“Data Curbs Put Facebook in Bind,” The Wall Street Journal, July 31, 2018 B4. The GDPR in Europe places new restrictions on Facebook’s business model. The new rules make it harder for Facebook to get advertising revenue based on the views by users of the platform.
How well does your company prepare for changes in the law? Is this on your risk matrix?
“New EU Rule Puts Scare Into Websites,” The Wall Street Journal, May 26, 2018 B4. US websites block access by people in the EU to avoid breach of new GPDR.
This raises several interesting questions.
- What’s the risk that your website collects or stores information in violation of the General Data Protection Regulation?
- Is it better to cut off service to people in the EU rather than to take the risk that you don’t comply with EU privacy legislation?
- Will this open up a new market for Google-like and Facebook-like European competitors?
- How will the users in the EU react?
- Just how hard is it to comply with the GDPR? You write a policy and take some internal steps to control your use of consumer information.
- Is this Y2K revisited?
- Is this Information, Governance, or Compliance? A combination of some all of those?
Filed under Access, Business Case, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Interconnections, Internal controls, IT, New Implications, Oversight, Privacy, Protect assets, Risk, Technology
“In a First, U.S. Firms Reveal Workers’ Pay Gap With CEO,” The Wall Street Journal, March 12, 2018 A1. US law requires disclosure of comparison of CEO’s pay to that of the median worker in the CEO’s company.
Noodle on this for a minute. Who “owns” the information as to what you earn? Do you? If so, you could, if you wanted to, publish that information or post it on your door. Does your employer encourage you not to do that? Who’s hiding what from whom? Would you be interested to learn that Joe in the next cubicle is paid 10% more than you are? Is his job or his qualifications that much different? Why don’t companies post this information by position? Why are you nervous about posting your salary? Are you embarrassed?
Slack is a new communications software in use in many companies. Do your policies deal with the implications of the use and misuse of yet another new technology? How will you handle this when litigation comes in?
“Tips to Tighten Slack Users’ Skills,” The Wall Street Journal, October 12, 2017 B4.
Filed under Access, Communications, Compliance, Content, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Legal, New Implications, Oversight, Policy, Protect assets, Security
Is the use of algorithms to set prices a subterfuge to facilitate price fixing?
“To Set Prices, Stores Turn To Algorithms,” The Wall Street Journal, May 9, 2017 A1. Use of algorithms to establish prices for a wide range of products, from Staples to gas stations based on “big data.”
But what if everyone uses the same algorithm? Or if the algorithms are wrong or the data upon which they are based is wrong? Can anyone explain what they do and how they do it? The ultimate black box.
Filed under Analytics, Business Case, Collect, Compliance, Data quality, Governance, Information, IT, Management, New Implications, Operations, Oversight, Use, Use
There were four pieces in today’s WSJ relevant to governance or information governance, or both.
“Currency Trading Data Hint at Leaks in U.K.,” The Wall Street Journal, April 27, 2017 B1. Indications that some investors are getting a sneak peek at UK statistics before they are published. Does this go to access or to the calculus of the value of information including a factor for timeliness?
“FCC Chief Rails At Net Neutrality,” The Wall Street Journal, April 27, 2017 B1. Is the government right in trying to control how information is accessed over the internet, or how (high-speed) access to that information is priced? Who governs the internet, if any one?
“United Cites Litany of Failures,” The Wall Street Journal, April 27, 2017 B1. CEO says “‘We let our policies and procedures get in the way of doing the right thing.'” CEO also to give up his role as Chairman of the Board. A CEO taking accountability for the actions of employees on his watch – remarkable. United also took out full-page ad. Intersection of governance and crisis management.
“Hedge Fund Bets on ‘Big Data,'” The Wall Street Journal, April 27, 2017 B11. Investments in analytics to identify profitable trades. Timeliness of information is a factor in the value of that information.
Filed under Access, Analytics, Board, Business Case, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, New Implications, Oversight, Oversight, Protect assets, Risk, Third parties, Value
How do you prevent the competition from punking your business? Caller ID helps the pizza delivery business identify who’s calling.
“Uber Used Program to Evade Authorities,” The Wall Street Journal, March 6, 2017 B4. Uber apparently wrote its terms of service, and monitors data on who and where calls are coming from, to reduce competitors’ interfering with its business (by making fake calls). Also identifies people suspected of running a law enforcement sting operation.
So Uber looks for clues to see if you’re a regulator. Do you use a burner phone? Does your credit card belong to a regulatory agency? Is this using information to assist the achievement of your business model?
Filed under Access, Accuracy, Analytics, Business Case, Collect, Controls, Governance, Management, New Implications, Operations, Policy, Protect assets, Risk assessment, Use, Use
“Hashing” a document has been a lynch pin of document security for most of the digital age. It uses an algorithm to create a unique identifier for a digital document. Useful for things like computer security and ediscovery. Perhaps time has moved on.
“Google Team Cracks Web Security Shield,” The Wall Street Journal, February 24, 2017 B4. The SHA-1 algorithm was cracked, allowing the creation of two different documents with the same hash value.
Alternatives in the works. Watch this space.
Filed under Access, Accuracy, Business Case, Controls, Duty of Care, Governance, Internal controls, IT, New Implications, Oversight, Protect assets, Risk, Security, Third parties
A lawyer for a company has a duty under company law to protect the company’s confidential information. As a lawyer, he or she has a professional ethical obligation to preserve the confidentiality of materials submitted to the lawyer in order to secure or provide legal advice.
But what happens if the lawyer learns information that indicates the client has broken or is breaking US criminal law? Is there a duty to blow the whistle outside the company? To whom is that duty owed? Which controls, state legal ethics rules or federal law?
“Trial to Focus on In-House Lawyers,” The Wall Street Journal, January 17, 2017 B2. A company’s general counsel is fired. The company says he was fired because he messed up security filings and failed to detect bribery that led to $55 million in fines. He says he was fired because he blew the whistle on the company’s “possible” bribery in China. The judge ruled in December that the lawyer can use privileged information to support his claim.
Will this case eviscerate attorney-client privilege or force attorneys to become unwilling participants in criminal activity?
Filed under Access, Business Case, Compliance, Controls, Duty, Employees, Governance, Internal controls, Legal, New Implications, Privilege, Risk, Third parties, To report
Is it possible to allow too much information?
“U.S. Revisits In-Flight Phone Calls,” The Wall Street Journal, December 9, 2016 B1. Transportation Department considering letting people use their cell phones during airline flights.
Gone is one of the last refuges from overhearing someone else’s yak yak yak. If you’re the airline, is this a good thing or a bad thing? If you’re the Transportation Department, is this really what you should be governing? Shouldn’t it be an airline’s choice?