Category Archives: Duty of Care

Administrative procedures

“EPA Limits Data Used in New Rules,” The Wall Street Journal April 25, 2018 A4. Underlying studies must be made public and the findings must be reproducible before research will be used to justify new regulations.

Does the government need to allow you an opportunity to contest the “facts” upon which regulations are issued?  Is it right for the US government to rely upon scientific studies that in turn rely on secret information in order to establish regulations?  Do the government need to independently validate information before taking regulatory action?   How can an opponent reasonably contest the wording and scope of a regulation if he/she can’t see the evidence?  Or if the evidence doesn’t prove what the scientist says it proves?

Is this about information, or governance, or information governance?  More than one?

Advertisements

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Duty, Duty of Care, Governance, Government, Internal controls, Oversight, Third parties

Catching up

I was out of town for a bit, and am now catching up  So this will deviate from the usual one-story, one-post format.  19 squibs.

“ISS Opposes Five Equifax Directors,” The Wall Street Journal, April 17, 2018 B2.  A proxy advisor recommends against voting for members of the Board’s technology committee, who had responsibility for technology security.  Is that all that happens, they get fired?  157 millions accounts exposed and they get un-elected but not (yet) sued?  No claw-back of director’s fees?

“Facebook Data Dispute Embroils University of Cambridge,” The Wall Street Journal, April 16, 2018 B4. Cambridge says Facebook approved of the University’s use of Facebook data.  Or your data, if you wish.

“Fired FBI No.2 McCabe Misled Probe, Report Says,” The Wall Street Journal, April 14, 2018 A1.  Misleading an internal investigation into leak to the newspaper is not good.

“Volkswagen Prepares to Replace CEO, The Wall Street Journal, April 11, 2018 B1.  CEO who help VW survive the emissions scandal gets replaced. A palace coup after the company spent $25 billion+ on the scandal.  Is this more price for VW to pay?  And let’s not forget the shareholders, who foot the bill.  See also “VW Picks Chief After Boardroom Coup,” The Wall Street Journal, April 13, 2018 B1.

“Blunder Hits Samsung Securities,” The Wall Street Journal, April 11, 2018 B13. An employee’s mistake leads to mistaken issuance of $105 billion in shares, more than 30 times the company’s existing issued shares.  Do you have the right controls in place?  Is this an information governance issue?

“Facebook Hearings Put Regulation In Spotlight,” The Wall Street Journal, April 12, 2018 A1. Will the Facebook data leak/usage lead to new privacy regulation?

“Adviser Urges Shift On Board Of Equifax,” The Wall Street Journal, April 12, 2018 B10.  Does the company’s failure to avoid a cyber attack mean the board has to go?  Maybe.

“China’s Censors Zero In on Apps,” The Wall Street Journal, April 12, 2018 B4.  Chinese government extends control over a smartphone app that had crude jokes.  Now there’s enforcement of a policy, and a demonstration of what “governance” means.

“Zuckerberg Says Sorry for Harm Done,” The Wall Street Journal, April 10, 2018 B4.  Classic crisis management strategy:  admit you’re wrong?

“Sensing Urgency, Facebook Bolsters User Protections,” The Wall Street Journal, April 10, 2018 B5.  Locking the door after the horse bolted.

“Facebook Sets ‘Issue’ Ads Rule,” The Wall Street Journal, April 7, 2018 A1.  Does a background check on advertisers protect your privacy?

“YouTube Policies Stir Bitterness,” The Wall Street Journal, April 6, 2018 B1.  Following attack at YouTube HQ, taking a closer look at YouTube’s policies on filtering/restricting content.

“Facebook CEO: Lax Privacy a ‘Huge Mistake,'” The Wall Street Journal, April 5, 2018 A1.  Not focusing on privacy protections a “huge mistake.”  Really?

“Police Want to Send AI Into the Street,” The Wall Street Journal, April 4, 2018 A3.  Can body cams be used to collect “Person of Interest”-level information, real time?

“WPP’s Sorrell Faces Probe,” The Wall Street Journal, April 4, 2018 B1.  CEO of advertising company under internal investigation for misusing company assets.  It’s really just a question of duty.

“GM Scraps a Standard in Sales Reporting,” The Wall Street Journal, April 3, 2018 B1.  You manage what you measure.  So, no longer reporting this statistic will reportedly make it easier to measure performance.  Huh?

“Oracle Defeats Google In Court,” The Wall Street Journal, March 28, 2018 B1. Appeals court revives copyright infringement suit against Google.  $9 billion+ in damages alleged.

