Continuing from https://infogovnuggets.com/2019/01/04/catching-up-again/ and https://infogovnuggets.com/2019/01/04/catching-up-again-part-2/, and https://infogovnuggets.com/2019/01/04/catching-up-part-3/
- Conflicts with conflicts
“Justice Department Chides McKinsey in Another Bankruptcy Case,” The Wall Street Journal, December 17, 2018. McKinsey continues to fail to make what are viewed as adequate disclosures of conflicts when advising bankruptcy estates, and may not get paid for its work as a result.
- Voter data
“Fight Over Voter Data Roils Democrats Ahead of Election,” The Wall Street Journal, December 17, 2018. Have Republicans been better than the Democrats at collecting and storing information? What’s this worth?
- Your business partner wants you to call a shareholders’ meeting
“Renault Urges Nissan to Call for Shareholder Meeting Following Nissan Indictment,” The Wall Street Journal, December 17, 2018. Is this interfering with “your” governance? Is this a compliance matter, or a partnership matter, where your partner is concerned that you are keeping your CEO as CEO while he sits in jail?
- Is a dance move “information”?
“The ‘Fortnite’ Dance Move That Spawned a Lawsuit,” The Wall Street Journal, December 17, 2018. While longer dance routine can be protected by copyright law (which was a bit surprising to me), not so (so far) for “snippets.”
- Hiding risk information may be a problem
“Glencore-Controlled Miner to Be Fined by Canadian Authorities Over Congo Ops,” The Wall Street Journal, December 17, 2018. Fine of $22 million for company and some of its former directors and executives for hiding the risks of doing business with someone connected to Congolese president. Is a risk analysis information? Can you hide that from the shareholders?
- Warning signs
“Goldman Sachs Ignored 1MDB Warning Signs in Pursuit of Asian Business,.” The Wall Street Journal, December 18, 2018. Can chasing business too hard lead one to ignore important information and sidestep important controls? What controls can you put in place to avoid having this happen to you? Is this an oversight issue? Do criminal charges and huge fines lay ahead?
- VW vendor pleads
“Volkswagen Supplier to Plead Guilty to Conspiracy, Pay $35 Million Fine in Emissions-Cheating Probe,” The Wall Street Journal, December 19, 2018. Company that designed the software used to fool or, as some say, cheat, the emission test pleads guilty to crime and pays a fine to US. VW has paid more than $20 billion. Is this just compliance-related, or is there also an information hook here? Design a software to work around a government test.
- Looking for a whistleblower
“Barclays Fined $15 Million by New York Over CEO’s Anti-Whistleblower Push,” The Wall Street Journal, December 19, 2018. The CEO had tried to use the company’s security department to locate the writer of a letter critical of a recent hire. He pressecd on, despite advice from the head lawyer and the chief compliance officer (costing him £642,000 in fines and £500,000 of his bonus). So the shareholders pay more than the CEO did. Go figure.
- Hiding the names of the guilty
“Illinois Dioceses Withheld Names of Accused Priests, Report Says,” The Wall Street Journal, December 20, 2018. Can you legally not disclose the name of an employee or a contractor who was accused of sexual abuse? Is this a governance issue or a compliance issue or an information issue? Or a reputation problem?
Ethics and policies
“Is It Really Five Stars? How to Spot Fake Amazon Reviews,” The Wall Street Journal, December 21, 2018. How Amazon goes about trying to separate the wheat from the chaff. How does your company determine what’s a fake review and what’s the real deal?
- Information/price linkage
“Room for Improvement? New Hotelier Tests an Algorithmic Pricing System,” The Wall Street Journal, December 22, 2018. Using information about a customer and from a customer to establish the price for future sales to that customer. Interesting linkages at a new hotel chain.
Filed under Collect, Communications, Compliance, Compliance (General), Controls, Corporation, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Investor relations, Management, Oversight, Ownership, Privacy, Records Management, Risk assessment, Supervision, Third parties, To report, Use, Value, Vendors
Continuing from https://infogovnuggets.com/2019/01/04/catching-up-again/
- Pot calling the kettle black
“Comey Tells House Panel He Suspected Giuliani Was Leaking FBI Information to Media,” The Wall Street Journal, December 10, 2018. Former FBI Director Comey, who admitted to leaking information to a reporter through a law school professor, complains that someone else did it, too.
- Yes, we have no privacy
“Thieves Can Now Nab Your Data in a Few Minutes for a Few Bucks,” The Wall Street Journal, December 10, 2018. Following the series of major hacks of privacy data (e.g., Marriott, LinkedIn, Equifax, and Yahoo), “Every American person should assume all of their data is out there,” said one FBI agent. Comforting.
