Category Archives: Controls

Remember Yahoo?

“Successor To Yahoo Is Fined in Data Hack,” The Wall Street Journal, April 25, 2018 B4. $35 million fine for failure to properly investigate a cyber breach affecting hundreds of millions (billions?) of Yahoo accounts.

Yahoo no longer exists, with surviving pieces owned by Verizon and Alibaba Group Holding.

How to file this?  Was there an obligation way back (in 2014) to notify people when the Russians had hacked their accounts?  What happens to your company if there is a breach of your customers’ security?  And you fail to mention it to anyone?  A fine?  Drawing and quartering?

 

Advertisements

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Duty, Governance, Oversight, Privacy, Protect assets, Security, To report

Can you censor?

“China Censors Spark Uproar In Quashing Student Activist,” The Wall Street Journal, April 25, 2018 A7.  Students make a request for open records from the Peking University about 20-year old rape allegations. The government rejects it. And then slams a student who circulated a letter telling her story through social media.  And that story circulates.

It sure is hard to put the genie back in the bottle after information gets to the Internet.  Are your controls adequate?  How do you enforce them?  Even if you have a command and control culture?

Leave a comment

Filed under Access, Compliance, Controls, Duty, Governance, Government, Interconnections, Internal controls, IT, Oversight, Third parties, Who is in charge?

Complaints ain’t facts

“CFPB May Restrict Complaint Database,” The Wall Street Journal, April 25, 2018 A5. Government may restrict public access to a database of consumer complaints that haven’t been verified by the government.

All information is not equally reliable.  Does the government, by allowing people to post complaints, somehow vouch for the accuracy of those complaints?  Is the government in the business of publishing complaints, versus government findings?

Sure, it would be nice to have a central clearing house of complaints.  But is that the role of government?

Leave a comment

Filed under Access, Accuracy, Compliance, Controls, Data quality, Duty, Governance, Government, Information, Third parties

Administrative procedures

“EPA Limits Data Used in New Rules,” The Wall Street Journal April 25, 2018 A4. Underlying studies must be made public and the findings must be reproducible before research will be used to justify new regulations.

Does the government need to allow you an opportunity to contest the “facts” upon which regulations are issued?  Is it right for the US government to rely upon scientific studies that in turn rely on secret information in order to establish regulations?  Do the government need to independently validate information before taking regulatory action?   How can an opponent reasonably contest the wording and scope of a regulation if he/she can’t see the evidence?  Or if the evidence doesn’t prove what the scientist says it proves?

Is this about information, or governance, or information governance?  More than one?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Duty, Duty of Care, Governance, Government, Internal controls, Oversight, Third parties

Barriers to entry

“Europe’s New Consumer Privacy Law Gives Edge to Tech Giants,” The Wall Street Journal April 24, 2018 A1.  The General Data Protection Regulation, which goes into effect next month, protects consumers but also gives Google and Facebook an advantage.

By wielding their power over advertisers and taking a strict interpretation of the law, Facebook and Google can make it really difficult for competitors to establish competing platforms.

Is this what the European regulators anticipated?

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Privacy, Requirements, Third parties, Vendors

Google this

“Google’s Practices Threaten Privacy, Too,” The Wall Street Journal, April 23, 2018 B1. Google’s practices may expose more information related to you.

What is you information worth to you?  What is it worth to someone else?  Who profits? What controls are in place and how effective are they?

Do you read their policies?  Do you care?

Leave a comment

Filed under Access, Analytics, Controls, Information, Ownership, Privacy, Third parties, Uncategorized, Value

Reliance

“U.S. Prosecutors to Weigh Criminal Case for McCabe,” The Wall Street Journal, April 20, 2018 A1. The DOJ Inspector General referred the case/matter of former FBI Deputy Director for criminal prosecution over his responses to investigators looking into leaks.

What does it say about the culture of an organization when two of its top officers, both of whom are lawyers, may have lied to federal investigators?  And what if that organization’s mission is the investigation of crimes?

How much do we rely on institutions and professionals to provide governance and to stand as examples of compliance?  Is that reliance justified?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Government, Lawyers, Legal, Requirements