal, October 25, 2018 B11.  SEC has done a study of controls that slow down high-frequency traders, but hasn’t released that publicly.

The SEC is in charge of protecting the stock trading system.  As such, it watches over how quickly information moves within that ecosystem, and whether access is available to all at the same time.  But the SEC refuses to release the unredacted text of a study that it did on the impact on “controls” that limit the ability of high-speed traders to take unfair advantage of their access to information.

Curious as to why (and what) the government doesn’t want us to know.  Who oversees the government? (Hint: a free press is one of them).

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Duty, Governance, Government, Information, Interconnections, IT, Oversight, Technology, Third parties, To report, Value


“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1.  Tim Cook wants GDPR-style privacy protections in the US.  Claims “[o]ur own information … is being weaponized against us with military efficiency.”

He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.

How do we wrest control of our information back again?  Or is privacy dead?  And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?

Leave a comment

Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value


One of the consequences of non-compliance is a higher level of scrutiny from the regulators.

“Wells Fargo Places Two Executives On Leave,” The Wall Street Journal, October 25, 2018 B10.  The Comptroller of the Currency sent letters to two WF executives about their failures of oversight at the bank in connection with WF’s sales practices.  Execs (chief administrative officer and chief auditor) placed on leave and removed from operating committee.

Boy, does that ever not look good on your resume.

Why did the regulator have to do this?  One reason is that WF didn’t do it itself.  Would your compliance system do better?  Do the directors still have their jobs?


Leave a comment

Filed under Board, Compliance, Compliance (General), Corporation, Culture, Directors, Duty, Employees, Governance, Government, Oversight, Supervision, To report

Conduct matters

“Uber’s Top Deal Maker Quits After Conduct Claims,” The Wall Street Journal, October 23, 2018 B3.  Senior executive (48) resigns after allegations of sexual misconduct.  Also alleged to have violated company policy with a consensual affair with a colleague.

See also for an earlier nugget on this point.

So, a higher-up gets the heave-ho after bad conduct.  I guess the Compliance program has teeth.  But it did take a long time.  Firing (or moving aside) a high-producer shows a company’s commitment, even at a company with a bad history.  Did he get a package?  Multiple messages here.


Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Duty, Employees, Governance, Oversight

New broom sweeping

“Goldman Shakes Up Top Ranks In Asia,” The Wall Street Journal, October 22, 2018 B3.  Following appointment of a new CEO for Goldman, two chiefs of investment banking being moved out of management roles following a corruption scandal of unreported dimensions in Asia.

It’s unclear from this article whether this is just a normal change (therefore just a Governance issue, with the new CEO exercising his authority in the early days) or is somehow connected to the corruption scandal (and therefore somehow a consequence of some Compliance failure).

Leave a comment

Filed under Controls, Governance, Internal controls, Oversight, Who is in charge?