Category Archives: Board

January 4, 2019 · 5:22 am

Catching up again, part 2

Continuing from https://infogovnuggets.com/2019/01/04/catching-up-again/

  1. Pot calling the kettle black

    “Comey Tells House Panel He Suspected Giuliani Was Leaking FBI Information to Media,” The Wall Street Journal, December 10, 2018.  Former FBI Director Comey, who admitted to leaking information to a reporter through a law school professor, complains that someone else did it, too.

  2. Yes, we have no privacy

    “Thieves Can Now Nab Your Data in a Few Minutes for a Few Bucks,” The Wall Street Journal, December 10, 2018.  Following the series of major hacks of privacy data (e.g., Marriott, LinkedIn, Equifax, and Yahoo), “Every American person should assume all of their data is out there,” said one FBI agent.  Comforting.

  3. Duty to report

    “New Report Shows Olympics Executives Concealed Knowledge of Nassar Allegations,” The Wall Street Journal, December 11, 2018.  Executives knew information about sexual abuse allegations, and failed to report.  To whom did they breach a duty?

  4. Interesting intersection of the right to petition the government and your right to privacy

    “U.S. Investigating Fake Comments on ‘Net Neutrality,’” The Wall Street Journal, December 11, 2018. “Earlier this year, the FCC said it would upgrade its website to try to prevent fakery. … Several federal agencies warn that it is a felony to send falsified comments to the federal government when posting on websites soliciting opinions on federal rulemaking.”  What if the comments were anonymous?

  5. Lying or overspending on your expense account can get you canned

    “Under Armour Ousts Two Executives After Review of Expenses,” The Wall Street Journal, December 11, 2018. Complying with company policy and procedures is sort of kind of like a job requirement.  Even if you signed Jordan Spieth.  But how were they to know how much was too much?

  6. Weakest link?

    “Amazon, Amid Crackdown on Seller Scams, Fires Employees Over Data Leak,” The Wall Street Journal, December 11, 2018.  Employees bribed for access to inside information.  What’s your information worth to you?  To the briber?  To the (former) employee?  Do you have a policy against taking bribes?

  7. Collateral impact

    “Nissan-Renault Scandal Shows It’s Hard to Keep Car Alliances On Track,” The Wall Street Journal, December 12, 2018.  A scandal at your business partner can affect your company’s relationships.  Is that Governance?

  8. How do you deal with rumors?  Are they “information,” too?

    “Super Micro Finds No Malicious Hardware in Motherboards,” The Wall Street Journal, December 12, 2018.  This contradicts a prior report from Bloomberg.  How do you govern other sources of information?  Is using a trusted third party to investigate just standard crisis management planning?

  9. Should Compliance be more congenial?

    “Banks Get Kinder, Gentler Treatment Under Trump,” The Wall Street Journal, December 13, 2018.  Regulators are urged to be more collegial with the banks they regulate.  Is that better “Governance,” in the short term or in the long term?

  10. What does it say?

    “Renault Sticks With Carlos Ghosn as Internal Probe Finds No Illegality,” The Wall Street Journal, December 13, 2018.  What does it say to the rank-and-file when the Chairman gets arrested?  And when he’s thereafter kept in place?  The Board may have some explaining to do.

  11. What can your employer do with your information?

    “U.S. Companies Asked to Disclose More About Their Workers,” The Wall Street Journal, December 14, 2018.  Pension funds ask employers to disclose more information than the SEC currently requires.  Whose decision is that?  When and how can you object?

  12. Watch your contractors

    “Chinese Hackers Breach U.S. Navy Contractors,” The Wall Street Journal, December 15, 2018.  What’s this information worth, both to the US and to China?  How much do you look at the security at your vendors who process or create information for you? Are  they a weaker link than your employees? (See item 6, above.)

  13. Information and Governance and Compliance

    “PG&E Falsified Gas Safety Records, California Claims,” The Wall Street Journal, December 15, 2018.  From the explosion in San Bruno in 2010 (after which PG&E couldn’t find a bunch of inspection records relating to hundreds of miles of its pipelines) to more recent claims about fudging the records on pipeline locations, PG&E has had this problem for awhile.  For now, these are just allegations.  But what impact on every claim made against the company, and every claim made by it?  If they falsify safety records, do they falsify bills, too? “The [state regulator] last month expanded a continuing probe of PG&E’s safety practices and said it would explore the way the company is structured and managed.”  There seems to be a link between record-keeping and management and compliance and culture.

  14. Facebook, again

    “Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users,” The Wall Street Journal, December 15, 2018.  One almost gets the idea that protecting your privacy is not a high priority for them.

