Category Archives: Privacy

Catching up

I was working on another project, and could not do my postings as timely as I would like.  But here’s a bunch of news items I wanted to write about:

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Lawyers, Oversight, Ownership, Privacy, Third parties, Uncategorized

The grip on your information

“Apple Eases Its Grip in Chinese Data,” The Wall Street Journal, July 13, 2017 B3.  “To comply with tough new cybersecurity rules, Apple will begin storing all cloud data for its Chinese customers with a government owned company [in China] ….”  Apple “will retain control over encryption keys.”  That makes me much more comfortable.

It might appear that China is exerting its grip on the data stored by Chinese customers on iCloud.  But whose data is it, anyway?  And what if other countries take similar steps with their citizens’ data?  Any opportunity for mischief?

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

Snitches get stitches

Apparently, keeping the identities of confidential informants secret poses some challenges.  Are there information governance lessons to be learned?

“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years.  One source of information: online court records that provide clues as to who cooperated with the prosecutors.  Some inmates may be posting their sentencing files to establish their bona fides.

Hard to classify this in this blog.  Does this pertain to

  • the value of accurate and complete information
  • the risk in making information widely available
  • the government’s duty to protect informants
  • the government’s duty to have a transparent criminal justice system
  • a defendant’s right to confront his/her accusers
  • the need for security and the difficulty in providing it
  • the proactive value of disclosure
  • the fact that information can be misused
  • the difficulty in creating effective controls
  • other?

 

Leave a comment

Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value

Hacking hackers

“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4.  In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA.  Certainly cuts down on their foreign travel.

If they can’t keep their own secrets secret, what’s a body to do?  Will this shut them down?

How well does your company keep its secrets?  How important is it to your employees?

Leave a comment

Filed under Access, Business Continuity, Controls, Duty, Government, IT, Privacy, Security, Third parties

Digging out

I was otherwise engaged last week and missed posting.  Here are some catch-ups.

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Content, Controls, Corporation, Directors, Discovery, Duty, Employees, Governance, Government, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, Protect assets, Protect information assets

Person of Interest

Life imitates art.  There’s a dark side to the Internet of Things.  In a story that resembles “Person of Interest,” a TV show, hackers are accessing security cameras belonging to others.  “Hackers Hijack Video Cameras,” The Wall Street Journal, September 30, 2016 B1.

Over a million video cameras and DVRs were compromised in an attack that slammed a French web hosting provider and the website of Brian Krebs, a US security guy who posted a lot following the Target credit card breach a few years ago. Hacks were possible largely due to the poor initial security, poor passwords, and the failure to update the operating software.

Do businesses appreciate the risks of devices connected to the internet?  Consumers certainly don’t.  All that convenience comes with hidden costs.

Leave a comment

Filed under Access, Business Case, Controls, Interconnections, Internal controls, IT, New Implications, Privacy, Risk, Security

What does everyone earn?

On Friday, the post was about using numbers to rank employees.  And what numbers rank employees more than salaries + benefits?

“Why Being Transparent About Pay Is Good for Business,” The Wall Street Journal, May 31, 2016 R2.  Research shows that maintaining secrecy on employee salaries reduces employee performance.

Who owns the salary information?  What right does the employee have to prevent his or her employer from posting that information on the web?  Would you be embarrassed to have your salary data posted on the door to your office or the wall of your cubicle?  Why?  Does management’s use of publication of salaries to manage people’s expectations and performance violate some unwritten rule?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Duty, HR, Information, Internal controls, Management, Ownership, Privacy, Use, Value