“Market Cheats Get Caught More Often,” The Wall Street Journal, November 1, 2018 B10. Traders manipulating prices by spoofing real futures trades are getting caught and prosecuted for criminal violations. Exchanges cooperating with enforcement authorities.
If accurate information is worth X, what is inaccurate information worth? It depends, whether you are buying or selling based on it.
So, this is both Information (information includes both accurate and inaccurate information) and Governance (manipulating market trades with false information is a crime that the CFTC and DOJ prosecute).
Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Data quality, Definition, Duty, Duty of Care, Employees, Governance, Information, Oversight
“U.S. Charges Agents Of China Hacked Aviation Firms,” The Wall Street Journal, November 1, 2018 B4. Agents of the Chinese government indicted for trying to steal airline industry technology.
This is getting to be rather routine. One part of this is the value of Information, and the importance of information security. One part of this is Compliance, of course, as the US government is trying to protect the US information assets (although the company at issue probably had some responsibility for this as well, as well as their board of directors). And, of course, Governance, as the US government is prosecuting.
We all know the business case for cyber-security.
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties
“School Assault Policy Shifts,” The Wall Street Journal, November 1, 2018 A3. New regulations to require students accused of sexual assault to have the right to cross-examine the accuser.
This involves Governance, Compliance, and Information.
Governance: the government would require schools to investigate sexual assault claims in a certain way. The government has the power of the purse, due to the amount of federal funding.
Information: an accusation of assault is only a part of the story; only through cross-examination and other investigation can the decision maker decide whether the accusation and the (assumed) denial are sufficiently “believable” and “believed.”
Compliance: determining whether someone complied with the law or your policy requires some level of rigor. How much evidence of a violation is required?
“Barnes & Noble Details CEO Firing,” The Wall Street Journal, October 31, 2018 B1. CEO allegedly fired for sexual harassment and bullying, and interfering with the sale of B&N.
So, the CEO gets canned. No severance package. What message does this send to the rest of the organization (and, indeed, to other CEOs and other companies)? How does the Board look on this one? From a Compliance standpoint, and a Governance one, looks pretty good.
Might this be a pretext? Could he have been fired for some other reason?
Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Supervision
“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1. FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.
What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market? When does mere puffery become criminal? What controls would you need to have to prevent this at your company?
Do you have them? Are they enforced?
Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report
“Facebook Draws U.K. Fine Over Sharing Data,” The Wall Street Journal, October 26, 2018 B4. Facebook fined half a million Pounds ($645,000) for allowing Cambridge Analytica for letting them see and use user data. This is separate and apart from any fines the EU may impose.
Part of the problem is that Facebook didn’t do enough (i.e., anything) after it found out about Cambridge Analytica having accessed the data.
So, some points to consider:
- Whose information was it?
- Whose (and how many) rules (EU, UK, US, other) apply to (i.e., govern) a data breach?
- Why didn’t FB do anything after learning of the problem? Did it not have a process for handling a vendor that accessed data inappropriately? Doesn’t Governance require you to have such a process? Does Compliance entail requiring your vendors to follow a process, and penalizing them when they don’t?
- The fine here won’t go to the UK residents whose privacy was invaded. Is this a fine or a tax? It certainly isn’t damages.
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Privacy, Protect assets, Security, Third parties, Vendors
“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1. Tim Cook wants GDPR-style privacy protections in the US. Claims “[o]ur own information … is being weaponized against us with military efficiency.”
He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.
How do we wrest control of our information back again? Or is privacy dead? And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?
Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value