“Prosecutors Drop All Charges Against Actor Jussie Smollett,” The Wall Street Journal, March 26, 2019. Charges dismissed against actor accused of faking a hate crime attack.
Not what you’d readily recognize as an information governance story. But think about the information used in filing the police reports and the controls in place to prevent false police and news reports and unjustified criminal convictions and punishments, and how well they worked. At the police and prosecutors’ offices, the courts, and in newsrooms around the country (world).
Does your company act on unproven or unreliable information? What does that cost? What controls do you have in place? Today’s quiz: how does this fit under the headings of Governance, Information, Compliance, and Use? Identify and discuss.
“Ill-Fated Hewlett-Packard Deal Is Back in Court,” The Wall Street Journal, March 26, 2019. HP alleges that Autonomy fraudulently inflated its financial results, leading HP to pay an hugely inflated price for the company.
What controls are in place to prevent you from overpaying for a company? Isn’t that why there are such things as audited financial statements and due diligence by teams of lawyers and accountants? Didn’t HP and its board of directors consider the possibility that the numbers had been juiced?
So, principally Governance and Information. But a bit of Compliance, as the HP directors had a duty of care (which is a legal duty), as did the directors of Autonomy. Are they getting sued, too? Did the shareholders of both companies assume that the directors and officers would fulfill their duty of care?
“Duke University Agrees to Pay $112.5 Million in Whistleblower Suit Over Grants,” The Wall Street Journal, March 25, 2019. University employee used fake data to secure federal grants.
The university employee had been found to be embezzling. A whistleblower (using his brother as his attorney) sued under the False Claims Act.
Not a good month for prestigious universities.
Governance, Compliance, Information, and Use all in one story. The university didn’t have sufficient controls (Governance) to manage the Information its employees were submitting to the government, and a whistleblower apparently spoke to his attorney brother and then sued to enforce Compliance (and get a slice of the recovery). Now there’s a compelling case for the use and value of information about a colleague’s bad behavior.
“Key Takeaways From Attorney General’s Summary of Mueller Report,” The Wall Street Journal, March 24, 2019. AG Barr submits a 4-page summary of the much-longer Mueller report.
This just deals with Governance and Information. Isn’t a summary or a digest by definition less complete than the full version? But don’t we perforce rely on summaries and outlines to allow us to function, relying on the objectivity of the author of the summary to avoid true information overload? This is true when we’re in school and when we read a newspaper or listen to the news on TV.
Do we realize how much we rely on those filters in order to function in the modern world? Do we really test their objectivity and honesty? Isn’t everything peeling back the skin of an onion, or opening a Matyroshka doll (the Russian wooden doll), where you can always dig deeper and get more information? At which level or layer do you become satisfied? Even when the “full” version is itself actually a condensed version of all the facts?
“Most Bitcoin Trading Faked by Unregulated Exchanges, Study Finds,” The Wall Street Journal, March 23, 2019. More than 90% of reported trading in cryptocurrencies was fraudulent, study finds. “Of the roughly $6 billion in reported daily volume during four days in March, the firm calculated that about $273 million was legitimate.”
When do you suspect that the information your are being given isn’t true? What controls do you have in place, and what laws or regulations control? Is a bitcoin a security within the reach of the US securities laws? If not, who’s in charge?
Do you want a bit more control over this, or is “buyer beware” enough protection for the savyy investor?
“FEMA Officials Accidentally Released Private Data From 2.3 Million Disaster Victims,” The Wall Street Journal, March 23, 2019. Agency shared unnecessary personal information with a contractor.
Once you have someone’s private data, what controls do you have on using it, storing it, or transferring it to someone else? Those are steps you take in protecting those peoples’ data. Are you sharing enough, but not too much, of their private information?
I am struck by the use of “accidentally” in the headline. The government intended to release the data it released; this was not the case of leaving their briefcase on a bus. I guess they “accidentally” gave the contractor more information than necessary. I guess, but am not sure, that this is better than being hacked, which implies the intervening act of a third party. Here, there was not third party.
The beat goes on.
“Prosecutors in 737 MAX Probe Focus on Boeing Disclosures to Regulators, Customers,” The Wall Street Journal, March 23, 2019. Did Boeing mislead customers or regulators?
If you are in a regulated business, be careful what you say and what you don’t say to regulators. Speaking untruth to power is ill-advised.
What controls do you have in place to make sure that what you say to regulators is the truth, the whole truth, and nothing but the truth? How do you monitor the effectiveness of those controls? Especially when an untruth may be a criminal offense? And how do you manage the retention or non-deletion of associated drafts and emails and such?
“The Secret to Winning Votes: Take the Name of a Popular Leader,” The Wall Street Journal, March 23, 2019. Candidates change their names to that of a former leader.
Your name is, in a sense, Information, akin to the brand of a product. Are there rules about changing your name with the intent to deceive people? In Thailand, apparently not.
“House Democrats Probe White House Officials’ Email Use,” The Wall Street Journal, March 22, 2019. Did they use personal email accounts for government business?
One of the tricky things about Compliance is if you have a well-publicized case of another executive doing something that looks to be against the rules and he or she is not punished, it’s hard to enforce those restrictions against the next alleged violator.
So, what are the rules here? The ones on the books or the ones in practice? Does anyone in your company use personal email for company business? Is that against the rules? Do you enforce that rule? Or is the practice so widespread your policies/rules are unenforceable? Or is this just the distinction between employees of the White House and employees of the Department of State or the Justice Department?
“Samsung Probed U.S. Marketing Operation Over Dealings With Business Partners,” The Wall Street Journal, March 22, 2019. Looks like people were playing fast and loose with expense reporting policies and the like. Some employees “were let go for cause and without severance following the audit.”
This is a bit of a departure for this blog of late; I haven’t focused so much on pure compliance issues. But this is about Governance and Compliance, writ large. The employees here violated company policy – not laws (as far as we know). Co that’s Compliance (or not). Remember that an employee’s common law duty to his/her employer includes the obligation to comply not only with applicable law, but also with company policy and other lawful instructions from their managers. Violate that and you get fired, for cause.
Try telling your next potential employer that you got “laid off” “for cause.” That’s “Governance.”