Category Archives: Compliance

Contracts matter, too

This blog often deals with Compliance, both compliance with law and compliance with company policy.  But another aspect of Compliance is the corporation’s compliance with its own contracts.

“Professor Wins College-Freedom Case in Wisconsin,” The Wall Street Journal, July 7, 2018 A3.  Private university penalizes professor for posting a factual post online, despite  academic freedom protections he had in his contract; professor wins back pay and reinstatement.

So, does your compliance program cover your organization’s compliance with its own contracts?  Does your compliance training mention that point?  Is contract compliance more or less important than ethics?  Or is it part of ethics?  How strong are your processes around contract compliance?

I just ask the questions.

 

Advertisements

Leave a comment

Filed under Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Third parties

Policy

This blog looks at the intersection of Information, Governance, and Compliance.  Normally, when one hears “Compliance,” one assumes it means compliance with law.  But Compliance also extends to compliance with policy.

“Barnes & Noble Cites Policy In Firing,” The Wall Street Journal, July 5, 2016 B1.  B&N CEO and a member of the board fired after a little more than a year for violation of a so-far-undisclosed company policy..  No severance package.  Ouch.

What sort of message does that send to the rank and file when the CEO gets punished for violating company policy?  Does that extend beyond the policy the CEO is accused of violating?  Is that why the specific policy wasn’t mentioned?

I assume this was for a violation more serious than failing to follow the company’s Records Retention Policy.  But aren’t all violations of company policy by the CEO equally serious? Aren’t all violations of policy equal, or are there capital “P” policies, and small “p” policies?  How does an employee tell the difference?

And the company chose to publicize at least the basic reason for the firing; does it do that in all firings for policy non-compliance?  Does the CEO have more or less privacy rights than the lowest-paid employee?

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Policy, Privacy

How to prevent contamination?

“Amazon Delves Into Health Data,” The Wall Street Journal, July 2, 2018 B3.  Amazon buys a company with a bunch of personal health information.

It’s not like Amazon doesn’t have to deal with a whole host of privacy regulations, including the EU and, more recently, California.  But personal medical information is different, and subject to different controls.

How does a company that lives on finding relationships in large bodies of information deal with information that can’t be used freely?

We’ll see.

Leave a comment

Filed under Access, Analytics, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Policy, Privacy, Third parties

Telling the truth is a journey

“Facebook Details Data Sharing,” The Wall Street Journal, July 2, 2018 A1.  Facebook “expands” its answer to the question, “Who else saw our data?”  Apparently, a lot more people than Facebook said originally.  A bunch of special deals and exemptions from Facebook’s “policy.”

So, apparently Facebook does not have a personal relationship with the truth, but they sure have your information.

One expects further revelations in the months ahead.

Takeaways:

  • Lying is not an effective communications strategy
  • When you’re being investigated, either tell the truth or say “I don’t know.”
  • The only person who can grant an exception to a policy is the person who issued the policy (or their superior)
  • Strictly enforce your company policies, or they won’t help much
  • Treat my data with as much care as you treat your data

Leave a comment

Filed under Accuracy, Communications, Compliance, Controls, Corporation, Culture, Duty, Governance, Internal controls, Investor relations, Oversight, Policy, Privacy, To report

Compliance incentives

“CFPB Decides Not to Fine Citi on Overcharges,” The Wall Street Journal, June 30, 2018 B12.  Company failed to lower credit card interest rates for some customers when it should have.  It will refund the overcharges and fix its practices, but won’t pay a fine.

Citi self-reported, and proposed full restitution.

Would this have happened under the prior Director at the CFPB?  Or would the offense have led to a large fine as well?  To what purpose?

Leave a comment

Filed under Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, Oversight, To report

Equifax compliance education

“Former Equifax Manager Is Charged,” The Wall Street Journal, June 29, 2018 B3. To respond to the huge privacy breach at Equifax last year, the company set up a website to help some of those affected.  The former software manager setting up that website  bought some options, betting that Equifax’s stock would go down once the breach was discovered.  He faces criminal and civil charges.

Who would have thought a software engineer needed insider trading education?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, Legal, Oversight, Policy, Protect assets, Requirements

EU comes West

“Sweeping Privacy Bill Passes in California,” The Wall Street Journal, June 29, 2018 B1.  State law gives us the right to not share our data online, and to prohibit the sale of that information.  Downside: it may cost you more.

This will be hugely disruptive for online businesses.  But it does get to the question: “Who owns ‘your’ data?”

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Ownership, Privacy, Value