“Marriott Says Starwood Data Breach Affects Up to 500 Million People,” The Wall Street Journal, November 30, 2018 (online). Data breach potentially affecting passports and credit cards of as many as 500 million guests at Marriott’s Starwood properties, which were acquired in 2016. They knew about this in September, but reflects a breach that may go back to 2014.
So, two years after an acquisition, the target’s information security practices blow up in the acquiror’s face. What does that say about the acquiror’s duty to integrate the data practices and controls around information protection?
Does your M&A team think about information governance issues? Is that an identified risk, with an identified (and owned) action plan? Did the Board identify this as a risk? What the value of this information considered part of the transaction value? How was that reflected?
Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Risk Assessment, Risk assessment, Security, Value
If you are looking to invest, it would be nice to know if the broker who has been recommended to you has a history of complaints by his/her customers or employers. If you are the prospective broker, it would be good to be able to present a clean record, even if your record isn’t clean.
“Brokers Purge Their Records,” The Wall Street Journal, November 19, 2018 B1. Brokers can request that complaints be expunged from the records of the industry-funded regulator. So, were you to ask you would be told there’s no record.
So, what is a clean record worth, when a dirty record can be so easily laundered? I guess there may be multiple definitions of “record,” one of which is documentation of a business activity or decision, and the other of which is a conviction.
On the internet, no one knows you’re a dog.
“Beware the ‘Free’ Internet,” The Wall Street Journal, November 15, 2018 A2. How much money do Facebook, Twitter, and Google get from allowing others to access you based on your data?
The article makes an interesting comparison to Wikipedia, where a large amount of information is made available for free, without advertising. That’s truly free. As opposed to social media.
How much is your data worth? To you? To Google? Do you agree with the implicit bargain, whereby you give use of your information in return for cat videos and an endless stream of ads?
A Tesla employee is indicted for creating fake documents to cover up a fake-payment scheme. “Former Tesla Employee Is Indicted,” The Wall Street Journal, November 12, 2018 B5.
Companies have a lot of controls to prevent fraud by employees, and often these controls work. Why are there more such controls to prevent financial fraud than to prevent violations of other company procedures, such as those related to document creation, retention, and storage?
One wonders whether, in the aggregate, companies lose more money through poor document management and control than they lose through financial fraud. How would one conduct such a study?
Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Protect assets, Records Management, Security, Third parties, Value, Vendors
“When ‘Free Trading’ Isn’t Really Free,” The Wall Street Journal, November 10, 2018 B5. You can avoid commissions when trading stock by using an app. But if the price you pay or get paid for the stock is more or less, is the trade really free? It depends on how much price improvement is involved.
Interesting study of how the benefits and cost savings on high frequency trading are divided among the various parties. And who knows what.
Isn’t this type of “information imbalance” inherent in every transaction? Do we know how much a tomato or an iPad costs the store that sells it? Or whether the salesperson gets a commission? How do we manage that imbalance? Or do we just accept it, whatever it means?
“Wall Street Analysts Are Selling More Data,” The Wall Street Journal, November 8, 2018 B11. Analysts are searching and make available a bunch of information on your information, including “social media sentiment … and geospatial mapping.” Think of it as expanded research reports.
Well, they are in the business of reviewing data and offering opinions (for a price). Is it much of a disintermediation for them to start selling the information directly? I guess there’s money in it. Or service.
Filed under Access, Analytics, Collect, Controls, Corporation, Duty, Information, IT, Management, Operations, Ownership, Security, Third parties, Use, Use, Value
How do you protect information in the event of an Event? Is this part of your business continuity plan? You do have a business continuity plan, right? Do you have a process to safeguard information you will need to resume operation?
“Second Black Box Eludes Search Teams,” The Wall Street Journal, November 3, 2018 A6. Divers are still searching for the cockpit voice recorder following the crash of Lion Air flight 610 in Indonesia.
Planes carry two “black boxes,” one a flight data recorder (which captures a lot of equipment operating data) and the other a cockpit voice recorder (which captures conversation in the cockpit). The information on these two boxes (which are actually neon orange) is used to determine the cause of a crash.
What information does your company generate that you would need to run your business following an “Event,” such as a computer crash or a hurricane, or whatever? Is that part of your normal operating policies and procedures? If you can’t get to that information, can you restart or run your business?
Is this an Information point (protecting information) , or a Governance point (having processes and procedures to protect mission-critical information), or a Compliance with policies and procedures?
Filed under Access, Business Case, Collection, Controls, Corporation, Duty, Governance, Information, Internal controls, Oversight, Protect, Protect assets, Risk, Use, Value