- Duty to report
“New Report Shows Olympics Executives Concealed Knowledge of Nassar Allegations,” The Wall Street Journal, December 11, 2018. Executives knew information about sexual abuse allegations, and failed to report. To whom did they breach a duty?
- Interesting intersection of the right to petition the government and your right to privacy
“U.S. Investigating Fake Comments on ‘Net Neutrality,’” The Wall Street Journal, December 11, 2018. “Earlier this year, the FCC said it would upgrade its website to try to prevent fakery. … Several federal agencies warn that it is a felony to send falsified comments to the federal government when posting on websites soliciting opinions on federal rulemaking.” What if the comments were anonymous?
- Lying or overspending on your expense account can get you canned
“Under Armour Ousts Two Executives After Review of Expenses,” The Wall Street Journal, December 11, 2018. Complying with company policy and procedures is sort of kind of like a job requirement. Even if you signed Jordan Spieth. But how were they to know how much was too much?
- Weakest link?
“Amazon, Amid Crackdown on Seller Scams, Fires Employees Over Data Leak,” The Wall Street Journal, December 11, 2018. Employees bribed for access to inside information. What’s your information worth to you? To the briber? To the (former) employee? Do you have a policy against taking bribes?
- Collateral impact
“Nissan-Renault Scandal Shows It’s Hard to Keep Car Alliances On Track,” The Wall Street Journal, December 12, 2018. A scandal at your business partner can affect your company’s relationships. Is that Governance?
- How do you deal with rumors? Are they “information,” too?
“Super Micro Finds No Malicious Hardware in Motherboards,” The Wall Street Journal, December 12, 2018. This contradicts a prior report from Bloomberg. How do you govern other sources of information? Is using a trusted third party to investigate just standard crisis management planning?
- Should Compliance be more congenial?
“Banks Get Kinder, Gentler Treatment Under Trump,” The Wall Street Journal, December 13, 2018. Regulators are urged to be more collegial with the banks they regulate. Is that better “Governance,” in the short term or in the long term?
- What does it say?
“Renault Sticks With Carlos Ghosn as Internal Probe Finds No Illegality,” The Wall Street Journal, December 13, 2018. What does it say to the rank-and-file when the Chairman gets arrested? And when he’s thereafter kept in place? The Board may have some explaining to do.
- What can your employer do with your information?
“U.S. Companies Asked to Disclose More About Their Workers,” The Wall Street Journal, December 14, 2018. Pension funds ask employers to disclose more information than the SEC currently requires. Whose decision is that? When and how can you object?
- Watch your contractors
“Chinese Hackers Breach U.S. Navy Contractors,” The Wall Street Journal, December 15, 2018. What’s this information worth, both to the US and to China? How much do you look at the security at your vendors who process or create information for you? Are they a weaker link than your employees? (See item 6, above.)
- Information and Governance and Compliance
“PG&E Falsified Gas Safety Records, California Claims,” The Wall Street Journal, December 15, 2018. From the explosion in San Bruno in 2010 (after which PG&E couldn’t find a bunch of inspection records relating to hundreds of miles of its pipelines) to more recent claims about fudging the records on pipeline locations, PG&E has had this problem for awhile. For now, these are just allegations. But what impact on every claim made against the company, and every claim made by it? If they falsify safety records, do they falsify bills, too? “The [state regulator] last month expanded a continuing probe of PG&E’s safety practices and said it would explore the way the company is structured and managed.” There seems to be a link between record-keeping and management and compliance and culture.
- Facebook, again
“Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users,” The Wall Street Journal, December 15, 2018. One almost gets the idea that protecting your privacy is not a high priority for them.
Filed under Board, Collect, Communicate, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Management, Oversight, Oversight, Ownership, Privacy, Protect, Protect assets, Records Management, Security, Supervision, Technology, Third parties, To report, Use, Value, Vendors
“Mueller Accuses Paul Manafort of Lying to FBI After Plea Agreement, The Wall Street Journal, November 26, 2018 (online). Did Manafort lie after he reached a plea deal?
Information is not limited to what you write in a document or an email. It includes verbal utterances. How do you control your “verbal utterances” when the penalty for lying to the FBI can result in 20 years in prison, regardless of what happened prior to your plea deal?
So, this involves Information (verbal statements are information), Compliance (lying to the FBI exposes you to 20 years’ in prison for each offense), and Governance (how do you avoid making an untrue utterance?). Do your policies and controls address verbal information, and, generally, not lying to the FBI? Need they?
