Category Archives: Third parties

Making a list and checking it twice

So, you have a baby coming.  You establish a baby registry online, and list the items/gifts you want to receive.  And then the host of the registry accepts payments from vendors of baby products to add certain items to “your” list.

Is nothing sacred?

“New Parents Complain Amazon Baby-Registry Ads Are Deceptive,” The Wall Street Journal, November 29, 2018 (online).  Amazon accepts money from major companies to put “sponsored ads” on your list; there’s a small gray box saying “Sponsored.”  Nothing descriptive like, “Similar to things the mother-to-be actually wants.”

I guess you have to check to make sure that you check “your” list at least twice, to make sure that Amazon hasn’t made it theirs.  No bait, just switch.

Where’s the FTC on this? Would you buy from a company that paid to advertise on someone else’s gift registry, without asking?  Are they a bit scummy?  These aren’t small-time companies; advertisers buying the ads include Kimberly-Clark and Johnson & Johnson.  To sell baby products!

Next thing, they’ll be posting billboards on your roof and on your car. Without so much as a by-your-leave.

Advertisements

Leave a comment

Filed under Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Ownership, Third parties, Value

Selling what isn’t yours

One profit model that seems to be working well is selling stuff that doesn’t belong to you.  Cuts your cost-of-goods-sold dramatically.

“Facebook Considered Charging for Access to User Data,” The Wall Street Journal, November 29, 2018 (online).  Facebook considered charging people to access user data.

Now, I guess that’s marginally different than letting third parties see the “Facebook” user data (i.e., the data of the users of Facebook) for free, in order to develop apps or whatever.  But isn’t it still the users’ information?  Oh, and it might be somewhat contrary to what the CEO said to Congress about Facebook’s policy of never selling user data.

Leave a comment

Filed under Access, Collect, Compliance, Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, Management, Oversight, Ownership, Ownership, Third parties, To report, Use, Value

Those pesky Romulans!

You may not be old enough or nerdy enough to remember the Romulan cloaking device from the original Star Trek.  But I do/am.

“Fake Signals and Illegal Flags: How North Korea Uses Clandestine Shipping to Fund Regime,” The Wall Street Journal, November 29, 2018 (online). How do shipments still arrive in and leave from North Korea, notwithstanding the various sanctions on the regime there?  Apparently, it’s blue smoke and mirrors.

I raise this here for two reasons.  First, in the North Korean story this is a bunch of information being generated that is deliberately false, and the compliance types struggle to deal with it in order to enforce the applicable rules.  The enforcers use satellites and data analytics; the shippers use deception and semi-legal and illegal stratagems.

Second, what extremes might your employees go to to avoid being detected when they are doing something they know is wrong, and how well prepared are you to deal with it?  Do you have the proper controls and investigative procedures?  What should you look at to confirm that what you’re being told is true?

 

Leave a comment

Filed under Collect, Compliance, Compliance, Compliance (General), Controls, Corporation, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Policy, Supervision, Third parties, To report, Use

When is a record no longer a record?

If you are looking to invest, it would be nice to know if the broker who has been recommended to you has a history of complaints by his/her customers or employers.  If you are the prospective broker, it would be good to be able to present a clean record, even if your record isn’t clean.

“Brokers Purge Their Records,” The Wall Street Journal, November 19, 2018 B1. Brokers can request that complaints be expunged from the records of the industry-funded regulator.  So, were you to ask you would be told there’s no record.

So, what is a clean record worth, when a dirty record can be so easily laundered?  I guess there may be multiple definitions of “record,” one of which is documentation of a business activity or decision, and the other of which is a conviction.

On the internet, no one knows you’re a dog.

2 Comments

Filed under Access, Accuracy, Controls, Definition, Information, Records Management, Third parties, Value

Governance?

Who governs access to the White House?  The Executive or the Judiciary?

“Judge Grants CNN’s Press-Pass Motion,” The Wall Street Journal, November 17, 2018 A3.  Reporter’s due process rights “appear to have been violated” when his access to the White House itself is restricted.

Who controls access to your building?  To your floor?  To your office?  To your desk?  To your computer?  To your company’s information?

How do they do it?

In the absence of a written rule, who governs what behavior is permitted in a press briefing within the White House?  The White House?  The “press corps”?  The courts?  The Secret Service?

Leave a comment

Filed under Access, Controls, Culture, Duty, Governance, Government, Internal controls, Third parties, Who is in charge?

Another one

“UC System is Sued for Data On Admissions,” The Wall Street Journal, November 16, 2018 A2.  Is the state university using race inappropriately in making admissions decisions?

The government has different obligations with respect to information than a private company.  Government also collects a lot of information.  What controls are in place to allow and to prevent the disclosure of this information?  What about for non-core activities, like running the state’s university system?

 

Leave a comment

Filed under Access, Collect, Compliance, Compliance, Controls, Duty, Governance, Government, Internal controls, Management, Third parties, To report, Use

External governance

“Rebuke at Wells Shows Clash,” The Wall Street Journal, November 15, 2018 B1.  Chief administrative officer (and former head of HR) at Wells placed on leave after the Office of the Comptroller of the Currency criticizes the oversight that she and the bank’s chief auditor provided.

If your company interacts with government regulators (and whose doesn’t?), is the government effectively a part of your governance structure?  Or is government a separate component of Governance, whether that is Compliance Governance or Information Governance?  Or just “Governance”?

And what does it say about communications when the government holds up a senior official for poor oversight?  What about the board?  Highly visible to the worker bees.

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight, Third parties, To report