Category Archives: Protect information assets

Equifax Hack went deeper

This is old news.  This post never made it out of “Drafts.”  But worthy of note.

The hack at Equifax that may have affected 145.5 million people went deeper than Equifax originally reported.

“Equifax:Hack Went Deeper,” The Wall Street Journal, February 10, 2018 B10.  In addition to names, addresses, driver’s license numbers, and Social Security Numbers, the hack may have reached tax id numbers, email addresses, and additional driver’s license information.

It’s comforting (?) to know that your personal email address isn’t considered either (a) yours or (b) “sensitive,” at least in the US.

Have any of the Equifax directors been sued by their shareholders?  The CEO retired.  The shareholders are paying for all this.

See, also, the post from February 11 about the spat between Equifax and Senator Warren about whether the hack reached passport numbers. https://infogovnuggets.com/2018/02/11/believable-denials/

Advertisements

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Oversight, Ownership, Protect assets, Protect information assets, Security, Value, Vendors

Three returning contestants

And all on the same page.

  1. “U.S. Indicts VW’s Former CEO,” The Wall Street Journal, May 4, 2018 B1. Former CEO indicted in March for conspiracy and wire fraud following the emissions cheating scandal.  Do CEOs go to jail?
  2. “Facebook Has Dual Standard On Privacy,” The Wall Street Journal, May 4, 2018 B1. If you’re in a special group in Facebook, you get an alert if someone accesses your profile; if you’re a muggle, or don’t work at Facebook, you don’t.  Maybe this will change?
  3. “Theranos Hurt Big-Name Investors,” The Wall Street Journal, May 4, 2018 B1.  Company said it had the technology to do a wide range of blood tests based on a few drops of blood.  It didn’t, and a host of big-name investors lost a bundle. Is this a governance issue, an information issue, or a compliance issue?  Don’t believe everything you hear; it’s costly.  And don’t serve as a director without doing your own due diligence.

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Policy, Protect information assets, Supervision

A handful for May Day

A departure from the one-story-one-post approach.

  1. “Israel Targets Iran Accord,” The Wall Street Journal, May 1, 2018 A1. Israel releases Iranian documents about a nuclear weapons program found in an abandoned warehouse. At least two themes: (a) What does information mean? Did Iran lie during negotiations? (b) Do you destroy documents/information that are/is no longer useful to you?  What does it say when you don’t?
  2. “‘Fake News’ Law Snares an Offender,” The Wall Street Journal, May 1, 2018 A16. A visitor to Malaysia convicted and sentenced for publishing “fake news” about how quickly/slowly emergency services responded to a shooting. Interesting that the first conviction under the new law was of a foreigner.
  3. “Banks Draw Bead on Guns,” The Wall Street Journal, May 1, 2018 B1. Banks and credit card companies discuss tracking your purchases of guns.  What will they do with that information? Is there other information they can deduce from your purchases that someone would like to track? Would your health insurer/doctor like to track your food and alcohol purchases?  Whose information is that, anyway?
  4. “Guilty Verdict in Autonomy Case,” The Wall Street Journal, May 1, B2.  Former CFO of Autonomy convicted of fraud in connection with the sale of Autonomy to HP for $11 billion in 2011.  This was not some lower-level accountant accused of misstating aspects of a tax-motivated deal. Instead, the fraud overstated Autonomy’s revenue and generally misstating financial results.  The former CEO has also been sued in the UK for damages.
  5. “Facebook Shares the Shared,” The Wall Street Journal, May 1, 2018 B5. Now you can download any of 25 categories of the information that Facebook keeps on you.  Your search history.  When you liked or didn’t like something.  Which and how many advertisers have your contact information.  How many categories does Facebook have?  We don’t know.

Leave a comment

Filed under Access, Accuracy, Analytics, Communications, Compliance, Compliance (General), Controls, Corporation, Data quality, Definition, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Ownership, Ownership, Privacy, Protect assets, Protect information assets, Technology, To report, Value

Catching up

I was out of town for a bit, and am now catching up  So this will deviate from the usual one-story, one-post format.  19 squibs.

“ISS Opposes Five Equifax Directors,” The Wall Street Journal, April 17, 2018 B2.  A proxy advisor recommends against voting for members of the Board’s technology committee, who had responsibility for technology security.  Is that all that happens, they get fired?  157 millions accounts exposed and they get un-elected but not (yet) sued?  No claw-back of director’s fees?

“Facebook Data Dispute Embroils University of Cambridge,” The Wall Street Journal, April 16, 2018 B4. Cambridge says Facebook approved of the University’s use of Facebook data.  Or your data, if you wish.

“Fired FBI No.2 McCabe Misled Probe, Report Says,” The Wall Street Journal, April 14, 2018 A1.  Misleading an internal investigation into leak to the newspaper is not good.

“Volkswagen Prepares to Replace CEO, The Wall Street Journal, April 11, 2018 B1.  CEO who help VW survive the emissions scandal gets replaced. A palace coup after the company spent $25 billion+ on the scandal.  Is this more price for VW to pay?  And let’s not forget the shareholders, who foot the bill.  See also “VW Picks Chief After Boardroom Coup,” The Wall Street Journal, April 13, 2018 B1.

