“Senator Releases DNA Test Results,” The Wall Street Journal, October 16, 2018 A4. Senator Elizabeth Warren released DNA results about her ancestry.
Facts are facts. And labels are labels, and not necessarily facts. How much of a certain DNA do you need to have to be a minority, entitled to affirmative action?
So, the blood results are information. But who has the power to decide who is and who is not a Native American? Are labels just short-hand opinions? And, as opinions tend to do, are either right or they’re wrong, with the actual facts determining the actual truth or falsity.
I hesitated to discuss the Kavanaugh hearings as an information governance teaching case, due to the raw political nerves. Another case presented itself.
“A Sexual-Assault Claim Spotlights National Dilemma,” The Wall Street Journal, October 15, 2018 A1. A state employee in New Jersey promptly reported an assault to the police, and even wrote to the governor and his wife. The alleged assailant also works for the state. The matter was investigated, but the state did not prosecute the alleged assailant.
How does the victim document and prove an assault? What evidence, beyond her word, is required to secure a conviction? Immediate outcry? DNA results? Video? Is the absence of information itself information?
How does the alleged assailant establish his or her innocence? How does the state investigate and how does it decide whether to prosecute? How does the judge or the jury decide, based on what evidence? What documents and policies govern the process? How do we protect the privacy of the complainant and the defendant until a verdict is rendered (and beyond)?
I know this may seem to have wandered rather far afield from the focus of this blog. But this involves serious questions around Information, and Compliance, and Governance. If we agree the system isn’t working, how do we propose to fix it? What controls can we put in place, beyond talking to our sons and daughters? How do we establish a process that protects the rights of everyone?
“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1. Data exposed between July 2017 and September 2018. But thankfully only affected 30 million users, not the 50 million users originally feared. It only took 2 days to stop it after it was discovered. A flaw in the computer code opened a door.
The decrease in the number of affected users was reported in a blog post.
Does this mean that a defective product was released into commerce? So who pays how much to whom?
Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology
“Turkey Says Journalist’s Killing Was Recorded,” The Wall Street Journal, October 12, 2018 A1. Turkey alleges audio and video demonstrate that Jamal Khashoggi was killed in the Saudi consulate in Istanbul.
Was this captured in part on his Apple Watch?
Do we lose sight of the places where information can be found? How would (or do) we control this in our organization? A visitor who wears a watch?
“HSBC to Pay $765 Million in U.S. Pact,” The Wall Street Journal, October 10, 2018 B12. Bank hid the risks of defective mortgages for at least 2 years. Sold mortgaged-back securities in the meantime.
“Wells Fargo … [paid] $2.09 billion to settle similar claims.” Four other banks also settled.
Why do we keep our money in banks? Weren’t they supposed to be safe? What does it say about the Boards of these companies? Did the directors screw up?
Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Protect assets, Supervision, To report
“Google Hid Data Breach for Months,” The Wall Street Journal, October 9, 2018 A1. Alphabet hid or failed to disclose the breach of “hundreds of thousands of users” for six months, to avoid “regulatory scrutiny and … reputational damage.” Data accessed between 2011 and 2018.
What did the delay in notification cost customers? Did Google care? Who at Google knew, and are they still employed? Why?
Don’t be evil.
Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, IT, Privacy, Security, To report
“Amazon Fires Worker for Leaking Data,” The Wall Street Journal, October 6, 2018 B1. Leaker of customer email addresses fired and may be prosecuted.
Is this a Man-Bites-Dog story, just considering the source? What did this cost the employee? What did it cost Amazon? What damage did it cause to the customers?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security