Category Archives: Corporation

Remember Yahoo?

“Successor To Yahoo Is Fined in Data Hack,” The Wall Street Journal, April 25, 2018 B4. $35 million fine for failure to properly investigate a cyber breach affecting hundreds of millions (billions?) of Yahoo accounts.

Yahoo no longer exists, with surviving pieces owned by Verizon and Alibaba Group Holding.

How to file this?  Was there an obligation way back (in 2014) to notify people when the Russians had hacked their accounts?  What happens to your company if there is a breach of your customers’ security?  And you fail to mention it to anyone?  A fine?  Drawing and quartering?

 

Advertisements

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Duty, Governance, Oversight, Privacy, Protect assets, Security, To report

Barriers to entry

“Europe’s New Consumer Privacy Law Gives Edge to Tech Giants,” The Wall Street Journal April 24, 2018 A1.  The General Data Protection Regulation, which goes into effect next month, protects consumers but also gives Google and Facebook an advantage.

By wielding their power over advertisers and taking a strict interpretation of the law, Facebook and Google can make it really difficult for competitors to establish competing platforms.

Is this what the European regulators anticipated?

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Privacy, Requirements, Third parties, Vendors

Porsche raid

“Porsche Executive is Arrested,” The Wall Street Journal, April 21, 2018 B6.

In continuing fallout from the VW emissions cheating scandal, a senior Porsche executive (head of engine development) was arrested by German police and several offices and factories were raided.  A member of the Porsche board is also under investigation.

Fooling the emissions tests was not a great idea.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Corporation, Directors, Duty, Employees, Governance

Early warning

“SunTrust Sees Risk of Breach,” The Wall Street Journal, April 21, 2018 B3.  A SunTrust employee may have stolen information (names, addresses, account balances, and phone numbers) on 1.5 million customers.

The bank became aware of a problem in February, but only recently became aware that the (now-former) employee was trying to share the information outside the bank.

Good for the bank to have systems that notice the unusual activity and for the bank to have given relatively early notice.

 

Leave a comment

Filed under Communications, Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Privacy, Protect assets, To report

Catching up

I was out of town for a bit, and am now catching up  So this will deviate from the usual one-story, one-post format.  19 squibs.

“ISS Opposes Five Equifax Directors,” The Wall Street Journal, April 17, 2018 B2.  A proxy advisor recommends against voting for members of the Board’s technology committee, who had responsibility for technology security.  Is that all that happens, they get fired?  157 millions accounts exposed and they get un-elected but not (yet) sued?  No claw-back of director’s fees?

“Facebook Data Dispute Embroils University of Cambridge,” The Wall Street Journal, April 16, 2018 B4. Cambridge says Facebook approved of the University’s use of Facebook data.  Or your data, if you wish.

“Fired FBI No.2 McCabe Misled Probe, Report Says,” The Wall Street Journal, April 14, 2018 A1.  Misleading an internal investigation into leak to the newspaper is not good.

“Volkswagen Prepares to Replace CEO, The Wall Street Journal, April 11, 2018 B1.  CEO who help VW survive the emissions scandal gets replaced. A palace coup after the company spent $25 billion+ on the scandal.  Is this more price for VW to pay?  And let’s not forget the shareholders, who foot the bill.  See also “VW Picks Chief After Boardroom Coup,” The Wall Street Journal, April 13, 2018 B1.

“Blunder Hits Samsung Securities,” The Wall Street Journal, April 11, 2018 B13. An employee’s mistake leads to mistaken issuance of $105 billion in shares, more than 30 times the company’s existing issued shares.  Do you have the right controls in place?  Is this an information governance issue?

“Facebook Hearings Put Regulation In Spotlight,” The Wall Street Journal, April 12, 2018 A1. Will the Facebook data leak/usage lead to new privacy regulation?

“Adviser Urges Shift On Board Of Equifax,” The Wall Street Journal, April 12, 2018 B10.  Does the company’s failure to avoid a cyber attack mean the board has to go?  Maybe.

