January 4, 2019 · 9:20 am
Hopefully, building on the last three posts9https://infogovnuggets.com/2019/01/04/catching-up-again/ , https://infogovnuggets.com/2019/01/04/catching-up-again-part-2/, and https://infogovnuggets.com/2019/01/04/catching-up-part-3/, this will close out 2018.
- Fake news
“Journalist at Center of False-Reporting Scandal Faces New Allegations Over Donation Requests,” The Wall Street Journal, December 24, 2018. The first paragraph says it all: “German magazine Der Spiegel said it would file a criminal complaint against a former star writer who admitted falsifying reports, after discovering that he also appeared to have set up a fake charity operation for Syrian children.” One can only assume the paper had a policy about not making up stories, or not fleecing the readership.
- Morally but not legally guilty.
“JD.com Founder Faces Backlash at Home: ‘Behind the Law is Morality,’” The Wall Street Journal, December 24, 2018. Even though released and after the closure of a three-month investigation into a rape allegation, the founder of a large ecommerce business in China is still getting hammered in the Chinese press (and, one might imagine, at home). Is that Governance, or Compliance? How does Compliance deal with an accusation that is not sustained?
- Libor was information, too
“UBS to Pay $68 Million to Settle State Libor-Manipulation Claims,” The Wall Street Journal, December 24, 2018. Goes back to the 2008 charges of mucking about the the benchmark London Interbank Offered Rate, used a lot in loans and such. Two aspects here, first dealing with the use of a number derived from supposedly unbiased people to govern “your” deal, and, second, the cost of non-compliance, even if long-delayed.
- Which was it?
“Maintenance Lapse Identified as Initial Problem Leading to Lion Air Crash,” The Wall Street Journal, December 26, 2018. Maybe it was not improper or inadequate training; maybe it was improper maintenance. Investigation into crash of Lion Air continues. Highlights the difficulty of establishing the facts after the fact. So much information.
- Why do you track the numbers if you don’t use them?
“Psychiatric Hospitals With Safety Violations Still Get Accreditation,” The Wall Street Journal, December 27, 2018. What exactly does “accreditation” mean, if you can have a bunch of serious violations? The failure rate is about 1%, and nearly all the inspections are by one company. This is primarily an Information point, on the failure to make use of the available information, or the failure to make it available. And does the government exercise appropriate oversight/governance given the amount of federal funds involved?
- Resume errors
“Acting Attorney General Matthew Whitaker Incorrectly Claims Academic All-American Honors,” The Wall Street Journal, December 27, 2018. The Acting AG apparently made this error consistently on his resume for years; he wasn’t an Academic All American; instead he was a District VII All District selection. If he were genuinely confused about what he was awarded, this makes some sense. But one would have thought that somewhere along the way this would have been discovered. Is that Information or Governance? If it were an employee at your company, what would be the sanction?
- Information vacuum
“Commerce Department Won’t Publish Data During Shutdown,” The Wall Street Journal, December 27, 2018. One wonders what the consequences will be of the absence of this data. The article says, “Investors often depend on these reports to make trades, which affect stock values, bond yields and the value of the dollar. Businesses use them to make investment planning decisions. Federal Reserve officials depend on them to make interest-rate decisions that ripple through the economy.” If you rely on a third party for key information, what do you do when you can’t get it? What’s Plan B?
- Who owns the artwork?
“‘Absolute Control’: Cuba Steps Up Artistic Censorship,” The Wall Street Journal, December 27, 2018. Cuba severely restricts an artist’s ability to make money from his or her art. Sure, this is Governance, but is art also Information?
- How does your doctor make referrals? I want to know.
“The Hidden System That Explains How Your Doctor Makes Referrals,” The Wall Street Journal, December 28, 2018. Apparently, there are processes in place that might influence your doctor’s judgment. Would you want to know that? Is there an ethical issue (Governance/Compliance) that surround this information and how it is used? Is this conflict disclosed to you? Adequately? Do the insurers (who have money in the game) push back on this enough?
