Category Archives: Protect assets

Remember Yahoo?

“Successor To Yahoo Is Fined in Data Hack,” The Wall Street Journal, April 25, 2018 B4. $35 million fine for failure to properly investigate a cyber breach affecting hundreds of millions (billions?) of Yahoo accounts.

Yahoo no longer exists, with surviving pieces owned by Verizon and Alibaba Group Holding.

How to file this?  Was there an obligation way back (in 2014) to notify people when the Russians had hacked their accounts?  What happens to your company if there is a breach of your customers’ security?  And you fail to mention it to anyone?  A fine?  Drawing and quartering?

 

Advertisements

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Duty, Governance, Oversight, Privacy, Protect assets, Security, To report

Early warning

“SunTrust Sees Risk of Breach,” The Wall Street Journal, April 21, 2018 B3.  A SunTrust employee may have stolen information (names, addresses, account balances, and phone numbers) on 1.5 million customers.

The bank became aware of a problem in February, but only recently became aware that the (now-former) employee was trying to share the information outside the bank.

Good for the bank to have systems that notice the unusual activity and for the bank to have given relatively early notice.

 

Leave a comment

Filed under Communications, Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Privacy, Protect assets, To report

Privacy is dead; suspect under arrest

I don’t know what the record is for consecutive days on which one company’s screw-up was on the front page of The Wall Street  Journal, but Facebook is in the running.

“U.S., States Step Up Pressure on Facebook,” The Wall Street Journal, March 27, 2018 A1.  “[F]ederal regulators [including the FTC] … and 37 state attorneys general demanding explanations for [Facebook’s privacy] practices.” Stock price up 0.4% (when the market was up 669.40 points).  Demands/invitations that Zuckerberg (and Google and Twitter) testify before Congress.  And Europe hasn’t weighted in yet.

There is also a pop-up that describes FB’s practice of logging some calls and texts from Android phones.  Did you (we) know that?  Do you know what companies are doing with “your” data?  Do you care?  Privacy is dead; Facebook investigated as person of interest.

I guess that answers the question of who’s in charge:  the Feds and the states.  I guess I missed the outrage when essentially the same data was collected and used quite effectively by the Obama campaign.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Legal, Oversight, Ownership, Privacy, Protect assets, Requirements, Third parties, Vendors, Who is in charge?

Contagion

When disaster hits one part of your industry, other members often get hit, too, especially when customers get upset.  And the media smells blood.

“Facebook and Google Confront Antagonism of Big Advertisers,” The Wall Street Journal, March 26, 2018 A1.  Major advertisers demand more detail and accountability around ads and cost following the revelations about the use/misuse of user data and the accuracy of the viewing statistics.

Is the business model of selling access to data that isn’t really yours finally breaking down?

In a related piece, Facebook took out a full-page ad on page B12 in The Wall Street Journal that says, in part, “We have a responsibility to protect your information.  If we can’t, we don’t deserve it.”  Interesting admission that it’s your information, not theirs.  Still noodling on how that works through the courts.

Where to file this?  What does non-compliance with your information policies cost you?

Leave a comment

Filed under Access, Accuracy, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Oversight, Ownership, Protect assets, Security, Third parties, Value, Vendors

Cutting the cord

“Delete Facebook, Or Take a Break: Step by Step,” The Wall Street Journal, March 24, 2018 A13.  Further fallout from the disclosure of user data.

I didn’t read anything into the fact that this story was on the Obituary page of The Wall Street Journal.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Governance, Internal controls, Oversight, Privacy, Protect assets, Third parties, Vendors

The long arm of the law

“U.S. Authorities Can Access Data Stored Overseas,” The Wall Street Journal, March 24, 2018 A6.  US warrants will soon reach can information stored by US tech companies on cloud servers overseas.

You now need to know what you have and where you have it; now you have to know who you store it with.  Saying that you have it in France and can’t turn it over to the FBI isn’t going to work here.  Much like telling the French court that you need to turn it over to the US, despite French blocking statutes that forbid that.

In the event of a conflict, who wins?  Is that how you know who is in charge?  Are you still going to use a cloud service hosted by a US company?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Interconnections, IT, Privacy, Protect assets

Leaks followed by leaks

Following the user reaction to reports of the disclosure and use of user data, FB is losing advertisers.  Has the Good Ship Facebook sprung a Titanic leak?

“Facebook Pledges Actions To Stem Advertiser Exits,” The Wall Street Journal, March 24, 2018 A1.  People apparently still prize whatever privacy they have left.

A least the story is below the fold.  But it is still on page 1.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Governance, Internal controls, Oversight, Ownership, Policy, Privacy, Protect assets, Third parties, Vendors