Spying is the quintessential case involving Information, Governance, and Compliance.
“Ex-Air Force Agent Accused of Espionage,” The Wall Street Journal, February 14, 2019 A1. An intelligence agent allegedly transferred secret information to Iran.
What controls do you put in place to keep someone with access to highly confidential information from turning to the Dark Side? How do you make sure those controls are effective?
“Blogger Sues Twitter Over Hate-Policy Ban,” The Wall Street Journal, February 13, 2019 B6. Blogger claims Twitter banned her because she criticized transgender rights and used the “original birth sex” pronoun to refer to a transgender person.
Does this violate Canada’s unfair competition law? Are there limits on what a semi-public platform can ban? Does the government Govern this, or does Twitter?
Is your birth sex Information, as much as your chosen sex designation? Who governs the rules of English grammar? Does banning someone from Twitter give rise to a cause of action?
“Trial Begins for Former KPMG Partner,” The Wall Street Journal, February 12, 2019 B6. KPMG fired the partner when the allegations came up, and is cooperating with the prosecutors. He’s accused of conspiring to get confidential governmental information about which audits were going to get reviewed by the PCAOB. Other partners have pled guilty.
Governance includes restricting access to confidential information; Compliance requires that your employees don’t try to cheat. Information about what audits the government would review seems to have value. And auditors hopefully don’t cheat.
Who still uses KPMG to do their audits? Why?
“Your Company and Your Fitness Data,” The Wall Street Journal, February 12, 2019 A11. Your employer is asking for access to your health and fitness information. Is there a risk of misuse?
It’s your information, so you decide. If you want the benefits and incentives, then you need to do what the company asks. But might this information to make promotion/separation decisions? Could it be provided to advertisers?
“Rules to Ease Patient Access to Health Data Are Proposed,” The Wall Street Journal, February 12, 2018 A6. You may be able to see it all on your smart phone, regardless which hospital or doctor generated it..
Isn’t it a good thing when the government makes it easier for you to use your information? And to get it for free? Even the treatment notes.
What’s wrong with this picture? It makes too much sense. Doesn’t government make our lives more difficult? While privacy is a concern, this seems like a good idea.
So, Information and Governance.
“Germany Slaps Data Curbs on Facebook,” The Wall Street Journal, February 8, 2019 B3. Germany accuses Facebook of abuse of a dominant position and restricts Facebook’s use of your information.
So, a government can impose controls on use of your information that you can’t. And hits Facebook in its pocketbook.
What if France or China or the US takes a different position, or the same position? How do you comply with the laws of the multiple jurisdictions in which you operate?
Information, Governance, and Compliance, all at once.
“Recording Toppled Herbalife Boss,” The Wall Street Journal, February 8, 2019 B2. CEO resigned after a decade-old recording surfaces where he said to ignore a company policy on expense reporting. He was CFO at the time.
What does it say when the CFO of a company tells others to ignore expense reporting policies? What does it say that nobody mentioned this to the Compliance folks? What was the culture at that company?
The fact that the conversation was recorded says something else about the culture, eh?
Governance. Information. And Compliance.
“Bezos Accuses Tabloid of Blackmail,” The Wall Street Journal, February 8, 2019 A1. Did the National Enquirer blackmail Jeff Bezos with compromising photos? Is it okay to tell people not to search for the leaker?
Mr. Bezos published the correspondence from the National Enquirer, thereby destroying any value of the information to the alleged blackmailer.
What’s the value of Information? How did Mr. Bezos’ emails get hacked (Governance/Compliance)? Why was this photo ever taken?
How does blackmail differ from reporting? Especially given the now-broken story of Mr. Bezos’ divorce?
“Crypto Mystery: One Lost Password, Missing Millions and a Death in India,” The Wall Street Journal, February 7, 2019 B1. Are investors out $136 million because of one person’s lost password?
Is your password Information? Yes. Who will be hurt if you die and nobody knows your password? Or was the money lost before, and investigating the circumstances now is difficult? How do you manage your passwords if you die? Is it Governance to allow one person to control access to information on $136 million of other persons’ assets?
Is this a known (and appreciated) risk in cybercurrency? Do you have a plan for people accessing your computer and other accounts after your death?
If you’re told of a risk of failure, but discount it, you can be in real trouble if the warned-of-risk happens.
“Company Was Told Of Risks To Dam,” The Wall Street Journal, February 7, 2019 A1. Report from months before dam collapse warned of those risks. Report was from an independent safety inspector who also acted as a consultant for the company. No conflict there, apparently.
Who do you get your information from? Were you right to continue to operate in light of the risk? Was your decision reasonable, when viewed in hindsight after 150 people are killed?
Information (risks are information, too) and Governance (did you use the information correctly?) and Compliance (is a safety inspector still independent if you’re also using them as a consultant?).