3 Comments

Filed under Board, Collect, Communicate, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Management, Oversight, Oversight, Ownership, Privacy, Protect, Protect assets, Records Management, Security, Supervision, Technology, Third parties, To report, Use, Value, Vendors

January 4, 2019 · 3:47 am

Catching up, again

I was otherwise engaged in December, what with the holidays and travel and our first grandchild, born in Hong Kong, and haven’t been posting.  Here’s the month in review, in chronological order, in multiple parts:

  1. How to monetize your information

    “Paywall for HuffPost? Verizon Hunt for Web Revenue Goes Beyond Ads,” The Wall Street Journal, December 3, 2018.  Do you let people see content (plus ads) for “free,” or do you charge for access?  Which one places the “correct” value on the information you are providing?  What if you did both?

  2. Who’s in charge?

    “Disney Raises the Bar Robert Iger Has to Clear to Win Bonus,” The Wall Street Journal, December 4, 2018.  Shareholders push back on bonus compensation plan, demonstrating an unusual level of control (i.e., Governance) over their investment.  See also, “Shell to Link Carbon Emissions Targets to Executive Pay,” The Wall Street Journal, December 4, 2018.

  3. How much is your view worth?

    “Who’s Reading That News Story? Startup Will Help Marketers Find Out,” The Wall Street Journal, December 4, 2018.  Linking the desire of publishers and advertisers to monitor what news stories you look at and for how long, a start-up fills the gap.  The answer to the question,”Whose data is that?” is taking on multiple dimensions.

  4. It takes a village to prevent someone from getting top-secret information

    China Maneuvers to Snag Top-Secret Boeing Satellite Technology,” The Wall Street Journal, December 5, 2018.  Boeing seemed unconcerned when a customer for one of its satellites told Boeing that the customer was being financed by Chinese interests, to whom sale of the top-secret technology involved was restricted.  But after an alleged payment default, Boeing cancels order. “Boeing Backs Out of Global IP Satellite Order Financed by China, The Wall Street Journal, December 7, 2018.  Did the press coverage have an impact?

  5. Law firms leak, too

    “U.S. Prosecutors Charge Four People in Panama Papers Probe,” The Wall Street Journal, December 5, 2018.  Action follow leak of law firm documents showing how wealthy people hid money from tax.

  6. Who owns (or controls) the Cloud?

    “China’s Alibaba Takes On Amazon in European Cloud,” The Wall Street Journal, December 5, 2018.  Chinese Cloud company challenges Amazon for control of the Cloud in Europe.  Which (the US or China) will better protect the privacy of the users?

  7. Does your information governance program cover the content of the training provided to your customers?

    “Boeing Omitted Safety-System Details, Minimized Training for Crashed Lion Air 737 Model,” The Wall Street Journal, December 6, 2018.  Questions arise after 189 people killed in a crash and the crews hadn’t been trained on the new flight-control system.

  8. Facebook tried to monetize “your” data?  Gadzooks!

    “Facebook’s Zuckerberg at Center of Emails Released by U.K. Parliament,” The Wall Street Journal, December 6, 2018.  Newly released emails show that Facebook apparently considered charging app developers for accessing “your” data held by Facebook, and suggest Facebook discounted the chance of developers sharing that data with others.

  9. Not “just-in-time” discipline

    “Wells Fargo Firing Dozens of Regional Managers in Retail-Bank Cleanup,” The Wall Street Journal, December 6, 2018.  More than two years after the account-cramming scandal, Wells Fargo starts to fire some regional managers for failure of oversight responsibilities.  Sort of like punishing your full-grown dog for an accident she had as a puppy.  And what about the executives who were overseeing those fired managers?

  10.  Biometrics is/are information, too

    “Microsoft Pushes Urgency of Regulating Facial-Recognition Technology,” The Wall Street Journal, December 7, 2018.  Lack of worldwide restrictions on surveillance without a warrant leads Microsoft to urge restrictions on the technology.  Is privacy when in public a basic human right?

  11. It’s not the crime, it’s the coverup?

    “U.S. Alleges Huawei CFO Hid Ties to Telecom With Iran Business,” The Wall Street Journal, December 8, 2018. Did the CFO lie to hide from banks connections Huawei had with company that did business with Iran?  What is the impact to the current state of trade relations with China?

4 Comments

Filed under Accuracy, Board, Compliance, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Definition, Directors, Duty, Governance, Information, Internal controls, Managers, Oversight, Oversight, Ownership, Privacy, Protect assets, Protect information assets, Technology, Third parties, To report, Value, Vendors, Who is in charge?

December 3, 2018 · 5:47 am

What happens when the boss gets jailed?

This blog tends to mention cases where senior executives get (or don’t get) punished for their alleged misdeeds.  The spin is often that the seniors don’t get punished as hard as the worker bees.

But what happens when the CEO gets put in jail for his or her alleged misdeeds, which may have led to under-reporting in the company’s financials for the past five years?

“Carlos Ghosn’s Arrest Rocks Auto Empire,” The Wall Street Journal, November 21, 2018 (online).  Nissan’s CEO jailed for allegedly under-reporting his earnings by several tens of millions of dollars.

