Category Archives: Privacy

Snitches get stitches

Apparently, keeping the identities of confidential informants secret poses some challenges.  Are there information governance lessons to be learned?

“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years.  One source of information: online court records that provide clues as to who cooperated with the prosecutors.  Some inmates may be posting their sentencing files to establish their bona fides.

Hard to classify this in this blog.  Does this pertain to

  • the value of accurate and complete information
  • the risk in making information widely available
  • the government’s duty to protect informants
  • the government’s duty to have a transparent criminal justice system
  • a defendant’s right to confront his/her accusers
  • the need for security and the difficulty in providing it
  • the proactive value of disclosure
  • the fact that information can be misused
  • the difficulty in creating effective controls
  • other?


Leave a comment

Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value

Hacking hackers

“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4.  In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA.  Certainly cuts down on their foreign travel.

If they can’t keep their own secrets secret, what’s a body to do?  Will this shut them down?

How well does your company keep its secrets?  How important is it to your employees?

Leave a comment

Filed under Access, Business Continuity, Controls, Duty, Government, IT, Privacy, Security, Third parties

Digging out

I was otherwise engaged last week and missed posting.  Here are some catch-ups.

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Content, Controls, Corporation, Directors, Discovery, Duty, Employees, Governance, Government, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, Protect assets, Protect information assets

Person of Interest

Life imitates art.  There’s a dark side to the Internet of Things.  In a story that resembles “Person of Interest,” a TV show, hackers are accessing security cameras belonging to others.  “Hackers Hijack Video Cameras,” The Wall Street Journal, September 30, 2016 B1.

Over a million video cameras and DVRs were compromised in an attack that slammed a French web hosting provider and the website of Brian Krebs, a US security guy who posted a lot following the Target credit card breach a few years ago. Hacks were possible largely due to the poor initial security, poor passwords, and the failure to update the operating software.

Do businesses appreciate the risks of devices connected to the internet?  Consumers certainly don’t.  All that convenience comes with hidden costs.

Leave a comment

Filed under Access, Business Case, Controls, Interconnections, Internal controls, IT, New Implications, Privacy, Risk, Security

What does everyone earn?

On Friday, the post was about using numbers to rank employees.  And what numbers rank employees more than salaries + benefits?

“Why Being Transparent About Pay Is Good for Business,” The Wall Street Journal, May 31, 2016 R2.  Research shows that maintaining secrecy on employee salaries reduces employee performance.

Who owns the salary information?  What right does the employee have to prevent his or her employer from posting that information on the web?  Would you be embarrassed to have your salary data posted on the door to your office or the wall of your cubicle?  Why?  Does management’s use of publication of salaries to manage people’s expectations and performance violate some unwritten rule?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Duty, HR, Information, Internal controls, Management, Ownership, Privacy, Use, Value

How many bad apples in that barrel?

Is your broker a bad egg?  Does he or she work in a company with a collection of bad eggs?  Would you hesitate to use a brokerage with a higher-than-usual percentage of bad eggs?

“Brokerages With Checkered Past to Face New Disclosure Focus, Finra CEO Says,” The Wall Street Journal, May 7, 2016 B7.  Finra’s BrokerCheck app is useful.  The underlying data may be made available to the public.

What if a similar database were compiled on corporations?  How many of your employees have a checkered past?  If you know, do your other employees have a right to know?  Are your customers entitled to this information?

Not sure whether to fill this under “use of information” or “compliance.” Or “governance” or “oversight.”

Leave a comment

Filed under Business Case, Collect, Communications, Controls, Governance, Management, Oversight, Privacy, Risk, Third parties

Government need v. User rights v. Law

Europe and the US have long been in conflict over information: the US has its broad discovery rules and Europe has its broad privacy protections.  This week, the conflict assumed a different shape.

“In Europe’s Terror Fight, Police Push to Access American Tech Firms’ Data,” The Wall Street Journal, May 2, 2016 A1. Belgian officials wanted to access user data for an account at an as-yet-unnamed US company’s social media site in connection with a threatened terrorist attack, and didn’t want to wait to follow the US legal requirements.  Enter the US DOJ, who helped persuade the US company to provide the data.

Query:  Was it legal for the US company to provide this information without the required process?

Where does this fit? Is the “culture of compliance” flexible enough to allow reality to override law?  Does Europe want us to recognize their laws and ignore ours? Is privacy paramount, or is it subject to “higher issues”?

Leave a comment

Filed under Access, Business Case, Compliance, Controls, Culture, Governance, IT, Legal, Privacy, Requirements, Risk, Security, Third parties