Category Archives: Third parties

The dog that didn’t bark

In a departure from normal practice, I comment upon an event unreported, as far as I can tell, in The Wall Street Journal.  For me, some things transcend politics.

Maybe I missed it.  Or maybe The Wall Street Journal didn’t see fit to print the leaked transcripts of President Trump’s post-inauguration phone calls with the leaders of Mexico and Australia.

What does it say that this story, blaring over the TV newswires, wasn’t printed?  Does it say something about some organizations placing the Nation’s security above their own circulation numbers?  Is that a control you can rely on?  Apparently not from everyone.

Even if the paper had or did print something on this, what does the leak of those transcripts say about information governance?  First, does the White House have adequate controls and culture in place?  Clearly not.  Maybe General Kelly can help with that.

But what about the person who signed an oath and nonetheless decided to leak these classified transcripts to the press, thinking little or nothing about the impact on future calls between world leaders?  What’s their understanding of duty?  Placing the Nation’s needs above those of party or self?

Hang ’em high.

Leave a comment

Filed under Access, Compliance, Controls, Culture, Duty, Employees, Governance, Government, Internal controls, Protect assets, Third parties

Catching up

I was working on another project, and could not do my postings as timely as I would like.  But here’s a bunch of news items I wanted to write about:

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Lawyers, Oversight, Ownership, Privacy, Third parties, Uncategorized

Too many controls?

A key element of governance is determining who’s in charge.  And who’s responsible when something goes wrong.

“Fed Looks To Ease Curbs on Directors,” The Wall Street Journal, August 4, 2017 B10. “The Federal Reserve proposed scaling back the requirements it places on banks’ boards of directors….”  The Fed is concerned “it has been overloading boards with too many specific requirements….”

Have the Fed attempts at micromanagement resulted in directors taking their eyes off the ball?  Does the Fed take responsibility for over-management?  Is the Fed a fiduciary, with liability to the banks or their shareholders?

 

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Directors, Duty, Governance, Government, Third parties

Hire the bad guys

Someone breaches your security perimeter and hacks your product.  Relax, it was only a job interview.

“GM Hires Famed Jeep Hackers,” The Wall Street Journal, August 1, 2017 B5.  The people who that successfully hacked a moving Jeep have been hired by GM to advise on cybersecurity.

I guess it’s better to have them inside the tent rather than outside.  But it’s only a guess.

Leave a comment

Filed under Access, Controls, Internal controls, IT, Security, Third parties

The grip on your information

“Apple Eases Its Grip in Chinese Data,” The Wall Street Journal, July 13, 2017 B3.  “To comply with tough new cybersecurity rules, Apple will begin storing all cloud data for its Chinese customers with a government owned company [in China] ….”  Apple “will retain control over encryption keys.”  That makes me much more comfortable.

It might appear that China is exerting its grip on the data stored by Chinese customers on iCloud.  But whose data is it, anyway?  And what if other countries take similar steps with their citizens’ data?  Any opportunity for mischief?

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

Cyberattacks, revisited

It’s Groundhog Day.  Or becoming a dog-bites-man story.

“Cyberattack’s Fallout Fuels Scramble,” The Wall Street Journal, June 29, 2017 B3. A ransomware attack through Microsoft Windows hits Maersk, Merck, WPP, and Rosneft, among others.  Surgeries disrupted at a Pennsylvania hospital.  “Hospital Operator In Pennsylvania Works to Recover,” The Wall Street Journal, June 29, 2017 B3.

Does this become so routine we forget people are supposed to take steps to prevent it?  Do cyberattacks make the board agenda, without the tie to the greater information governance questions?  Is that progress?  Does industry not see the bigger risk?

 

Leave a comment

Filed under Access, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value

Snitches get stitches

Apparently, keeping the identities of confidential informants secret poses some challenges.  Are there information governance lessons to be learned?

“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years.  One source of information: online court records that provide clues as to who cooperated with the prosecutors.  Some inmates may be posting their sentencing files to establish their bona fides.

Hard to classify this in this blog.  Does this pertain to

  • the value of accurate and complete information
  • the risk in making information widely available
  • the government’s duty to protect informants
  • the government’s duty to have a transparent criminal justice system
  • a defendant’s right to confront his/her accusers
  • the need for security and the difficulty in providing it
  • the proactive value of disclosure
  • the fact that information can be misused
  • the difficulty in creating effective controls
  • other?

 

Leave a comment

Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value