Those of us familiar with the EU are familiar with government agencies placing and enforcing restrictions on the collection of personal information, to protect the privacy rights of its citizens.
“CFPB Curbs Data Collection,” The Wall Street Journal, December 5, 2017 B5. The Consumer Financial Protection Bureau stops collecting personal information (including data on credit cards and mortgages) until adequate cybersecurity protections are in place.
Delicate balance between protecting privacy and protecting your credit? Or the recognition by the government of their duty to protect our information?
Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, IT, Ownership, Privacy, Protect assets, Security
Who’s in charge of the executive branch? A basic governance question.
“Showdown Looms at Consumer Agency,” The Wall Street Journal, November 27, 2018 A1. Temporarily, we have two acting directors of the Consumer Financial Protection Bureau, one designated by the President and one appointed by the outgoing director (and suing to have a court determine that she’s really in charge).
Leaving aside for the moment whether the CFPB in constitutional, it’s probably important to have a place a mechanism for knowing who’s in charge.
The courts will sort it out, eventually.
“Russian Firm Was Long Seen as Threat,” The Wall Street Journal, November 18, 2017 A2. Questions as to the Kaspersky antivirus software company were raised by military intelligence in 2004, well before the 2013 threat assessment issued Pentagon-wide.
Who dropped the ball? Did the Russians have an inside track?
Filed under Access, Communications, Controls, Duty, Duty of Care, Governance, Government, Information, IT, Oversight, Security, Supervision, Value
On the one hand, regulators want to be able to easily see all the trading data about stock trades. On the other, if you put all the important information in one place, hackers might go after it. What’s a body to do?
“Exchanges Seek Database Delay, Citing Security,” The Wall Street Journal, November 15, 2017 B18. The NYSE and others asked the SEC to delay the start of a new database of sensitive trading information so that they can enhance the security. By adding a CISO, for example.
The SEC hasn’t been a positive model for computer security, and industry has had a few oopsies as well. How does one balance ease of regulatory enforcement and security? Which one is more important? Who’s responsible/liable if there’s an oops?
Filed under Access, Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Government, Internal controls, Oversight, Protect assets, Security, Third parties, Value
What happens when the person in charge of protecting whistle blowers is alleged to have retaliated against employees who pointed out possible wrongdoing?
“SEC Watchdog Faces Complaints,” The Wall Street Journal, November 13, 2017 B9. The Inspector General at the SEC faces complaints of retaliation against whistle blowers, who raised time and attendance fraud. Was there also some office hanky-panky? The investigation may also not have been independent.
It’s good when the government gives examples of behavior. It would be better if they were examples of good behavior.
A new oxymoron.
A Brigadier General in charge defending the accused at Guantanamo was arrested on the order of a military judge. The General’s crime: allowing other civilian defense attorneys to resign after it was discovered the Government had bugged the room where the attorneys met with their clients.
“Gitmo General Is Released,” The Wall Street Journal, November 4, 2017 A5.
But Bergdahl walks?
Do military judges have more power than either they think they have or that they should? How do you govern without reliable enforcement?
How do you enforce the rules in the future if you haven’t enforced them in the past?
“Bergdahl Avoids Jail Time,” The Wall Street Journal, November 4, 2017 A3. A convicted deserter loses some benefits but doesn’t go to jail or get executed.
If you’re the Army, what steps can you take to prevent desertion in the future? For those in the private sector, has your employer failed to enforce the rules? What does that do to the culture? If he had been convicted of sexual harassment, would the sentence have been different?