- Statements on Twitter aren’t facts?
“Elon Musk Says Pedophile Accusation Against British Man Was Protected Speech,” The Wall Street Journal, December 28, 2018. Calling a cave diver rescuing boys in Thailand a pedophile is at the heart of the suit against Elon Musk. Does Twitter have no rules with which one must comply, and no one to enforce those (non-)rules? Or do we have systems of Compliance and Governance that punish libelous statements, broadly published, regardless of the media/medium?
“Wells Fargo to Pay States About $575 Million to Settle Customer Harm Claims,” The Wall Street Journal, December 29, 2018. More fallout from the account cramming and related scandals. Total payments so far: ~$4 billion. Cost of compliance, or cost of poor governance.
Filed under Access, Accuracy, Analytics, Collect, Compliance, Compliance (General), Controls, Corporation, Data quality, Definition, Directors, Duty, Employees, Governance, Information, Internal controls, Lawyers, Management, Ownership, Use, Value
January 4, 2019 · 5:22 am
Continuing from https://infogovnuggets.com/2019/01/04/catching-up-again/
- Pot calling the kettle black
“Comey Tells House Panel He Suspected Giuliani Was Leaking FBI Information to Media,” The Wall Street Journal, December 10, 2018. Former FBI Director Comey, who admitted to leaking information to a reporter through a law school professor, complains that someone else did it, too.
- Yes, we have no privacy
“Thieves Can Now Nab Your Data in a Few Minutes for a Few Bucks,” The Wall Street Journal, December 10, 2018. Following the series of major hacks of privacy data (e.g., Marriott, LinkedIn, Equifax, and Yahoo), “Every American person should assume all of their data is out there,” said one FBI agent. Comforting.
- Duty to report
“New Report Shows Olympics Executives Concealed Knowledge of Nassar Allegations,” The Wall Street Journal, December 11, 2018. Executives knew information about sexual abuse allegations, and failed to report. To whom did they breach a duty?
- Interesting intersection of the right to petition the government and your right to privacy
“U.S. Investigating Fake Comments on ‘Net Neutrality,’” The Wall Street Journal, December 11, 2018. “Earlier this year, the FCC said it would upgrade its website to try to prevent fakery. … Several federal agencies warn that it is a felony to send falsified comments to the federal government when posting on websites soliciting opinions on federal rulemaking.” What if the comments were anonymous?
- Lying or overspending on your expense account can get you canned
“Under Armour Ousts Two Executives After Review of Expenses,” The Wall Street Journal, December 11, 2018. Complying with company policy and procedures is sort of kind of like a job requirement. Even if you signed Jordan Spieth. But how were they to know how much was too much?
- Weakest link?
“Amazon, Amid Crackdown on Seller Scams, Fires Employees Over Data Leak,” The Wall Street Journal, December 11, 2018. Employees bribed for access to inside information. What’s your information worth to you? To the briber? To the (former) employee? Do you have a policy against taking bribes?
- Collateral impact
“Nissan-Renault Scandal Shows It’s Hard to Keep Car Alliances On Track,” The Wall Street Journal, December 12, 2018. A scandal at your business partner can affect your company’s relationships. Is that Governance?
- How do you deal with rumors? Are they “information,” too?
“Super Micro Finds No Malicious Hardware in Motherboards,” The Wall Street Journal, December 12, 2018. This contradicts a prior report from Bloomberg. How do you govern other sources of information? Is using a trusted third party to investigate just standard crisis management planning?
- Should Compliance be more congenial?
“Banks Get Kinder, Gentler Treatment Under Trump,” The Wall Street Journal, December 13, 2018. Regulators are urged to be more collegial with the banks they regulate. Is that better “Governance,” in the short term or in the long term?
- What does it say?
“Renault Sticks With Carlos Ghosn as Internal Probe Finds No Illegality,” The Wall Street Journal, December 13, 2018. What does it say to the rank-and-file when the Chairman gets arrested? And when he’s thereafter kept in place? The Board may have some explaining to do.
