Apparently, keeping the identities of confidential informants secret poses some challenges. Are there information governance lessons to be learned?
“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years. One source of information: online court records that provide clues as to who cooperated with the prosecutors. Some inmates may be posting their sentencing files to establish their bona fides.
Hard to classify this in this blog. Does this pertain to
- the value of accurate and complete information
- the risk in making information widely available
- the government’s duty to protect informants
- the government’s duty to have a transparent criminal justice system
- a defendant’s right to confront his/her accusers
- the need for security and the difficulty in providing it
- the proactive value of disclosure
- the fact that information can be misused
- the difficulty in creating effective controls
Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value
There were four pieces in today’s WSJ relevant to governance or information governance, or both.
“Currency Trading Data Hint at Leaks in U.K.,” The Wall Street Journal, April 27, 2017 B1. Indications that some investors are getting a sneak peek at UK statistics before they are published. Does this go to access or to the calculus of the value of information including a factor for timeliness?
“FCC Chief Rails At Net Neutrality,” The Wall Street Journal, April 27, 2017 B1. Is the government right in trying to control how information is accessed over the internet, or how (high-speed) access to that information is priced? Who governs the internet, if any one?
“United Cites Litany of Failures,” The Wall Street Journal, April 27, 2017 B1. CEO says “‘We let our policies and procedures get in the way of doing the right thing.'” CEO also to give up his role as Chairman of the Board. A CEO taking accountability for the actions of employees on his watch – remarkable. United also took out full-page ad. Intersection of governance and crisis management.
“Hedge Fund Bets on ‘Big Data,'” The Wall Street Journal, April 27, 2017 B11. Investments in analytics to identify profitable trades. Timeliness of information is a factor in the value of that information.
Filed under Access, Analytics, Board, Business Case, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, New Implications, Oversight, Oversight, Protect assets, Risk, Third parties, Value
One of the risks of bad information governance is that your employees will violate some restriction/law/regulation and the corporation will have to pay for it. How much, you may ask?
“Volkswagen Faces Up to Penalties,” The Wall Street Journal, March 11, 2017 B1. Volkswagen pleaded guilty and “agreed” to pay penalties of $4.3 billion for misleading the regulators and the public in the diesel emissions scandal.
Cost to date: $25 billion for trying to hide something from the regulators and the public. Would your company do something like that? What has this cost the directors and managers who either missed it or ignored it? What has it cost the Volkswagen shareholders?
Filed under Accuracy, Board, Business Case, Compliance, Compliance, Compliance, Compliance Verification, Corporation, Culture, Directors, Duty, Employees, Governance, Management, Oversight, Oversight, Protect assets, Protect information assets, Risk
If you are in the information business (and who isn’t?), what if you can’t get to that information? Worse, what if your customers can’t get to information you store for them, or their customers can’t get to their web pages?
“Amazon Outage Hits Cloud Customers,” The Wall Street Journal, March 1, 2017 B4. Failure at a storage center just outside of Washington, D.C. lasted about 4 hours and affected Amazon Web Services. Uptime/downtime, and reliability.
What’s your plan if your main storage goes out? How does your business continue to operate?
Filed under Access, Business Case, Business Continuity, Controls, Governance, Interconnections, IT, Management, Operations, Protect, Protect assets, Risk, Third parties
“Hashing” a document has been a lynch pin of document security for most of the digital age. It uses an algorithm to create a unique identifier for a digital document. Useful for things like computer security and ediscovery. Perhaps time has moved on.
“Google Team Cracks Web Security Shield,” The Wall Street Journal, February 24, 2017 B4. The SHA-1 algorithm was cracked, allowing the creation of two different documents with the same hash value.
Alternatives in the works. Watch this space.
Filed under Access, Accuracy, Business Case, Controls, Duty of Care, Governance, Internal controls, IT, New Implications, Oversight, Protect assets, Risk, Security, Third parties
A lawyer for a company has a duty under company law to protect the company’s confidential information. As a lawyer, he or she has a professional ethical obligation to preserve the confidentiality of materials submitted to the lawyer in order to secure or provide legal advice.
But what happens if the lawyer learns information that indicates the client has broken or is breaking US criminal law? Is there a duty to blow the whistle outside the company? To whom is that duty owed? Which controls, state legal ethics rules or federal law?
“Trial to Focus on In-House Lawyers,” The Wall Street Journal, January 17, 2017 B2. A company’s general counsel is fired. The company says he was fired because he messed up security filings and failed to detect bribery that led to $55 million in fines. He says he was fired because he blew the whistle on the company’s “possible” bribery in China. The judge ruled in December that the lawyer can use privileged information to support his claim.
Will this case eviscerate attorney-client privilege or force attorneys to become unwilling participants in criminal activity?
Filed under Access, Business Case, Compliance, Controls, Duty, Employees, Governance, Internal controls, Legal, New Implications, Privilege, Risk, Third parties, To report
Do you think about the risk of the failure of a critical information transfer system?
“Bank Lost Its Ability To Process Payments,” The Wall Street Journal, December 8, 2016 B8. The Bank of New York Mellon temporarily lost its access to the SWIFT network, used to process payments within the banking system. Over nineteen hours.
Does your business have a similar business continuity risk, where a critical information transmission system is unavailable? Have you identified that risk and quantified its potential impact? Do you have controls (people, process, or technology, or some combination) to prevent the occurrence, or to limit its impact? Is this a Board responsibility? If not the Board, who?
Filed under Access, Board, Controls, Directors, Duty, Governance, Information, Interconnections, Internal controls, IT, Management, Protect, Risk, Risk Assessment, Risk assessment, Value