How do you explain this to the worker bees?  What’s the culture at the top?  How did the Board not catch this?  Were there not controls in place?  Might the shareholders be a bit upset?

More a Governance and a Compliance issue, perhaps, although if one looks, one could find some information-related failures.

 

Leave a comment

Filed under Board, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight

December 3, 2018 · 5:23 am

Coming up to speed

Marriott Says Starwood Data Breach Affects Up to 500 Million People,” The Wall Street Journal, November 30, 2018 (online).  Data breach potentially affecting passports and credit cards of as many as 500 million guests at Marriott’s Starwood properties, which were acquired in 2016.  They knew about this in September, but reflects a breach that may go back to 2014.

So, two years after an acquisition, the target’s information security practices blow up in the acquiror’s face.  What does that say about the acquiror’s duty to integrate the data practices and controls around information protection?

Does your M&A team think about information governance issues?  Is that an identified risk, with an identified (and owned) action plan?  Did the Board identify this as a risk?  What the value of this information considered part of the transaction value?  How was that reflected?

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Risk Assessment, Risk assessment, Security, Value

November 19, 2018 · 9:50 am

External governance

“Rebuke at Wells Shows Clash,” The Wall Street Journal, November 15, 2018 B1.  Chief administrative officer (and former head of HR) at Wells placed on leave after the Office of the Comptroller of the Currency criticizes the oversight that she and the bank’s chief auditor provided.

If your company interacts with government regulators (and whose doesn’t?), is the government effectively a part of your governance structure?  Or is government a separate component of Governance, whether that is Compliance Governance or Information Governance?  Or just “Governance”?

And what does it say about communications when the government holds up a senior official for poor oversight?  What about the board?  Highly visible to the worker bees.

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight, Third parties, To report

November 7, 2018 · 12:05 pm

Another one bites the dust

“Barnes & Noble Details CEO Firing,” The Wall Street Journal, October 31, 2018 B1.  CEO allegedly fired for sexual harassment and bullying, and interfering with the sale of B&N.

So, the CEO gets canned.  No severance package.  What message does this send to the rest of the organization (and, indeed, to other CEOs and other companies)?  How does the Board look on this one?  From a Compliance standpoint, and a Governance one, looks pretty good.

Might this be a pretext?  Could he have been fired for some other reason?

 

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Supervision

October 26, 2018 · 10:07 am

Consequences

One of the consequences of non-compliance is a higher level of scrutiny from the regulators.

“Wells Fargo Places Two Executives On Leave,” The Wall Street Journal, October 25, 2018 B10.  The Comptroller of the Currency sent letters to two WF executives about their failures of oversight at the bank in connection with WF’s sales practices.  Execs (chief administrative officer and chief auditor) placed on leave and removed from operating committee.

Boy, does that ever not look good on your resume.

Why did the regulator have to do this?  One reason is that WF didn’t do it itself.  Would your compliance system do better?  Do the directors still have their jobs?

 

Leave a comment

Filed under Board, Compliance, Compliance (General), Corporation, Culture, Directors, Duty, Employees, Governance, Government, Oversight, Supervision, To report

October 15, 2018 · 10:10 am

FB in the news. Again.

“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1.  Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code.  May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.

Is Facebook responsible for making sure its site is secure?  How did the executive in charge of safety and security miss this?  Does the Board at Facebook have liability?  Facebook no longer has a Chief Security Officer.

1 Comment

Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties

October 15, 2018 · 12:09 am

Enforcement

What you do when an important executive is alleged to have violated company policy says a lot about your compliance program.

“Claims About Executive Tested Uber Overhaul,” The Wall Street Journal, September 27, 2018 B3.  Senior executive investigated; rather than being terminated, he received a formal warning (apparently, informal was not sufficient), his bonus was reduced Why do you give bonuses to people who violate company policy?), and was required to take sensitivity training.

This at a company that had a rather sordid history of sexual harassment.

How will Uber convince its remaining employees that this time it is serious?  Do you believe them?  Is this an effective compliance program under the Federal Sentencing Guidelines, assuming that’s the appropriate measure?

Where’s the Board?  Do they care?

1 Comment

Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Uncategorized

August 7, 2018 · 2:41 pm

How much due process is due?

“CBS to Weigh CEO’s Fate,” The Wall Street Journal, July 30, 2018 A1.  Discussion over whether CEO accused of sexual harassment should stand down while the investigation continues.

Curious that Urban Meyer has to stand aside while an investigation into whether he should have reported domestic abuse by an assistant coach 9 years earlier at a different school, but Leslie Moonves remains on board as the CEO of CBS.  See https://infogovnuggets.com/2018/08/07/caesars-wife/

What does it say about a company’s culture when, in the current environment, the CEO can remain in his job during such an investigation?  How convinced are the rank-and-file employees that the sexual harassment policy is real, or just a piece of paper?  Are the directors serious about this policy?  What about other policies?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Policy