Doug Laney has done a lot of good stuff on infonomics, and the value of information. But can information have a negative value?
“FBI Didn’t Follow Up Tip By Person Close to Shooter,” The Wall Street Journal, February 17, 2018 A1. FBI got a tip on January 5 about the person who ended up shooting up the school at Parkland on February 14. Failed to act on it. Seventeen people died.
Do you have a duty to use information you have? What if you have important information and you don’t use it, or can’t use it because you can’t find it? Is that a liability (i.e., a “negative asset”)?
Do your internal controls make sure that critical information gets to the decision makers promptly? If not, who’s responsible?
Look at the past year or two in industry and you will find several examples of the cost of not having important information reach the right people at the right time. For example, Wells Fargo management didn’t learn of the account cramming until months or years later. The Board at GE didn’t know about the two-plane approach the CEO was using.
Which is worse, knowing or not knowing? Don’t know, but certainly knowing and not doing anything is the most expensive.
Filed under Access, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Oversight, To report, Value
“Equifax Denies Breach Of Passport Numbers,” The Wall Street Journal, February 8, 2018 B10. In the hack of its files, Equifax admits exposing information of perhaps 145 million people. Social Security numbers, stuff like that. And credit card numbers and driver’s license numbers. Senator E. Warren says the hack also exposed passport numbers. Equifax says it didn’t.
Who do you believe? One of them is wrong. Which is more likely, that Equifax is lying or that a sitting US Senator didn’t understand Equifax’s submission to Congress? When information is contradictory, how do you minimize risk?
“Fake Public Comments On New Rules Probed,” The Wall Street Journal, January 25, 2018 A3. Were faked ids used to post comments on proposed federal regs?
When you make comments on a proposed government regulation, do you have to provide your correct name or id? Is there a special problem when the government tries to limit your free speech? Is this fraud (and if so, why?)? Apparently, it is a crime to “knowingly make false, fictitious or fraudulent statements to a US agency.” Is this 18 USC §1519, or something else? Can the government criminalize “fictitious” comments to the government? There’s the 1st Amendment of course, and the right to petition.
For a non-commercial site, how do you stop “spoofing”?
I’ve taken a bit of a break; one of the readers of this blog asked if I’d stopped writing it. Not that there aren’t issues on governance, information, or (and) compliance that come up daily.
Is this blog of value? Is it worth your time? Let me know. How can I improve this? Let me know by posting a comment.
Some recent stories:
- “Subaru Probes if Fuel Data Was Fake,” The Wall Street Journal, December 21, 2017 B1. Company investigating whether workers fudged the numbers on fuel economy. Another black eye for the Japanese quality objectives. Is there/was there a culture problem? Or did management apply too much pressure?
- “Wells Fargo Earns New Ire From Bank’s Overseers,” The Wall Street Journal, January 6, 2018 B10. Bank regulators marked Wells Fargo down because of its management, and as a result the bank will pay higher insurance and be subjected to higher regulatory scrutiny. 2017 wasn’t a good year for the bank.
- “Court to Review SEC Judges,” The Wall Street Journal, January 13, 2018 B10. The Court accepted an appeal that will look at whether SEC’s judges are unconstitutional, having been selected by the HR Department. Do government agencies need to comply with the US Constitution? Can one be “governed” by someone who wasn’t properly appointed or supervised? Is the common law writ of quo warranto still effective?
- “Parents’ Dilemma: When to Give the Children Smartphones,” The Wall Street Journal, January 13, 2018 A1. Giving your child a smartphone also gives them access to a whole bunch of stuff you might wish they didn’t have so much access to. Are you properly governing how much information your kids can see? Do you also provide them a handgun (without bullets, of course)? (The article talks about teaching your children to use cocaine, but in a balanced way). Not all information accessible by smartphone is of equal value, and different parties in the transaction value different information differently.
Filed under Access, Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Security, Third parties, Value
“Lawyer Presses Mueller on Emails,” The Wall Street Journal, December 18, 2017 A4. Questions arise after a government agency (later identified as the GSA) turns over Presidential transition team emails to Mr. Mueller.
Who owns the emails of non-governmental employees who use storage provided by a government agency? And must the Special Counsel file a subpoena before getting information from a third party?
Where is your company’s email stored? Who owns it?
If there’s anything in those emails, are they “fruit of the poisonous tree” as the Special Counsel did not get a warrant?
Filed under Access, Controls, Corporation, Duty, Employees, Government, Information, Internal controls, Lawyers, Ownership, Third parties
“Firm Settles Russia Probe,” The Wall Street Journal, December 12, 2017 A5. Company working on US defense projects had Russian employees who lacked appropriate security clearances (and who stored some material on servers in Russia).
No fine reported; company to institute new security protocols and thereby resolve criminal complaint.
One would have thought someone would have gotten more than their hands slapped over this one.
Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Governance, Government, Internal controls, Management, Oversight, Protect
Those of us familiar with the EU are familiar with government agencies placing and enforcing restrictions on the collection of personal information, to protect the privacy rights of its citizens.
“CFPB Curbs Data Collection,” The Wall Street Journal, December 5, 2017 B5. The Consumer Financial Protection Bureau stops collecting personal information (including data on credit cards and mortgages) until adequate cybersecurity protections are in place.
Delicate balance between protecting privacy and protecting your credit? Or the recognition by the government of their duty to protect our information?
Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, IT, Ownership, Privacy, Protect assets, Security