- What can your employer do with your information?
“U.S. Companies Asked to Disclose More About Their Workers,” The Wall Street Journal, December 14, 2018. Pension funds ask employers to disclose more information than the SEC currently requires. Whose decision is that? When and how can you object?
- Watch your contractors
“Chinese Hackers Breach U.S. Navy Contractors,” The Wall Street Journal, December 15, 2018. What’s this information worth, both to the US and to China? How much do you look at the security at your vendors who process or create information for you? Are they a weaker link than your employees? (See item 6, above.)
- Information and Governance and Compliance
“PG&E Falsified Gas Safety Records, California Claims,” The Wall Street Journal, December 15, 2018. From the explosion in San Bruno in 2010 (after which PG&E couldn’t find a bunch of inspection records relating to hundreds of miles of its pipelines) to more recent claims about fudging the records on pipeline locations, PG&E has had this problem for awhile. For now, these are just allegations. But what impact on every claim made against the company, and every claim made by it? If they falsify safety records, do they falsify bills, too? “The [state regulator] last month expanded a continuing probe of PG&E’s safety practices and said it would explore the way the company is structured and managed.” There seems to be a link between record-keeping and management and compliance and culture.
- Facebook, again
“Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users,” The Wall Street Journal, December 15, 2018. One almost gets the idea that protecting your privacy is not a high priority for them.
Filed under Board, Collect, Communicate, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Management, Oversight, Oversight, Ownership, Privacy, Protect, Protect assets, Records Management, Security, Supervision, Technology, Third parties, To report, Use, Value, Vendors
January 4, 2019 · 3:47 am
I was otherwise engaged in December, what with the holidays and travel and our first grandchild, born in Hong Kong, and haven’t been posting. Here’s the month in review, in chronological order, in multiple parts:
- How to monetize your information
“Paywall for HuffPost? Verizon Hunt for Web Revenue Goes Beyond Ads,” The Wall Street Journal, December 3, 2018. Do you let people see content (plus ads) for “free,” or do you charge for access? Which one places the “correct” value on the information you are providing? What if you did both?
- Who’s in charge?
“Disney Raises the Bar Robert Iger Has to Clear to Win Bonus,” The Wall Street Journal, December 4, 2018. Shareholders push back on bonus compensation plan, demonstrating an unusual level of control (i.e., Governance) over their investment. See also, “Shell to Link Carbon Emissions Targets to Executive Pay,” The Wall Street Journal, December 4, 2018.
- How much is your view worth?
“Who’s Reading That News Story? Startup Will Help Marketers Find Out,” The Wall Street Journal, December 4, 2018. Linking the desire of publishers and advertisers to monitor what news stories you look at and for how long, a start-up fills the gap. The answer to the question,”Whose data is that?” is taking on multiple dimensions.
- It takes a village to prevent someone from getting top-secret information
“China Maneuvers to Snag Top-Secret Boeing Satellite Technology,” The Wall Street Journal, December 5, 2018. Boeing seemed unconcerned when a customer for one of its satellites told Boeing that the customer was being financed by Chinese interests, to whom sale of the top-secret technology involved was restricted. But after an alleged payment default, Boeing cancels order. “Boeing Backs Out of Global IP Satellite Order Financed by China, The Wall Street Journal, December 7, 2018. Did the press coverage have an impact?
- Law firms leak, too
“U.S. Prosecutors Charge Four People in Panama Papers Probe,” The Wall Street Journal, December 5, 2018. Action follow leak of law firm documents showing how wealthy people hid money from tax.
- Who owns (or controls) the Cloud?
“China’s Alibaba Takes On Amazon in European Cloud,” The Wall Street Journal, December 5, 2018. Chinese Cloud company challenges Amazon for control of the Cloud in Europe. Which (the US or China) will better protect the privacy of the users?
- Does your information governance program cover the content of the training provided to your customers?
