Category Archives: Compliance

Email

“Yahoo, Bucking Industry, Scans Emails for Data to Sell,” The Wall Street Journal, August 29, 2018 A1.  Unlike its competition, Verizon scans your Yahoo and AOL emails and shares the data with advertisers trying to sell you stuff.

This blog focuses in part on Compliance with law and company policy and procedures.  Does one need to comply with the practices of others in the industry, even where that is not required?  Do “market forces” act as part of the Governance structure?

We already know that Yahoo feels it owns the data you exchange over their platform.  But telling others what sites you’ve visited is a bit different than telling them what you may have been mentioned in your email.

Advertisements

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Governance, Information, Ownership, Ownership, Privacy

Who exactly are your partners?

“U.S. Probes Microsoft on Bribery,” The Wall Street Journal, August 24, 2018 B1.  DOJ probes sales of software licenses to middlemen for ultimate sales to smaller governments.

Did the middlemen in, say, Hungary, share their discounted purchase price with government officials by way of bribes?  Even if they did, is Microsoft liable?  Unless the middlemen were Microsoft sales agents (who didn’t take title to the software licenses), or Microsoft knew of the scheme, hard to see FCPA liability for Microsoft.  Were the middlemen business partners of Microsoft, or just intermediate purchasers?

The ethics of the people with whom you do business can come back to bite you.  Your policies may apply by contract to consultants and third parties that you engage, but do they apply to the people to whom you sell/license your product?

 

 

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Oversight, Policy, Third parties, Vendors

Finally, we have a winner

At least somebody goes to jail for leaking top secret information about Russian hacking of elections.  In less than a year and a half.

“Former Intelligence Contractor Gets Five Years in Prison for Leak,” The Wall Street Journal, August 24, 2018 A2. Reality Winner, a contract worker at the NSA, gets sentenced for leaking a secret report on election hacking by the Russians from the NSA to a news outlet.

The rules do need to be enforced from time to time, or they are more like guidelines.  And contractors seem to be a weak link.

Did anyone else in the chain of command get punished?  If she were in Washington, DC, rather than Augusta, Ga., would she have faced the same fate?

See also https://infogovnuggets.com/2017/06/06/we-have-a-winner/.

 

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Duty, Employees, Governance, Internal controls, Oversight, Protect assets, Third parties, Vendors

Who’s the boss?

To have governance, is a single point of accountability required?

“Workers Deal With Too Many Bosses,” The Wall Street Journal, August 21, 2018 B1.  According  to a recent poll, two-thirds of employees have more than one boss.  Some employees respond by trying to manage their bosses.

From a Governance perspective, if you have multiple bosses, who sets your priorities?  Who establishes the policies and procedures and instructions that you, as an employee, must follow?  How does one resolve conflicts?

And which one person in your organization bears responsibility/accountability for the overall Governance of your company’s Information?  Your company’s overall Compliance with law and with company policy and procedures?

Without such a single point of accountability/responsibility, who gets punished if things don’t go right?  If no one is held responsible/accountable at the C-suite level, do you really have a program-in-fact, as opposed to a program-on-paper?

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Supervision, Who is in charge?

Controlling speech

How does one control speech in the public forum without encroaching upon fundamental freedoms?

“On Social Media, a Battle Is Brewing Between Bots and Trolls,” The Wall Street Journal, August 11, 2018 B7. Blocking some speech and some speakers would be bad if the government did it.  But is it better if private companies do it, especially when they have pervasive power over the communications streams currently in use?

There’s battle brewing, indeed.  Are the Facebooks and Googles of the world mere utilities getting paid solely for carrying content from all comers, with no power (or financial interest?) over the content they carry, or are they publishers with some accountability?  If the technology tools they use to screen out the “bad” stuff (terrorists, for example) also screen out unpopular (to someone) speech, who pays damages?

If a company is quasi-governmental, shouldn’t it be subject to quasi-constitutional limitations?

This seems to me to be Governance, Compliance, and Information.

Leave a comment

Filed under Access, Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Data quality, Duty, Governance, Government, Internal controls, Third parties

Loose lips, revisited

The prior post was about what you say and in what medium.  So’s this one.

“SEC Probes Musk Tweets On Possible Tesla Buyout,” The Wall Street Journal, August 9, 2018 A1.  Were Elon Musk’s tweets about having lined up financing for a buyout false or misleading?  The SEC may want to know.

So, is information false or misleading?  I thought we had freedom of speech?  And (altogether too much) freedom to tweet?

Falsely shouting fire in a crowded theater is still a bad thing (thank you, Justice Holmes).  As is misleading your shareholders.

Should a CEO of a listed company know better?  Loose lips sink ships.

Leave a comment

Filed under Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Employees, Governance, Information, Internal controls, Investor relations

Shoot for the stars

Nailing a high-visibility target demonstrates that you’re serious about compliance.  Especially if he or she is a big money maker.  And especially if it is over violations of your company’s procedures.

“GAM Says Fund Manager Breached Policies on Gifts,” The Wall Street Journal, August 7, 2018 B10.  “[T]he star fund manager” also used his personal email to transact business for the company, and failed to follow other company procedures.

The company’s shares have dropped 44%.

Would you be surprised if your company did this?  What does that say about your culture?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Policy