“Blunder Hits Samsung Securities,” The Wall Street Journal, April 11, 2018 B13. An employee’s mistake leads to mistaken issuance of $105 billion in shares, more than 30 times the company’s existing issued shares.  Do you have the right controls in place?  Is this an information governance issue?

“Facebook Hearings Put Regulation In Spotlight,” The Wall Street Journal, April 12, 2018 A1. Will the Facebook data leak/usage lead to new privacy regulation?

“Adviser Urges Shift On Board Of Equifax,” The Wall Street Journal, April 12, 2018 B10.  Does the company’s failure to avoid a cyber attack mean the board has to go?  Maybe.

“China’s Censors Zero In on Apps,” The Wall Street Journal, April 12, 2018 B4.  Chinese government extends control over a smartphone app that had crude jokes.  Now there’s enforcement of a policy, and a demonstration of what “governance” means.

“Zuckerberg Says Sorry for Harm Done,” The Wall Street Journal, April 10, 2018 B4.  Classic crisis management strategy:  admit you’re wrong?

“Sensing Urgency, Facebook Bolsters User Protections,” The Wall Street Journal, April 10, 2018 B5.  Locking the door after the horse bolted.

“Facebook Sets ‘Issue’ Ads Rule,” The Wall Street Journal, April 7, 2018 A1.  Does a background check on advertisers protect your privacy?

“YouTube Policies Stir Bitterness,” The Wall Street Journal, April 6, 2018 B1.  Following attack at YouTube HQ, taking a closer look at YouTube’s policies on filtering/restricting content.

“Facebook CEO: Lax Privacy a ‘Huge Mistake,'” The Wall Street Journal, April 5, 2018 A1.  Not focusing on privacy protections a “huge mistake.”  Really?

“Police Want to Send AI Into the Street,” The Wall Street Journal, April 4, 2018 A3.  Can body cams be used to collect “Person of Interest”-level information, real time?

“WPP’s Sorrell Faces Probe,” The Wall Street Journal, April 4, 2018 B1.  CEO of advertising company under internal investigation for misusing company assets.  It’s really just a question of duty.

“GM Scraps a Standard in Sales Reporting,” The Wall Street Journal, April 3, 2018 B1.  You manage what you measure.  So, no longer reporting this statistic will reportedly make it easier to measure performance.  Huh?

“Oracle Defeats Google In Court,” The Wall Street Journal, March 28, 2018 B1. Appeals court revives copyright infringement suit against Google.  $9 billion+ in damages alleged.

“Wedbush Accused Of Flawed Oversight,” The Wall Street Journal, March 28, 2018 B12.  SEC charges company with failure to properly supervise an employee involved in “long-running ‘pump-and-dump’ scheme.”

 

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Oversight, Ownership, Ownership, Policy, Privacy, Protect information assets, Security, Third parties, Value

Don’t forget who your audience is

“Angry Users Are Threat to Facebook,” The Wall Street Journal, March 23, 2018 B1.  User reaction to the use of user data may imperil FB; users lose trust.

For a company recently valued at $500 billion, the loss of a customer base and momentum may be terminal.  Or at least painful.  Just because they didn’t take care of its users’ information.

Again, is this an information governance blog or a crisis management and response blog?  The issues seem to overlap a good deal of late.  Is this just a risk of the business, or does it say something about the company’s culture or governance?  What exactly is FB selling, and to whom?  What was their reputation?

Leave a comment

Filed under Board, Controls, Corporation, Culture, Culture, Duty, Governance, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, Risk Assessment, Third parties, Vendors

Gaps

What happens when you have information, but don’t use it?

“‘I Know He’s Going to Explode,'” The Wall Street Journal, February 24, 2018 A1.  The FBI and the Sheriff’s Department had received multiple notices in advance about the shooter at the school in Parkland who killed 17.  And failed to act.

Does your company have adequate processes for identifying important information, and acting on it?  Does important information get to the right people at the right time?

What’s that worth?  Who pays the price when you get it wrong?

Leave a comment

Filed under Access, Accuracy, Board, Communications, Controls, Corporation, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, To report, Value, Vendors

Cost of (non-)Compliance

“U.S. Bancorp Is Charged, Fined in Laundering Case,” The Wall Street Journal, February 16, 2018 B2.  Bank fined over $600 million and criminally charged with laundering money.  And placed under a deferred prosecution agreement, which is always an adventure.

Bank allegedly constructed and operated its controls on money laundering “‘on the cheap.'”  Think of the money they saved!

Their shareholders, not so much.

How much would having adequate controls and filing required suspicious activity reports have cost?  More or less than $600 million?

A key compliance requirement for banks is to have adequate money laundering controls.  What does it say about the directors and officers that this bank didn’t have them?  Who’s responsible for this failure (i.e., who’s duty was it to prevent this?)?  Who’s getting canned?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, To report