“Wedbush Accused Of Flawed Oversight,” The Wall Street Journal, March 28, 2018 B12.  SEC charges company with failure to properly supervise an employee involved in “long-running ‘pump-and-dump’ scheme.”

 

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Oversight, Ownership, Ownership, Policy, Privacy, Protect information assets, Security, Third parties, Value

Privacy is dead; suspect under arrest

I don’t know what the record is for consecutive days on which one company’s screw-up was on the front page of The Wall Street  Journal, but Facebook is in the running.

“U.S., States Step Up Pressure on Facebook,” The Wall Street Journal, March 27, 2018 A1.  “[F]ederal regulators [including the FTC] … and 37 state attorneys general demanding explanations for [Facebook’s privacy] practices.” Stock price up 0.4% (when the market was up 669.40 points).  Demands/invitations that Zuckerberg (and Google and Twitter) testify before Congress.  And Europe hasn’t weighted in yet.

There is also a pop-up that describes FB’s practice of logging some calls and texts from Android phones.  Did you (we) know that?  Do you know what companies are doing with “your” data?  Do you care?  Privacy is dead; Facebook investigated as person of interest.

I guess that answers the question of who’s in charge:  the Feds and the states.  I guess I missed the outrage when essentially the same data was collected and used quite effectively by the Obama campaign.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Legal, Oversight, Ownership, Privacy, Protect assets, Requirements, Third parties, Vendors, Who is in charge?

Are you serious about enforcing your policies?

The headline from Tuesday says it all.  “Data Blowback Pummels Facebook,” The Wall Street Journal, March 20, 2108 A1.  Inquiries into allegedly improper data access in support of Trump campaign.  Stock dropped 6.8% on Tuesday (-$36 billion in shareholder value).  Congress stirs.  Wants to restrict how Facebook deals with user data.

At issue is information of the same type shared with the Obama campaign in 2012, allowing access to your connections.  After that election, Facebook changed their policies.  This case involves a professor (technically, a vendor?) getting information from Facebook and sharing it with others, including a group advising the Trump campaign.  After Facebook discovered what the professor had done, an audit was done at the campaign adviser group, which said it had deleted all the data once it learned the professor had violated Facebook’s policies when he provided the information.

Who owns the data (such as who your friends are), and what protections are applied to this data?  Is Congress getting involved going to help or hurt?  How do you make sure your vendors comply with your policy?

And Facebook’s policies?  Today’s headlines says it all (sort of):  “Lax Data Policies Haunt Facebook,” The Wall Street Journal, March 21, 2018 A1.  Actually, it wasn’t a problem with the policies, it was the fact that Facebook wasn’t very good at monitoring or enforcing them.  And the policies were adopted as part of a settlement with the FTC.  This could get expensive.  The Canadian government (where there is more extensive privacy protection by law) is also investigating.  An additional 2.6% drop in shareholder value on Tuesday.

See also “Facebook Provokes Storm Over User Data,” The Wall Street Journal, March 19, 20198 B1.  How did an outside data firm get access to users’ private data without their permission?  Unclear whether the data firm kept the data longer than it should have.

Watch this space. This is going to be news for a while.

Leave a comment

Filed under Access, Analytics, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Ownership, Privacy, Protect assets, Third parties, Value, Vendors

Who’s responsible for your information technology?

Who’s at fault when your technology doesn’t work?  Isn’t that an inherent risk in any technology?

“NYSE to Settle With SEC Over Malfunctions,” The Wall Street Journal, March 7, 2018 B15.  NYSE penalized $14 million for not preventing “outages of critical market infrastructure” in August 2015.

Crazy the the government can create a rule making you liable if technology fails.  But then, you have to comply with the applicable requirements.

 

Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Requirements

What’s security worth?

“Overstock.com Shares Fall on Crypto Probe,” The Wall Street Journal, March 2, 2018 B10.  After they disclose an SEC investigation into sales of digital tokens, share price drops nearly 5% (initially, it was worse).

I suspect the shareholders are not amused.  But will the compliance spending budget go up?  Are the tokens securities?  The legal spending will definitely increase.

Will the Board’s compensation keep pace?

Leave a comment

Filed under Board, Compliance, Compliance, Corporation, Directors, Duty, Duty of Care, Governance, Oversight, Oversight, Risk assessment

147 million and counting

“Equifax Data Breach Hits Over 147 Million,” The Wall Street Journal, March 2, 2018 B3.  Names and driver’s license numbers of an additional 2.4 million people were “affected.”

That’s 145.5 million plus 2.4 million.  Eventually, this will be a big number.

Leave a comment

Filed under Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Third parties