Category Archives: Oversight

Verrry interesting

“Europe’s Privacy Law Fails to Stoke Demand for Cyber Insurance,” The Wall Street Journal, June 21, 2018 B10.  Companies aren’t buying as much privacy insurance as people thought.

Certainly, in the wake of the GDPR rollout, the risk of a privacy law violation has increased.  Apparently companies think that they have adequate controls in place, and don’t need the protection of insurance to backstop their controls.  Insurance is a mitigation in case your controls aren’t totally effective.

Are these companies doing the same with other risks to other assets?  Or is you private data somehow different?

Advertisements

Leave a comment

Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Internal controls, IT, Management, Oversight, Ownership, Privacy, Protect, Protect assets, Protect information assets, Security, Third parties

Inside job

“Tesla Accuses Former Employee of ‘Sabotage,'” The Wall Street Journal, June 21, 2018 B3. Did  a former employee hack Tesla’s manufacturing software and trade secrets and transfer information outside the company?  Was this for convenience, or was it theft?  Or to give to the press?

Do you have adequate controls to prevent this?  Or to discover it?  Who’s responsible if your controls fail?

Will the directors or senior officers be punished?  Did they fail in their obligations to protect the corporation’s assets?  Or is it just the shareholders who pay?  And pay, and pay.

 

Leave a comment

Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Management, Oversight, Oversight, Protect, Protect assets, Protect information assets, Third parties, Value

A billion here, a billion there

Eventually, you’re talking real money.

“Volkswagen Fined $1 Billion in Germany,” The Wall Street Journal, June 14, 2018 B4. Fine for “dereliction of management oversight” following the diesel emissions-testing scandal.  Somewhat broader than a Caremark claim.

Will the directors have to pay anything out of their pockets?  Or just their shareholders’ pockets?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Governance, Internal controls, Oversight, Oversight

Sniff test

What happens to compliance when the CEO and her boyfriend collaborate to create a culture of secrecy and fear?

“Partners in Blood,” The Wall Street Journal, May 19, 2018 C1.  Reports from the trenches at Theranos, which said it was able to run a range of tests from a few drops of blood; it couldn’t.  SEC charges company with fraud, and investors lose millions.

While the implications of a relationship of the CEO goes to Governance, are there also links to Compliance and Information?  What impact did the culture have on the company’s compliance?  How do investors know about the nature of a CEO’s personal relationships leaking into the corporate environment?

Who should have seen this and reported it to someone?  Why didn’t the directors smell a rat?

Leave a comment

Filed under Board, Compliance, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Risk, Supervision, To report

Shoes of the centipede

“Wells Fargo Faces More Woe Over Client Data,” The Wall Street Journal, May 18, 2018 B1.  Another shoe drops at Wells Fargo (when will it ever end?) after disclosure that employees in the wholesale business (non-consumer) banking side changed and added customer information without approval.  Reason: to meet a compliance deadline.

Is there another organization with so many compliance failures?  It started with consumer banking and credit cards and now seems to have permeated the entire enterprise.  Is it risky to call this an enterprise?  What influenced their behavior?  Why are the directors not in the dock?  Weren’t they in charge of establishing and ensuring the culture of compliance?  This is a bank, for God’s sake.

Is it easier to find someone who was or wasn’t involved in some type of bad behavior at Wells Fargo?

Leave a comment

Filed under Accuracy, Board, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Managers, Oversight, Oversight, Supervision

Equifax Hack went deeper

This is old news.  This post never made it out of “Drafts.”  But worthy of note.

The hack at Equifax that may have affected 145.5 million people went deeper than Equifax originally reported.

“Equifax:Hack Went Deeper,” The Wall Street Journal, February 10, 2018 B10.  In addition to names, addresses, driver’s license numbers, and Social Security Numbers, the hack may have reached tax id numbers, email addresses, and additional driver’s license information.

It’s comforting (?) to know that your personal email address isn’t considered either (a) yours or (b) “sensitive,” at least in the US.

Have any of the Equifax directors been sued by their shareholders?  The CEO retired.  The shareholders are paying for all this.

See, also, the post from February 11 about the spat between Equifax and Senator Warren about whether the hack reached passport numbers. https://infogovnuggets.com/2018/02/11/believable-denials/

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Oversight, Ownership, Protect assets, Protect information assets, Security, Value, Vendors

Another ½ billion

This may appear to be more a straight compliance piece than an information governance piece, but consider that the officers and directors didn’t know or didn’t report things that they should have known about.  Truth or consequences?

“Wells Fargo Reaches Settlement In Lawsuit,” The Wall Street Journal, May 5, 2018 B10. Tentative settlement in suit alleging certain “current and former officers and directors of the bank had made false statements” affecting the stock price between 2014 and 2016.

The final paragraph of the article says,

The bank said Friday that it “denies the claims and allegations in the action and entered into the agreement in principle to avoid the cost and disruption of further litigation.”

One pauses to wonder if the current shareholders agree, it being their $480 million being spent to resolve the lawsuit, not the $480 million of said certain current and former officers and directors.  This is on top of the $1 billion fine paid last month.  Hopefully, the current and former shareholders will get some of the $480 million, less legal fees.

Telling fibs in connection with a company’s stock price can be real expensive for some one.  Not knowing about abusive sales practices is about the same as lying.  And how can you deny something yet still pay $480 million?  Who are they trying to fool this time?  At least now they can post nice ads on TV, claiming a re-invention.  Has the culture problem been fixed?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, Oversight, Oversight, Protect, Supervision, To report, Value