Category Archives: Compliance (General)

Sexual assault

I hesitated to discuss the Kavanaugh hearings as an information governance teaching case, due to the raw political nerves.  Another case presented itself.

“A Sexual-Assault Claim Spotlights National Dilemma,” The Wall Street Journal, October 15, 2018 A1.  A state employee in New Jersey promptly reported an assault to the police, and even wrote to the governor and his wife.  The alleged assailant also works for the state.  The matter was investigated, but the state did not prosecute the alleged assailant.

How does the victim document and prove an assault?  What evidence, beyond her word, is required to secure a conviction?  Immediate outcry?  DNA results?  Video?  Is the absence of information itself information?

How does the alleged assailant establish his or her innocence?  How does the state investigate and how does it decide whether to prosecute?  How does the judge or the jury decide, based on what evidence?  What documents and policies govern the process?  How do we protect the privacy of the complainant and the defendant until a verdict is rendered (and beyond)?

I know this may seem to have wandered rather far afield from the focus of this blog.  But this involves serious questions around Information, and Compliance, and Governance.  If we agree the system isn’t working, how do we propose to fix it?  What controls can we put in place, beyond talking to our sons and daughters?  How do we establish a process that protects the rights of everyone?

 

Advertisements

Leave a comment

Filed under Compliance (General), Controls, Definition, Duty, Governance, Information, Internal controls, Privacy, Third parties

Facebook again. Plus or minus 20 million.

“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1.  Data exposed between July 2017 and September 2018.  But thankfully only affected 30 million users, not the 50 million users originally feared.  It only took 2 days to stop it after it was discovered.  A flaw in the computer code opened a door.

The decrease in the number of affected users was reported in a blog post.

Does this mean that a defective product was released into commerce?  So who pays how much to whom?

Leave a comment

Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology

Hiding another ball

“HSBC to Pay $765 Million in U.S. Pact,” The Wall Street Journal, October 10, 2018 B12.  Bank hid the risks of defective mortgages for at least 2 years.  Sold mortgaged-back securities in the meantime.

“Wells Fargo … [paid] $2.09 billion to settle similar claims.”  Four other banks also settled.

Why do we keep our money in banks?  Weren’t they supposed to be safe?  What does it say about the Boards of these companies?  Did the directors screw up?

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Protect assets, Supervision, To report

Hiding the ball

“Google Hid Data Breach for Months,” The Wall Street Journal, October 9, 2018 A1.  Alphabet hid or failed to disclose the breach of “hundreds of thousands of users” for six months, to avoid “regulatory scrutiny and … reputational damage.”  Data accessed between 2011 and 2018.

What did the delay in notification cost customers? Did Google care?  Who at Google knew, and are they still employed?  Why?

Don’t be evil.

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, IT, Privacy, Security, To report

Amazon leak

“Amazon Fires Worker for Leaking Data,” The Wall Street Journal, October 6, 2018 B1. Leaker of customer email addresses fired and may be prosecuted.

Is this a Man-Bites-Dog story, just considering the source?  What did this cost the employee?  What did it cost Amazon?  What damage did it cause to the customers?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security

You are what you eat

“Restaurants See Value In Big Data,” The Wall Street Journal, October 3, 2018 R5. A mobile app asks restaurant patrons to provide a bunch of information about themselves so that the restaurant can serve them better.

The app requests data about the patrons’ allergies.  I was surprised that the restaurant quoted in the article is in California.  Can you collect and store this information in California without infringing on the patrons’ privacy?  Are there limits on what the restaurant can do with this information?  Loyalty programs generally collect data about you.  Do you care?

What could go wrong?

Leave a comment

Filed under Access, Collect, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, Management, Ownership, Value

Who’s spreading the news?

“Egypt Send Actress to Jail for ‘Fake News,'” The Wall Street Journal, October 1, 2018 A9. Woman posting video on Facebook claiming sexual harassment posted on Facebook sentenced to two years in jail.

Publishing fake news with intent of toppling regime.  Egypt has some problems with sexual harassment.  Appeal expected.

Notice that the government prosecuted the woman, and not Facebook.

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Culture, Data quality, Definition, Duty, Governance, Information, Internal controls, Oversight, Third parties