Those of us familiar with the EU are familiar with government agencies placing and enforcing restrictions on the collection of personal information, to protect the privacy rights of its citizens.
“CFPB Curbs Data Collection,” The Wall Street Journal, December 5, 2017 B5. The Consumer Financial Protection Bureau stops collecting personal information (including data on credit cards and mortgages) until adequate cybersecurity protections are in place.
Delicate balance between protecting privacy and protecting your credit? Or the recognition by the government of their duty to protect our information?
Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, IT, Ownership, Privacy, Protect assets, Security
“Compliance Officer To Leave Barclays,” The Wall Street Journal, September 16, 2017 B1. The compliance officer at Barclays responsible for the whistleblower program settled “an employment dispute” with Barclays right before a hearing in London. The CEO had earlier tried to learn the identity of the employee who complained about his hiring of a buddy. The UK regulatory authority is still investigating that matter.
But the CEO remains in place. Go figure. I guess the Board’s sense of ethics is flexible.
I wonder what the employment dispute was about?
Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight, Policy, Privacy, Supervision, Third parties
“Two Equifax Officials Exit,” The Wall Street Journal, September 16, 2017 B1. In the biggest surprise since the sun set last night, the CIO and the chief security officer at Equifax have retired. A week after the hack of 143 millions account records.
What about the members of the Board of Directors, who knew of the risk of a cybersecurity breach and didn’t take sufficient steps to prevent it? The shareholders – who didn’t have the power to makes sure Equifax’s network was secure – will certainly pay. But what about the directors? And the other officers, starting with the CEO.
By the way, what are their names, Social Security numbers, dates of birth, and driver’s license numbers? Inquiring minds want to know.
Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Security, Value
We all know that when we enter the US, the computers and phones we carry are subject to search without a warrant. Don’t we?
“Lawsuit Targets Phone Seizures,” The Wall Street Journal, September 14, 2017 A5. Customs screenings at border aren’t subject to same controls as when you are already here. [NB: Same rules apply when going into another country. They can demand your password to make sure you don’t have porn on your phone. Or whatever.]
Does this shock you? Is this a control over your information or a limit on your autonomy?
“Banks Weigh Shift From Equifax,” The Wall Street Journal, September 13, 2017 B14. Hack of 143 million accounts causes banks to turn to Equifax’s competitors.
Talk about closing the barn door after 143 million horses have bolted! What are the banks doing to prevent the fraudulent use of the information obtained through the hack in their decisions to issue or deny credit? Merely moving to a different credit bureau doesn’t begin to address the flaw in the banking system’s reliance on your Social Security Number and date of birth to uniquely identify you.
Not that I’m calling for a National ID card. Maybe we should all have a microchip, like our pets. Don’t we need a new solution, suitable for the digital age?
See related note at “Hack of All Hacks,” September 12, 2017.
Filed under Access, Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Operations, Oversight, Privacy, Protect assets, Third parties, Use, Value
The Yahoo hack may have affected 1.5 billion customers. But in terms of targeted hacks, OPM was pretty big. There’s a new contender for the Hack of Hacks.
“Equifax Reveals Huge Breach,” The Wall Street Journal, September 8, 2017 A1. The records (name, address, Social Security number, birth date, etc.) of 143 million US consumers at the credit reporting company have been hacked. That’s roughly half the US. And they sat on it for awhile (since they discovered in on July 29).
Will this fundamentally change the landscape? Will we see EU-level privacy controls in the US? Will the directors of Equifax face personal liability for not ensuring the information was protected? How can you protect your Social Security Number five years from now? How will credit decisions be made in the future?
Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Risk Assessment, Security, Supervision, Value, Vendors
“Data Breach Affects Time Warner Cable Subscribers,” The Wall Street Journal, September 2, 2017 B3. A company vendor left over 4 million records on a cloud-based server. Thankfully, BroadSoft reported “that none of the unsecured information was ‘highly sensitive.'” At least not “highly sensitive” to them.
Vendors causing a breach, again. Customer data exposed, again. Are there lessons here?
Filed under Access, Board, Controls, Corporation, Duty, Governance, Interconnections, IT, Privacy, Protect assets, Protect information assets, Security, Third parties, Vendors