Category Archives: Privacy

Barclays culture, continued

“Compliance Officer To Leave Barclays,” The Wall Street Journal, September 16, 2017 B1. The compliance officer at Barclays responsible for the whistleblower program settled “an employment dispute” with Barclays right before a hearing in London.  The CEO had earlier tried to learn the identity of the employee who complained about his hiring of a buddy.  The UK regulatory authority is still investigating that matter.

But the CEO remains in place.  Go figure.  I guess the Board’s sense of ethics is flexible.

I wonder what the employment dispute was about?

Advertisements

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight, Policy, Privacy, Supervision, Third parties

Equifax, Chapter 3

“Two Equifax Officials Exit,” The Wall Street Journal, September 16, 2017 B1.  In the biggest surprise since the sun set last night, the CIO and the chief security officer at Equifax have retired. A week after the hack of 143 millions account records.

What about the members of the Board of Directors, who knew of the risk of a cybersecurity breach and didn’t take sufficient steps to prevent it?  The shareholders – who didn’t have the power to makes sure Equifax’s network was secure – will certainly pay.  But what about the directors?  And the other officers, starting with the CEO.

By the way, what are their names, Social Security numbers, dates of birth, and driver’s license numbers?  Inquiring minds want to know.

Leave a comment

Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Security, Value

Controls at the border

We all know that when we enter the US, the computers and phones we carry are subject to search without a warrant.  Don’t we?

“Lawsuit Targets Phone Seizures,” The Wall Street Journal, September 14, 2017 A5.  Customs screenings at border aren’t subject to same controls as when you are already here.  [NB:  Same rules apply when going into another country.  They can demand your password to make sure you don’t have porn on your phone.  Or whatever.]

Does this shock you?  Is this a control over your information or a limit on your autonomy?

Leave a comment

Filed under Access, Controls, Governance, Oversight, Privacy, Security, Third parties

Close that barn door!

“Banks Weigh Shift From Equifax,” The Wall Street Journal, September 13, 2017 B14.  Hack of 143 million accounts causes banks to turn to Equifax’s competitors.

Talk about closing the barn door after 143 million horses have bolted!  What are the banks doing to prevent the fraudulent use of the information obtained through the hack in their decisions to issue or deny credit?  Merely moving to a different credit bureau doesn’t begin to address the flaw in the banking system’s reliance on your Social Security Number and date of birth to uniquely identify you.

Not that I’m calling for a National ID card.  Maybe we should all have a microchip, like our pets.  Don’t we need a new solution, suitable for the digital age?

See related note at “Hack of All Hacks,” September 12, 2017.

Leave a comment

Filed under Access, Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Operations, Oversight, Privacy, Protect assets, Third parties, Use, Value

The Hack of All Hacks

The Yahoo hack may have affected 1.5 billion customers.  But in terms of targeted hacks, OPM was pretty big.  There’s a new contender for the Hack of Hacks.

“Equifax Reveals Huge Breach,” The Wall Street Journal, September 8, 2017 A1.  The records (name, address, Social Security number, birth date, etc.) of 143 million US consumers at the credit reporting company have been hacked. That’s roughly half the US.  And they sat on it for awhile (since they discovered in on July 29).

Will this fundamentally change the landscape?  Will we see EU-level privacy controls in the US?  Will the directors of Equifax face personal liability for not ensuring the information was protected?  How can you protect your Social Security Number five years from now?  How will credit decisions be made in the future?

 

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Risk Assessment, Security, Supervision, Value, Vendors

Breach (the adventure continues)

“Data Breach Affects Time Warner Cable Subscribers,” The Wall Street Journal, September 2, 2017 B3.  A company vendor left over 4 million records on a cloud-based server.  Thankfully, BroadSoft reported “that none of the unsecured information was ‘highly sensitive.'”  At least not “highly sensitive” to them.

Vendors causing a breach, again.  Customer data exposed, again.  Are there lessons here?

Leave a comment

Filed under Access, Board, Controls, Corporation, Duty, Governance, Interconnections, IT, Privacy, Protect assets, Protect information assets, Security, Third parties, Vendors

Investigating riots

“Judge Grants Access To Protesters’ Data,” The Wall Street Journal, August 25, 2017 A3 (when I evacuated Houston).  Prosecutors get some access to data on who used a certain website to plan protests on Inauguration Day, which protests led to riots and vandalism.

Freedom of speech is a big control on information governance.  But as Justice Holmes said, you can’t falsely shout “Fire” in a crowded theater with impunity. (The word “falsely” is often dropped.)  So some access seems okay, does it not?

The other side of information security.

 

Leave a comment

Filed under Access, Communications, Controls, Duty, Governance, Government, IT, Privacy, Security, Third parties