“HIV Status of More Than 14,000 People Leaked in Singapore Data Breach,” The Wall Street Journal, January 29, 2019. The partner of a doctor with access to the records released the information after he was deported.
How do you keep your employees from leaking sensitive data to their partners? How do you prevent those partners from disclosing that information?
Principally a Compliance and an Information point, although one could argue there’s some Governance.
“Two Groups Account for $1 Billion in Cryptocurrency Hacks, New Report Says,” The Wall Street Journal, January 29, 2019. The suspected hackers are still active, and there are many others as well.
Willie Sutton, when asked why he robbed banks, reportedly said (but personally denied saying, but why believe him?), “Because that’s where the money is.”
Cryptocurrencies, like bitcoin, are Information, in a sense, with a monetary value. Protection of such currency in place, in a digital world, is Governance (you have a fiduciary duty to protect the assets entrusted to your care), and Compliance (with law and with company policy). So, security is a bit Governance and a bit Compliance.
“Nevada: Wynn Resorts Executives Ignored Sexual Misconduct Claims Against Steve Wynn,” The Wall Street Journal, January 29, 2019. Executives allegedly aware of sexual misconduct claims against the boss have all since left the company.
What does it say about Governance (culture) and Compliance (law and policy, enforcement) when the boss pays million-dollar settlements, and the company agrees to pay a fine, but the executives charged with protecting the employees and the shareholders all just quietly leave? How much of the damages caused do those executives pay, versus how much do the remaining shareholders pay?
The executives include 3 general counsels, one president, one president and COO, a vice president, and an HR director.
It’s lonely at the top, I guess.
“U.S. Authorities Unveil Sweeping Set of Charges Against China’s Huawei,” The Wall Street Journal, January 29, 2019. “Federal prosecutors accused Huawei of violating U.S. sanctions on Iran and of stealing trade secrets from a U.S. business partner, portraying the company as a serial violator of U.S. laws and global business practices.”
Perhaps (!) linked to upcoming trade talks, this is still a strong Governance, Compliance, and Information piece. Compliance issues on both non-information items (sanctions) and information items (theft of trade secrets), and even the sanctions piece has an information element, as the company is accused of lying to banks about its Iran business.
Politics seems to be an element of both Governance and Compliance (enforcement) here. Is it always? While one may be less troubled by a sniff of politics in Governance, doesn’t politics taint Compliance?
“Colleges Mine Data on Their Applicants,” The Wall Street Journal, January 28, 2019. In deciding who to admit, colleges track when you first came to their website, and consider how long you take to respond to their emails and whether you follow links they give you.
Tracking is the next new thing, or the last old thing. Somebody can see a lot of what you did and when, and use that for their own purposes. While this seems okay on the normal consumer context, does it seem unseemly in a college application? Or is this just harnessing the available information and applying it with diligence?
Hopefully, the colleges don’t share this with each other. They wouldn’t do that, would they? They’re competitors, sort of. Although a software provider sells to hundreds of schools.
But do students know they are being tracked? Is any of this private, or is it all factual information about metrics around a relationship between a person and the college?
So, Information, certainly. Not Compliance, because there doesn’t see to be a law against it. Governance? Does it go to an ethical issue that a school is doing this without disclosing it to their applicants? Is it different that it’s done with technology rather than an admissions officer’s feeling about the depth of an applicant’s interest?
“Google, Amazon Seek Foothold in Electricity as Home Automation Grows,” The Wall Street Journal, January 28, 2019. “… [T]hey are seeking ways to expand their smart speakers, internet-connected thermostats and other devices to harness information on consumers’ personal energy use. That data holds great power; it can be used to manage energy demand by incentivizing consumers to use less electricity during peak hours.”
And they will never use that data (whose data is it?) against us. At least until they can find a way to sell or rent it back to us (or to an advertiser who wants to install energy-efficient storm windows) or maybe to the government, to find out who’s using more than their fair share. Or whatever.
Clearly this involves Information, and who owns it and who can profit from its use. Is there an aspect of Governance, in the sense of what rules exist to limit the use and abuse of the this data? Would European-style privacy laws restrict this “harnessing” by two fledgling monopolists, who might otherwise extend their reach too far?
Google says, “If we can make, collectively, a lot of small changes across a large number of people, that has a large benefit to power providers, the grid, the environment and the consumer.” And maybe Google might get a few bucks out of it, too.
“WPP Asked Ex-CEO Martin Sorrell to Repay Expenses,” The Wall Street Journal, January 26, 2019. Company tries to recoup some expenses claimed by its former CEO.
Who monitors your expenses, and how closely? If the expenses are considered excessive, do you just repay those, or do you get fired? Does a CEO have a higher duty on this than a mere worker bee? And is there a distinction of claiming $5 for a $4 taxi fare, versus claiming the cost of a prostitute? Are there some claims that are just unreasonable?
Expense reports are records, and Information. The rules for claiming them are covered by company policy and procedures, and monitoring compliance with those rules are part of Governance and Compliance. How tight are those rules? And how tightly are they monitored and enforced? What does it say about the culture of the company if there can be a legitimate dispute about whether your kid’s ski trip is an allowable business expense?