“Boeing Omitted Safety-System Details, Minimized Training for Crashed Lion Air 737 Model,” The Wall Street Journal, December 6, 2018. Questions arise after 189 people killed in a crash and the crews hadn’t been trained on the new flight-control system.
- Facebook tried to monetize “your” data? Gadzooks!
“Facebook’s Zuckerberg at Center of Emails Released by U.K. Parliament,” The Wall Street Journal, December 6, 2018. Newly released emails show that Facebook apparently considered charging app developers for accessing “your” data held by Facebook, and suggest Facebook discounted the chance of developers sharing that data with others.
- Not “just-in-time” discipline
“Wells Fargo Firing Dozens of Regional Managers in Retail-Bank Cleanup,” The Wall Street Journal, December 6, 2018. More than two years after the account-cramming scandal, Wells Fargo starts to fire some regional managers for failure of oversight responsibilities. Sort of like punishing your full-grown dog for an accident she had as a puppy. And what about the executives who were overseeing those fired managers?
- Biometrics is/are information, too
“Microsoft Pushes Urgency of Regulating Facial-Recognition Technology,” The Wall Street Journal, December 7, 2018. Lack of worldwide restrictions on surveillance without a warrant leads Microsoft to urge restrictions on the technology. Is privacy when in public a basic human right?
- It’s not the crime, it’s the coverup?
“U.S. Alleges Huawei CFO Hid Ties to Telecom With Iran Business,” The Wall Street Journal, December 8, 2018. Did the CFO lie to hide from banks connections Huawei had with company that did business with Iran? What is the impact to the current state of trade relations with China?
Filed under Accuracy, Board, Compliance, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Definition, Directors, Duty, Governance, Information, Internal controls, Managers, Oversight, Oversight, Ownership, Privacy, Protect assets, Protect information assets, Technology, Third parties, To report, Value, Vendors, Who is in charge?
December 3, 2018 · 8:22 pm
It seems that several (most of?) the large privacy breaches have something in common: something smaller happened earlier that people didn’t pay enough attention to.
“Marriott’s Starwood Missed Chance to Detect Huge Data Breach Years Earlier, Cybersecurity Specialists Say,” The Wall Street Journal, December 2, 2018 (online). There was a prior breach in 2015 that, some say, could have been investigated more thoroughly.
Might this happen in your business? Say there’s a relatively minor breach, affecting a single client’s information. Or a minor compliance issue. You discover it and take action. But does the breach itself indicate weaknesses in your system of controls that may have broader implications? Do you change your training or other controls to reflect this experience, or the experience of others in your industry?
This brings to mind a common finding in accident investigations. Something small happened that could/should have put you on notice. But it was ignored or downplayed.
How does your organization deal with near-hits in the compliance or information governance space? Is this part of oversight? Or a part of effective knowledge management?
Filed under Analytics, Collect, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Knowledge Management, Management, Oversight, Privacy, Protect assets, Security, Third parties, Use
December 3, 2018 · 8:04 pm
What impact has technology had on the flow of information in your industry, including the flow of information to and from competitors? Are your controls keeping pace?
“Fashion Industry Gossip Was Once Whispered. Now It’s on Instagram.,” The Wall Street Journal, December 2, 2018 (online). Instagram used to track fashion statements that are strikingly similar.
Underlying this is the point that copying someone else’s creative expression is frowned upon. (Compliance) And that public shaming may be a more effective (and less expensive) control than copyright litigation. (Governance) And a photo of a jacket (or the jacket itself) is as much information as an email. (Information)
Filed under Compliance, Compliance (General), Controls, Definition, Duty, Governance, Information, Internal controls, Ownership, Protect assets, Technology, Third parties
December 3, 2018 · 7:50 am
That’s a serious charge.
“U.S. Watchdog Says McKinsey Misled Bankruptcy Court,” The Wall Street Journal, December 1, 2018 (online). Did McKinsey make misleading disclosures about what conflicts of interest it might have had? Was a related investment unit truly separate?
