Category Archives: Vendors

Barriers to entry

“Europe’s New Consumer Privacy Law Gives Edge to Tech Giants,” The Wall Street Journal April 24, 2018 A1.  The General Data Protection Regulation, which goes into effect next month, protects consumers but also gives Google and Facebook an advantage.

By wielding their power over advertisers and taking a strict interpretation of the law, Facebook and Google can make it really difficult for competitors to establish competing platforms.

Is this what the European regulators anticipated?

Advertisements

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Privacy, Requirements, Third parties, Vendors

Privacy is dead; suspect under arrest

I don’t know what the record is for consecutive days on which one company’s screw-up was on the front page of The Wall Street  Journal, but Facebook is in the running.

“U.S., States Step Up Pressure on Facebook,” The Wall Street Journal, March 27, 2018 A1.  “[F]ederal regulators [including the FTC] … and 37 state attorneys general demanding explanations for [Facebook’s privacy] practices.” Stock price up 0.4% (when the market was up 669.40 points).  Demands/invitations that Zuckerberg (and Google and Twitter) testify before Congress.  And Europe hasn’t weighted in yet.

There is also a pop-up that describes FB’s practice of logging some calls and texts from Android phones.  Did you (we) know that?  Do you know what companies are doing with “your” data?  Do you care?  Privacy is dead; Facebook investigated as person of interest.

I guess that answers the question of who’s in charge:  the Feds and the states.  I guess I missed the outrage when essentially the same data was collected and used quite effectively by the Obama campaign.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Legal, Oversight, Ownership, Privacy, Protect assets, Requirements, Third parties, Vendors, Who is in charge?

Contagion

When disaster hits one part of your industry, other members often get hit, too, especially when customers get upset.  And the media smells blood.

“Facebook and Google Confront Antagonism of Big Advertisers,” The Wall Street Journal, March 26, 2018 A1.  Major advertisers demand more detail and accountability around ads and cost following the revelations about the use/misuse of user data and the accuracy of the viewing statistics.

Is the business model of selling access to data that isn’t really yours finally breaking down?

In a related piece, Facebook took out a full-page ad on page B12 in The Wall Street Journal that says, in part, “We have a responsibility to protect your information.  If we can’t, we don’t deserve it.”  Interesting admission that it’s your information, not theirs.  Still noodling on how that works through the courts.

Where to file this?  What does non-compliance with your information policies cost you?

Leave a comment

Filed under Access, Accuracy, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Oversight, Ownership, Protect assets, Security, Third parties, Value, Vendors

Cutting the cord

“Delete Facebook, Or Take a Break: Step by Step,” The Wall Street Journal, March 24, 2018 A13.  Further fallout from the disclosure of user data.

I didn’t read anything into the fact that this story was on the Obituary page of The Wall Street Journal.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Governance, Internal controls, Oversight, Privacy, Protect assets, Third parties, Vendors

Leaks followed by leaks

Following the user reaction to reports of the disclosure and use of user data, FB is losing advertisers.  Has the Good Ship Facebook sprung a Titanic leak?

“Facebook Pledges Actions To Stem Advertiser Exits,” The Wall Street Journal, March 24, 2018 A1.  People apparently still prize whatever privacy they have left.

A least the story is below the fold.  But it is still on page 1.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Governance, Internal controls, Oversight, Ownership, Policy, Privacy, Protect assets, Third parties, Vendors

Don’t forget who your audience is

“Angry Users Are Threat to Facebook,” The Wall Street Journal, March 23, 2018 B1.  User reaction to the use of user data may imperil FB; users lose trust.

For a company recently valued at $500 billion, the loss of a customer base and momentum may be terminal.  Or at least painful.  Just because they didn’t take care of its users’ information.

Again, is this an information governance blog or a crisis management and response blog?  The issues seem to overlap a good deal of late.  Is this just a risk of the business, or does it say something about the company’s culture or governance?  What exactly is FB selling, and to whom?  What was their reputation?

Leave a comment

Filed under Board, Controls, Corporation, Culture, Culture, Duty, Governance, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, Risk Assessment, Third parties, Vendors

It’s all about networks

“Facebook Breaks Its Silence, Admits to ‘Mistakes,'” The Wall Street Journal, March 22, 2018 A1.  Facebook takes fire for use of Facebook’s data on 50 million users by outside app developers and others.  One analyst points to “systemic mismanagement.”  Stock value has dropped 10% ($50 billion).

Well, that’s your data, isn’t it?  Data about who your friends and interests are, and other data generated by your use of Facebook.  What are your networks worth?  Who says privacy is dead?

The common crisis management three-step.  Crisis, government outrage/testimony and heartfelt (albeit delayed) apologies, and more regulation/lawsuits.

Lots of questions about who owns what data and who has what responsibilities with respect to that data.  Are your personal networks information?  What’s the information worth? When FB holds the information, is it no longer yours?  Did you accept this risk?  Was this really just a problem with FB’s vendors not controlling things?  The list goes on.

Leave a comment

Filed under Access, Analytics, Communications, Controls, Corporation, Definition, Duty, Governance, Information, Internal controls, Oversight, Ownership, Privacy, Protect assets, Security, Third parties, Value, Vendors