“China’s Censors Zero In on Apps,” The Wall Street Journal, April 12, 2018 B4.  Chinese government extends control over a smartphone app that had crude jokes.  Now there’s enforcement of a policy, and a demonstration of what “governance” means.

“Zuckerberg Says Sorry for Harm Done,” The Wall Street Journal, April 10, 2018 B4.  Classic crisis management strategy:  admit you’re wrong?

“Sensing Urgency, Facebook Bolsters User Protections,” The Wall Street Journal, April 10, 2018 B5.  Locking the door after the horse bolted.

“Facebook Sets ‘Issue’ Ads Rule,” The Wall Street Journal, April 7, 2018 A1.  Does a background check on advertisers protect your privacy?

“YouTube Policies Stir Bitterness,” The Wall Street Journal, April 6, 2018 B1.  Following attack at YouTube HQ, taking a closer look at YouTube’s policies on filtering/restricting content.

“Facebook CEO: Lax Privacy a ‘Huge Mistake,'” The Wall Street Journal, April 5, 2018 A1.  Not focusing on privacy protections a “huge mistake.”  Really?

“Police Want to Send AI Into the Street,” The Wall Street Journal, April 4, 2018 A3.  Can body cams be used to collect “Person of Interest”-level information, real time?

“WPP’s Sorrell Faces Probe,” The Wall Street Journal, April 4, 2018 B1.  CEO of advertising company under internal investigation for misusing company assets.  It’s really just a question of duty.

“GM Scraps a Standard in Sales Reporting,” The Wall Street Journal, April 3, 2018 B1.  You manage what you measure.  So, no longer reporting this statistic will reportedly make it easier to measure performance.  Huh?

“Oracle Defeats Google In Court,” The Wall Street Journal, March 28, 2018 B1. Appeals court revives copyright infringement suit against Google.  $9 billion+ in damages alleged.

“Wedbush Accused Of Flawed Oversight,” The Wall Street Journal, March 28, 2018 B12.  SEC charges company with failure to properly supervise an employee involved in “long-running ‘pump-and-dump’ scheme.”

 

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Oversight, Ownership, Ownership, Policy, Privacy, Protect information assets, Security, Third parties, Value

Privacy is dead; suspect under arrest

I don’t know what the record is for consecutive days on which one company’s screw-up was on the front page of The Wall Street  Journal, but Facebook is in the running.

“U.S., States Step Up Pressure on Facebook,” The Wall Street Journal, March 27, 2018 A1.  “[F]ederal regulators [including the FTC] … and 37 state attorneys general demanding explanations for [Facebook’s privacy] practices.” Stock price up 0.4% (when the market was up 669.40 points).  Demands/invitations that Zuckerberg (and Google and Twitter) testify before Congress.  And Europe hasn’t weighted in yet.

There is also a pop-up that describes FB’s practice of logging some calls and texts from Android phones.  Did you (we) know that?  Do you know what companies are doing with “your” data?  Do you care?  Privacy is dead; Facebook investigated as person of interest.

I guess that answers the question of who’s in charge:  the Feds and the states.  I guess I missed the outrage when essentially the same data was collected and used quite effectively by the Obama campaign.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Legal, Oversight, Ownership, Privacy, Protect assets, Requirements, Third parties, Vendors, Who is in charge?

Contagion

When disaster hits one part of your industry, other members often get hit, too, especially when customers get upset.  And the media smells blood.

“Facebook and Google Confront Antagonism of Big Advertisers,” The Wall Street Journal, March 26, 2018 A1.  Major advertisers demand more detail and accountability around ads and cost following the revelations about the use/misuse of user data and the accuracy of the viewing statistics.

Is the business model of selling access to data that isn’t really yours finally breaking down?

In a related piece, Facebook took out a full-page ad on page B12 in The Wall Street Journal that says, in part, “We have a responsibility to protect your information.  If we can’t, we don’t deserve it.”  Interesting admission that it’s your information, not theirs.  Still noodling on how that works through the courts.

Where to file this?  What does non-compliance with your information policies cost you?

Leave a comment

Filed under Access, Accuracy, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Oversight, Ownership, Protect assets, Security, Third parties, Value, Vendors