The point of this post is to highlight what can happen when one of your agents (and a consultant is an agent) makes an inadequate disclosure to a court about potential conflicts in connection with your case. Are you liable? Is your reputation damaged? What’s that worth? What controls do you have to prevent conflicts of interest by your consultants, and how do you police those controls?
Of course, you wouldn’t fail to disclose such a conflict yourself.
December 3, 2018 · 7:13 am
So, you have a baby coming. You establish a baby registry online, and list the items/gifts you want to receive. And then the host of the registry accepts payments from vendors of baby products to add certain items to “your” list.
Is nothing sacred?
“New Parents Complain Amazon Baby-Registry Ads Are Deceptive,” The Wall Street Journal, November 29, 2018 (online). Amazon accepts money from major companies to put “sponsored ads” on your list; there’s a small gray box saying “Sponsored.” Nothing descriptive like, “Similar to things the mother-to-be actually wants.”
I guess you have to check to make sure that you check “your” list at least twice, to make sure that Amazon hasn’t made it theirs. No bait, just switch.
Where’s the FTC on this? Would you buy from a company that paid to advertise on someone else’s gift registry, without asking? Are they a bit scummy? These aren’t small-time companies; advertisers buying the ads include Kimberly-Clark and Johnson & Johnson. To sell baby products!
Next thing, they’ll be posting billboards on your roof and on your car. Without so much as a by-your-leave.
Filed under Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Ownership, Third parties, Value
December 3, 2018 · 6:47 am
One profit model that seems to be working well is selling stuff that doesn’t belong to you. Cuts your cost-of-goods-sold dramatically.
“Facebook Considered Charging for Access to User Data,” The Wall Street Journal, November 29, 2018 (online). Facebook considered charging people to access user data.
Now, I guess that’s marginally different than letting third parties see the “Facebook” user data (i.e., the data of the users of Facebook) for free, in order to develop apps or whatever. But isn’t it still the users’ information? Oh, and it might be somewhat contrary to what the CEO said to Congress about Facebook’s policy of never selling user data.
Filed under Access, Collect, Compliance, Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, Management, Oversight, Ownership, Ownership, Third parties, To report, Use, Value
December 3, 2018 · 6:35 am
You may not be old enough or nerdy enough to remember the Romulan cloaking device from the original Star Trek. But I do/am.
“Fake Signals and Illegal Flags: How North Korea Uses Clandestine Shipping to Fund Regime,” The Wall Street Journal, November 29, 2018 (online). How do shipments still arrive in and leave from North Korea, notwithstanding the various sanctions on the regime there? Apparently, it’s blue smoke and mirrors.
I raise this here for two reasons. First, in the North Korean story this is a bunch of information being generated that is deliberately false, and the compliance types struggle to deal with it in order to enforce the applicable rules. The enforcers use satellites and data analytics; the shippers use deception and semi-legal and illegal stratagems.
Second, what extremes might your employees go to to avoid being detected when they are doing something they know is wrong, and how well prepared are you to deal with it? Do you have the proper controls and investigative procedures? What should you look at to confirm that what you’re being told is true?
Filed under Collect, Compliance, Compliance, Compliance (General), Controls, Corporation, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Policy, Supervision, Third parties, To report, Use
December 3, 2018 · 6:13 am
“Mueller Accuses Paul Manafort of Lying to FBI After Plea Agreement, The Wall Street Journal, November 26, 2018 (online). Did Manafort lie after he reached a plea deal?
Information is not limited to what you write in a document or an email. It includes verbal utterances. How do you control your “verbal utterances” when the penalty for lying to the FBI can result in 20 years in prison, regardless of what happened prior to your plea deal?
So, this involves Information (verbal statements are information), Compliance (lying to the FBI exposes you to 20 years’ in prison for each offense), and Governance (how do you avoid making an untrue utterance?). Do your policies and controls address verbal information, and, generally, not lying to the FBI? Need they?