Category Archives: Access

Progressive?

It’s one thing when an insurance company asks you to install an appliance that tracks your driving habits.  You can qualify for rate discounts.  But what if the car manufacturer installs an app that sends the data to the insurer?

“App Tracks Driving Habits,” The Wall Street Journal, July 6, 2018 B3.  Mitsubishi installs app and offers to arrange to send data to insurers.

Again, this looks like someone else stepping in and trying to make money from sharing your data, not theirs.  Will this, as this article says, lead to insurers economically forcing you to share this information?  How you drive is one thing; but this would also include where you go, and when.  And can be tied to your credit rating, ZIP code, age, gender, etc.

What’s this data worth to you?  More or less than what it is worth to Mitsubishi and the insurance companies?  What will they do with this data once they have it?  Will they keep it secure?  Do they do this on cars sold in Europe or, for that matter, Japan?  Both countries have significantly stronger privacy protections than the US.

Advertisements

Leave a comment

Filed under Access, Analytics, Controls, Information, Privacy, Security, Technology, Third parties, Value

Trade-off?

“Cheap Phones Grab User Data,” The Wall Street Journal, July 6, 2018 B1. Cell phones sold in developing countries with limited privacy protections loaded with programs that harvest data.

While the phone give free access to the Internet, they are loaded with apps that track the user’s location, run targeted ads, and send usage data to the phone manufacturers.  But the users aren’t given a choice, beyond whether they want a phone or not.

Is this similar to the Faustian bargain already made in developing countries, trading our privacy for access to Facebook or Google or Amazon?  At least we were given the choice.  Sort of.  And we have privacy laws.  Sort of.

 

 

 

Leave a comment

Filed under Access, Controls, Privacy, Security, Technology, Third parties, Value

Same song, different verse

“App Developers Gain Access To Millions of Gmail Inboxes,” The Wall Street Journal, July 3, 2018 A1.  Depending what you signed up for, your Gmail inbox may be being viewed by hundreds of outside software developers.

Be careful what you agree to, and who you let see your information.

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

How to prevent contamination?

“Amazon Delves Into Health Data,” The Wall Street Journal, July 2, 2018 B3.  Amazon buys a company with a bunch of personal health information.

It’s not like Amazon doesn’t have to deal with a whole host of privacy regulations, including the EU and, more recently, California.  But personal medical information is different, and subject to different controls.

How does a company that lives on finding relationships in large bodies of information deal with information that can’t be used freely?

We’ll see.

Leave a comment

Filed under Access, Analytics, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Policy, Privacy, Third parties

Equifax compliance education

“Former Equifax Manager Is Charged,” The Wall Street Journal, June 29, 2018 B3. To respond to the huge privacy breach at Equifax last year, the company set up a website to help some of those affected.  The former software manager setting up that website  bought some options, betting that Equifax’s stock would go down once the breach was discovered.  He faces criminal and civil charges.

Who would have thought a software engineer needed insider trading education?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, Legal, Oversight, Policy, Protect assets, Requirements

Encryption, point-to-point

“Emails Add to the Turmoil at WPP,” The Wall Street Journal, June 29, 2018 B2. A company technician recovered  WhatsApp messages from the phone of a former employee; these messages were then sent by encrypted email to a few employees.  Technician who recovered the messages has also left the company. [BTW, messages on WhatsApp are encrypted point-to-point, but are recoverable from a device that received them.]

What happens to messages on your company phone when you leave?  Do you care?  Do you use encryption  to send messages anonymously?  Why?

These messages were in an account used to coordinate the former CEO’s travel.  And maybe for other stuff.  The CEO already resigned.

 

Leave a comment

Filed under Access, Communications, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Policy, Privacy, Protect assets, Security

EU comes West

“Sweeping Privacy Bill Passes in California,” The Wall Street Journal, June 29, 2018 B1.  State law gives us the right to not share our data online, and to prohibit the sale of that information.  Downside: it may cost you more.

This will be hugely disruptive for online businesses.  But it does get to the question: “Who owns ‘your’ data?”

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Ownership, Privacy, Value