“Rebuke at Wells Shows Clash,” The Wall Street Journal, November 15, 2018 B1. Chief administrative officer (and former head of HR) at Wells placed on leave after the Office of the Comptroller of the Currency criticizes the oversight that she and the bank’s chief auditor provided.
If your company interacts with government regulators (and whose doesn’t?), is the government effectively a part of your governance structure? Or is government a separate component of Governance, whether that is Compliance Governance or Information Governance? Or just “Governance”?
And what does it say about communications when the government holds up a senior official for poor oversight? What about the board? Highly visible to the worker bees.
Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight, Third parties, To report
“Trudeau Says Canadians Heard Khashoggi Tapes,” The Wall Street Journal, November 13, 2018 A7. Canadian intelligence officials hear audio tapes related to killing.
One assumes that this is a tape of some conversation picked up by intelligence folks after the killing, and not a recording of the killing itself. Unless someone wanted to have proof for the boss. Perhaps intelligence agencies spy on other governments or phone calls.
Often, people think information governance is all about the written word. But the spoken word is information, too, whether it is recorded or not. It’s just a problem of proof. Is someone listening or taping your conversation? Would it matter?
Filed under Access, Accuracy, Communications, Controls, Definition, Duty, Governance, Government, Information, Internal controls, Risk assessment, Security, Third parties
“Boeing Withheld Data On Potential Hazards,” The Wall Street Journal, November 13, 2018 A1. Did Boeing fail to disclose potential problems with its new flight-control feature? Was that a factor in the Lion Air crash in Indonesia, killing 189 people?
Maybe this feature didn’t factor into the crash; we’ll have to wait for the cockpit voice recorder and the flight data recorder. But if you know something and don’t tell other people who would like to know — well, that’s bad. Even if you didn’t want to confuse them by providing them too much information. Was it better “marketing” to tell their customers that they wouldn’t need as much training?
How do you decide how much information to provide your customers? Are there problems you don’t mention? Why?
Filed under Access, Accuracy, Communicate, Communications, Controls, Corporation, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Management, Risk assessment, Third parties
How do you make sure that your policies are keeping pace with law and society?
“Google Changes Harassment Rule,” The Wall Street Journal, November 9, 2018 B4. Following an employee walkout over how the company handles/handled sexual harassment claims, Google will no longer require that such claims be subject to arbitration.
This ties to Governance (what rules do you have in place, and when do you update those), Compliance (how do you handle claims of policy violations), and Information (a claim is one type of information).
I’m a bit of a knowledge management wonk, having been involved in the then-nascent KM movement within the inhouse legal community in the early 2000s. But there can be too much sharing.
“Sinclair Settles With U.S. on Ad-Sales Data,” The Wall Street Journal, November 8, 2018 B2. A media group settles lawsuit over alleged sharing of information among television station owners, that may have led to higher advertising rates.
An interesting side note is that this all came to light when Sinclair proposed to buy another company and had to undergo a government investigation.
Are there restrictions on how much information can be shared between and among competitors? Yes. They are call “antitrust laws.” And is there a risk of making a deal that subjects you to government scrutiny? Yes. The may discover all manner of minor and major sins.
Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Discovery, Duty, Governance, Information, Internal controls, Knowledge Management, Oversight
What does it say when you try too hard to “manage” the information that gets out? Do you have the necessary “control” of that information? When you try to “control” it, what does it say about you when the information gets out anyway?
This sounds like “the risk of selectively releasing information.”
“Turkey Slams Saudis Over Lack of Clarity About Slain Journalist’s Body,” The Wall Street Journal, November 1, 2018 A9. Changing stories on the death of Jamal Khashoggi.
Apparently, there are international norms on what you need to say and how you need to say it, even if it information concerns events within a consulate. Was disclosure legally required? Maybe not, at least legally. But when you do disclose, it’s a good idea to do so honestly. Especially if someone else gets the information.
Filed under Accuracy, Communications, Compliance, Controls, Culture, Duty, Governance, Government, Information, Internal controls, To report
“Barnes & Noble Details CEO Firing,” The Wall Street Journal, October 31, 2018 B1. CEO allegedly fired for sexual harassment and bullying, and interfering with the sale of B&N.
So, the CEO gets canned. No severance package. What message does this send to the rest of the organization (and, indeed, to other CEOs and other companies)? How does the Board look on this one? From a Compliance standpoint, and a Governance one, looks pretty good.
Might this be a pretext? Could he have been fired for some other reason?
Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Supervision