Apparently, keeping the identities of confidential informants secret poses some challenges. Are there information governance lessons to be learned?
“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years. One source of information: online court records that provide clues as to who cooperated with the prosecutors. Some inmates may be posting their sentencing files to establish their bona fides.
Hard to classify this in this blog. Does this pertain to
- the value of accurate and complete information
- the risk in making information widely available
- the government’s duty to protect informants
- the government’s duty to have a transparent criminal justice system
- a defendant’s right to confront his/her accusers
- the need for security and the difficulty in providing it
- the proactive value of disclosure
- the fact that information can be misused
- the difficulty in creating effective controls
Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value
“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4. In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA. Certainly cuts down on their foreign travel.
If they can’t keep their own secrets secret, what’s a body to do? Will this shut them down?
How well does your company keep its secrets? How important is it to your employees?
I was otherwise engaged last week and missed posting. Here are some catch-ups.
- Comey – reportedly, former FBI Director wrote memos to the file on his conversations with the President. Two points: just because you write something, doesn’t mean it’s true – that’s why you have hearsay rules and cross-examination. Doesn’t mean it’s not true, either. Also, interesting question in the area of obstruction of justice: if what was written was not 100% accurate, are there implications for the former Director under 18 USC §1519? “Trump Asked Comey to Drop Probe,” The Wall Street Journal, May 17, 2017 A1.
- “Tests Show More American Workers Using Drugs,” The Wall Street Journal, May 17, 2017 B1. Does your company have a drug policy that your employees are violating?
- “Putin Says Trump Divulged No Secrets,” The Wall Street Journal, May 18, 2017 A6.
- “Cover-Up Alleged In Probe Of Attack,” The Wall Street Journal, May 18, 2017 A7. Criminal complaint by Berlin filed against police investigators, alleging documents were altered.
- VW (the adventure continues) – The VW CEO and a few others (including Board members) are being investigated over whether they intentionally withheld information about the diesel emission testing scandal from investors. “Inquiry Targets Volkswagen CEO,” The Wall Street Journal, May 18, 2017 B1.
- “Uber Threatens to Ax Executive,” The Wall Street Journal, May 20, 2017 B3. Company threatens to fire executive (hired from Alphabet) if he doesn’t turn over documents. No Fifth Amendment protections against getting fired?
Filed under Accuracy, Board, Communications, Compliance, Compliance, Content, Controls, Corporation, Directors, Discovery, Duty, Employees, Governance, Government, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, Protect assets, Protect information assets
Life imitates art. There’s a dark side to the Internet of Things. In a story that resembles “Person of Interest,” a TV show, hackers are accessing security cameras belonging to others. “Hackers Hijack Video Cameras,” The Wall Street Journal, September 30, 2016 B1.
Over a million video cameras and DVRs were compromised in an attack that slammed a French web hosting provider and the website of Brian Krebs, a US security guy who posted a lot following the Target credit card breach a few years ago. Hacks were possible largely due to the poor initial security, poor passwords, and the failure to update the operating software.
Do businesses appreciate the risks of devices connected to the internet? Consumers certainly don’t. All that convenience comes with hidden costs.
On Friday, the post was about using numbers to rank employees. And what numbers rank employees more than salaries + benefits?
“Why Being Transparent About Pay Is Good for Business,” The Wall Street Journal, May 31, 2016 R2. Research shows that maintaining secrecy on employee salaries reduces employee performance.
Who owns the salary information? What right does the employee have to prevent his or her employer from posting that information on the web? Would you be embarrassed to have your salary data posted on the door to your office or the wall of your cubicle? Why? Does management’s use of publication of salaries to manage people’s expectations and performance violate some unwritten rule?
Filed under Access, Accuracy, Controls, Data quality, Duty, HR, Information, Internal controls, Management, Ownership, Privacy, Use, Value
Is your broker a bad egg? Does he or she work in a company with a collection of bad eggs? Would you hesitate to use a brokerage with a higher-than-usual percentage of bad eggs?
“Brokerages With Checkered Past to Face New Disclosure Focus, Finra CEO Says,” The Wall Street Journal, May 7, 2016 B7. Finra’s BrokerCheck app is useful. The underlying data may be made available to the public.
What if a similar database were compiled on corporations? How many of your employees have a checkered past? If you know, do your other employees have a right to know? Are your customers entitled to this information?
Not sure whether to fill this under “use of information” or “compliance.” Or “governance” or “oversight.”
Europe and the US have long been in conflict over information: the US has its broad discovery rules and Europe has its broad privacy protections. This week, the conflict assumed a different shape.
“In Europe’s Terror Fight, Police Push to Access American Tech Firms’ Data,” The Wall Street Journal, May 2, 2016 A1. Belgian officials wanted to access user data for an account at an as-yet-unnamed US company’s social media site in connection with a threatened terrorist attack, and didn’t want to wait to follow the US legal requirements. Enter the US DOJ, who helped persuade the US company to provide the data.
Query: Was it legal for the US company to provide this information without the required process?
Where does this fit? Is the “culture of compliance” flexible enough to allow reality to override law? Does Europe want us to recognize their laws and ignore ours? Is privacy paramount, or is it subject to “higher issues”?
Filed under Access, Business Case, Compliance, Controls, Culture, Governance, IT, Legal, Privacy, Requirements, Risk, Security, Third parties