I hesitated to discuss the Kavanaugh hearings as an information governance teaching case, due to the raw political nerves. Another case presented itself.
“A Sexual-Assault Claim Spotlights National Dilemma,” The Wall Street Journal, October 15, 2018 A1. A state employee in New Jersey promptly reported an assault to the police, and even wrote to the governor and his wife. The alleged assailant also works for the state. The matter was investigated, but the state did not prosecute the alleged assailant.
How does the victim document and prove an assault? What evidence, beyond her word, is required to secure a conviction? Immediate outcry? DNA results? Video? Is the absence of information itself information?
How does the alleged assailant establish his or her innocence? How does the state investigate and how does it decide whether to prosecute? How does the judge or the jury decide, based on what evidence? What documents and policies govern the process? How do we protect the privacy of the complainant and the defendant until a verdict is rendered (and beyond)?
I know this may seem to have wandered rather far afield from the focus of this blog. But this involves serious questions around Information, and Compliance, and Governance. If we agree the system isn’t working, how do we propose to fix it? What controls can we put in place, beyond talking to our sons and daughters? How do we establish a process that protects the rights of everyone?
“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1. Data exposed between July 2017 and September 2018. But thankfully only affected 30 million users, not the 50 million users originally feared. It only took 2 days to stop it after it was discovered. A flaw in the computer code opened a door.
The decrease in the number of affected users was reported in a blog post.
Does this mean that a defective product was released into commerce? So who pays how much to whom?
Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology
“HSBC to Pay $765 Million in U.S. Pact,” The Wall Street Journal, October 10, 2018 B12. Bank hid the risks of defective mortgages for at least 2 years. Sold mortgaged-back securities in the meantime.
“Wells Fargo … [paid] $2.09 billion to settle similar claims.” Four other banks also settled.
Why do we keep our money in banks? Weren’t they supposed to be safe? What does it say about the Boards of these companies? Did the directors screw up?
Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Protect assets, Supervision, To report
“Google Hid Data Breach for Months,” The Wall Street Journal, October 9, 2018 A1. Alphabet hid or failed to disclose the breach of “hundreds of thousands of users” for six months, to avoid “regulatory scrutiny and … reputational damage.” Data accessed between 2011 and 2018.
What did the delay in notification cost customers? Did Google care? Who at Google knew, and are they still employed? Why?
Don’t be evil.
Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, IT, Privacy, Security, To report
“Amazon Fires Worker for Leaking Data,” The Wall Street Journal, October 6, 2018 B1. Leaker of customer email addresses fired and may be prosecuted.
Is this a Man-Bites-Dog story, just considering the source? What did this cost the employee? What did it cost Amazon? What damage did it cause to the customers?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security
“Restaurants See Value In Big Data,” The Wall Street Journal, October 3, 2018 R5. A mobile app asks restaurant patrons to provide a bunch of information about themselves so that the restaurant can serve them better.
The app requests data about the patrons’ allergies. I was surprised that the restaurant quoted in the article is in California. Can you collect and store this information in California without infringing on the patrons’ privacy? Are there limits on what the restaurant can do with this information? Loyalty programs generally collect data about you. Do you care?
What could go wrong?
Filed under Access, Collect, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, Management, Ownership, Value
“Egypt Send Actress to Jail for ‘Fake News,'” The Wall Street Journal, October 1, 2018 A9. Woman posting video on Facebook claiming sexual harassment posted on Facebook sentenced to two years in jail.
Publishing fake news with intent of toppling regime. Egypt has some problems with sexual harassment. Appeal expected.
Notice that the government prosecuted the woman, and not Facebook.
Filed under Accuracy, Compliance, Compliance (General), Controls, Culture, Data quality, Definition, Duty, Governance, Information, Internal controls, Oversight, Third parties