Category Archives: Ownership

Uber settles

“Uber Settles Trade-Secrets Case,” The Wall Street Journal, February 10, 2018 B1.  Uber pays more than $240 million to settle case, and agrees not to use certain technology on self-driving cars, allegedly belonging to Waymo.  The agreement not to use was worth perhaps $250 million.

How does your company make sure it isn’t using a third party’s intellectual property without permission?  Is this an important part of your compliance program?  How does your company manage its acquisitions of new companies, some of whom (or their employees) may not have been as diligent in avoiding trade secret theft?

How can you prevent people from bringing information that you do not want into your company?  What are your processes?


Leave a comment

Filed under Board, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Ownership, Ownership, Policy, Protect assets, Protect information assets, Supervision, Third parties, Value, Vendors

Leaking government documents

One would think that professionals hold themselves to a higher standard, and would not conspire to take advantage of leaks of information from someone who shouldn’t be leaking it.

Au contraire, mes amis.

“Former KPMG Executives Charged,” The Wall Street Journal, January 23, 2018 B1.  KPMG execs arranged to get a heads up on which KPMG audits were going to be reviewed by the PCAOB.  After things went south and the investigation started, people started deleting emails and texts.  Same song, different verse.

So, working with a federal government agency to get confidential government information.  Consequence: criminal indictments of KPMG partners and civil suits.  They were also fired.  KPMG cooperated “fully” in the investigation.  The leakers at the government were angling for jobs at KPMG.


  1. Auditors commit crimes, too
  2. Confidential government information belongs to the government
  3. Conspiring with government employees to get that information is a crime
  4. Your employer has a lot of incentives to cut you loose if you’ve committed a crime in the course of your business
  5. It’s hard to get a job as an auditor after a criminal conviction
  6. Deleting emails and texts after an investigation started is Bad.  See also 18 USC §1519
  7. If partners in your firm are doing this, what else is going on?
  8. No one at the government has been charged

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Ownership, Third parties

Who owns your email?

“Lawyer Presses Mueller on Emails,” The Wall Street Journal, December 18, 2017 A4.  Questions arise after a government agency (later identified as the GSA) turns over Presidential transition team emails to Mr. Mueller.

Who owns the emails of non-governmental employees who use storage provided by a government agency?  And must the Special Counsel file a subpoena before getting information from a third party?

Where is your company’s email stored? Who owns it?

If there’s anything in those emails, are they “fruit of the poisonous tree” as the Special Counsel did not get a warrant?

Leave a comment

Filed under Access, Controls, Corporation, Duty, Employees, Government, Information, Internal controls, Lawyers, Ownership, Third parties

Collecting personal information

Those of us familiar with the EU are familiar with government agencies placing and enforcing restrictions on the collection of personal information, to protect the privacy rights of its citizens.

“CFPB Curbs Data Collection,” The Wall Street Journal, December 5, 2017 B5. The Consumer Financial Protection Bureau stops collecting personal information (including data on credit cards and mortgages) until adequate cybersecurity protections are in place.

Delicate balance between protecting privacy and protecting your credit?  Or the recognition by the government of their duty to protect our information?

Leave a comment

Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, IT, Ownership, Privacy, Protect assets, Security

Unsocial media

“Police See Social Media Fuel Crime,” The Wall Street Journal, November 25, 2017 A3.  Immediate access to information “played a major role in escalating disputes….”

One assumes that this is true whether the information spread on social media is or isn’t true.  Is a lie halfway around the world before the truth gets its shoes on?

What are the social implications of so much (unfiltered and unverified) information being made available to so many so fast?  Who has a duty to verify or filter it?  How do you control this within the confines of your business?  Do you have a duty to?  Is the control only common sense?

Leave a comment

Filed under Access, Accuracy, Controls, Corporation, Duty, Employees, Information, Ownership

Nice to know

“Facebook to Tell Users If They Followed or Liked Russian Pages,” The Wall Street Journal, November 24, 2017 B3.  Facebook will tell users if they accessed the 290 Facebook and Instagram pages that the Russians allegedly used in the misinformation campaign.

Who owns the information about what sites you visited?  Apparently, Facebook.  Does Facebook have a duty to let you know that you accessed “bad” sites?  Does doing so make it more or less likely that you will (a) use Facebook or (b) believe what you see on Facebook?

Leave a comment

Filed under Access, Accuracy, Corporation, Duty, Information, Ownership

Hacking denial

Keeping a hack of your enterprise secret should be difficult.  Some find it easy.

“Uber CEO Knew of Hack for Months,” The Wall Street Journal, November 24, 2017 A1.  Uber was hacked in October 2016 (they say), affecting 57 million accounts.  Less than Yahoo’s 3 billion, and Equifax’s 145 million.  The CEO learned of the breach in September 2017, shortly before taking the top job.  Uber also paid the hackers $100,000 to destroy some of the stolen data.

Would they have disclosed it at all if they weren’t seeking outside financing?

What’s your obligation to disclose to your customers that their information may have been stolen from you?

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Legal, Oversight, Ownership, Requirements, Security, To report