Category Archives: Duty of Care

Fraud at the top

“Former Goldman Bankers Charged,” The Wall Street Journal, November 2, 2018 A1. “Two senior … bankers allegedly paid bribes and stole and laundered money … [in] one of the biggest financial frauds in history.”

What does it say when two of your 435 partners and one of your managing directors commits a fraud?  Failures in systems/controls?  Bad culture?  Do you have a “cowboy atmosphere” in Asia?  Poor training?  Are these rogue employees?  What’s the impact on your reputation?  What was the tone at the top?

This is primarily a Governance point.  How will the new CEO handle?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Oversight, Policy, Supervision, Who is in charge?

Cheaters

“Market Cheats Get Caught More Often,” The Wall Street Journal, November 1, 2018 B10.  Traders manipulating prices by spoofing real futures trades are getting caught and prosecuted for criminal violations.  Exchanges cooperating with enforcement authorities.

If accurate information is worth X, what is inaccurate information worth?  It depends, whether you are buying or selling based on it.

So, this is both Information (information includes both accurate and inaccurate information) and Governance (manipulating market trades with false information is a crime that the CFTC and DOJ prosecute).

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Data quality, Definition, Duty, Duty of Care, Employees, Governance, Information, Oversight

Chinese hacking alleged

“U.S. Charges Agents Of China Hacked Aviation Firms,” The Wall Street Journal, November 1, 2018 B4. Agents of the Chinese government indicted for trying to steal airline industry technology.

This is getting to be rather routine.  One part of this is the value of Information, and the importance of information security.  One part of this is Compliance, of course, as the US government is trying to protect the US information assets (although the company at issue probably had some responsibility for this as well, as well as their board of directors).  And, of course, Governance, as the US government is prosecuting.

We all know the business case for cyber-security.

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties

What’s worse than a tweet?

“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1.  FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.

What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market?  When does mere puffery become criminal?  What controls would you need to have to prevent this at your company?

Do you have them?  Are they enforced?

Leave a comment

Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report

It’s all information

This blog explores, from time to time, the outer reaches of the intersection(s) of Information, Governance, and Compliance.

Consider, for a moment, a fingerprint.  Not what you normally consider “information.”  And one seldom thinks of “managing” a fingerprint.  Who owns your fingerprint?  But consider the value of a fingerprint, and both the failure to “manage” or control where that fingerprint can be found and the ability to find that fingerprint and locate its owner.  How much information governance is involved in this process?

“Fingerprint Leads to Arrest Of Bomb Suspect in Florida,” The Wall Street Journal, October 27, 2018 A1.  Alleged mail bomber’s fingerprint in a package sent to a legislator leads to arrest of suspect.

Which leads me to the question,”What is there that isn’t information that is managed or controlled in our lives, or a least directly related to information that is managed?”  I struggle to find an example of something that isn’t information, or directly related (perhaps somewhat remotely) to information that is managed or controlled.

 

Leave a comment

Filed under Access, Accuracy, Analytics, Collect, Compliance, Controls, Data quality, Definition, Duty of Care, Governance, Information, Management, Oversight, Ownership, Records Management, Risk assessment, Use, Value

Too much sharing

“Facebook Draws U.K. Fine Over Sharing Data,” The Wall Street Journal, October 26, 2018 B4. Facebook fined half a million Pounds ($645,000) for allowing Cambridge Analytica for letting them see and use user data.  This is separate and apart from any fines the EU may impose.

Part of the problem is that Facebook didn’t do enough (i.e., anything) after it found out about Cambridge Analytica having accessed the data.

So, some points to consider:

  1. Whose information was it?
  2. Whose (and how many) rules (EU, UK, US, other) apply to (i.e., govern) a data breach?
  3. Why didn’t FB do anything after learning of the problem?  Did it not have a process for handling a vendor that accessed data inappropriately?  Doesn’t Governance require you to have such a process?  Does Compliance entail requiring your vendors to follow a process, and penalizing them when they don’t?
  4. The fine here won’t go to the UK residents whose privacy was invaded.  Is this a fine or a tax?  It certainly isn’t damages.

 

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Privacy, Protect assets, Security, Third parties, Vendors

Weapons

“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1.  Tim Cook wants GDPR-style privacy protections in the US.  Claims “[o]ur own information … is being weaponized against us with military efficiency.”

He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.

How do we wrest control of our information back again?  Or is privacy dead?  And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?

Leave a comment

Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value

Leaker arrested

“Treasury Employee Is Accused of Leaks,” The Wall Street Journal, October 18, 2018 A4. Employee arrested for allegedly disclosing confidential banking information about Paul Manafort, among others, to a reporter at BuzzFeed.

Leaking your employer’s information is hazardous to your health and freedom.  But it’s good to know the government takes compliance seriously.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Duty, Duty of Care, Employees, Governance, Government, Internal controls, Oversight, Policy, Protect assets

Finding fakes

“On Hunt for Disinformation,” The Wall Street Journal, October 18, 2018 A3. Digital detective for the Vietnam Veterans of America tracks down fake Facebook pages used to scam veterans.

Is protecting your customers from fraud part of your offering?  Are you concerned about someone else using your logo?  Do you expect Facebook to care that much (hint: it doesn’t)?

Leave a comment

Filed under Accuracy, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, IT, Oversight, Protect assets, Security, Third parties

Hackers look to make money

That’s a catchy headline.

“Facebook Thinks Hack Was Set by Spammers,” The Wall Street Journal, October 18, 2018 B1. FB says recent breach of ~30 million accounts was by spammers wanting to make profits, and not by nation states with evil motives.  FB will likely never find who took the information.

This raises a whole host of issues about information ownership and the duty of companies who handle and store your data.   And IT security, or insecurity.  Which is your favorite?  I personally favor what this says about the culture at FB; with these issues, the FB communication to the market and its shareholders and its customers speaks volumes about how FB views the risks of its business.  So now a denial is Information, by definition.

Leave a comment

Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Technology, Third parties, Who is in charge?