A key element of either Compliance or Governance (or both) is penalizing violations. Otherwise, the rule is on paper only, and isn’t real.
“U.S. Steps Up Grid Defense,” The Wall Street Journal, August 6, 2018 A1. Government devising new penalties for foreign (and domestic) agents who hack into critical infrastructure.
Sounds good. But might we be better off with a few more ounces of prevention (education, technology controls, testing, etc.)? The “internal” controls. By the time you’re penalizing folks, you’ve been hacked.
Filed under Access, Compliance (General), Controls, Duty, Governance, Government, Interconnections, Internal controls, IT, Security, Technology, Third parties
How much is it worth to you to have access to the Internet on a plane trip? Apparently, less than they are charging for it.
“Airline Wi-Fi Isn’t Connecting to Profits,” The Wall Street Journal, July 26, 2018 B1. Is it because the service is too slow, or too expensive?
I adjusted years ago to the lack of quality Internet service while in the air. I actually like the peace.
But if an airline chose to compete by including this in the ticket price, would it drive traffic? How many people actually pay for this out of their own pockets, rather than charging it off to their employers? Do employers notice or care? What’s your policy?
Is this Governance or Information? Both?
“Goldman Employee Is Arrested,” The Wall Street Journal, June 1, 2018 B8. A banker now on leave from his job at Goldman Sachs charged with insider trading. He allegedly accessed information about upcoming mergers and acquisitions and then traded stocks.
‘The bank’s internal records show he accessed information about the deals when he placed his trades….”
Your company no doubt tracks who accesses what information on your computer systems, right? And connects the dots when you buy stock later?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Interconnections, Internal controls, IT, Oversight
What happens to your business if you or your customers can’t get to the Internet?
“Visa Hit by Outrage In Parts of Europe,” The Wall Street Journal, June 2, 2018 B12. Users of Visa cards in Europe couldn’t use their cards on Friday as the result of a hardware failure.
Are you prepared for a hardware failure that prevents your customers from reaching you? Is this an aspect of information governance? Business continuity planning? Both?
“New EU Rule Puts Scare Into Websites,” The Wall Street Journal, May 26, 2018 B4. US websites block access by people in the EU to avoid breach of new GPDR.
This raises several interesting questions.
- What’s the risk that your website collects or stores information in violation of the General Data Protection Regulation?
- Is it better to cut off service to people in the EU rather than to take the risk that you don’t comply with EU privacy legislation?
- Will this open up a new market for Google-like and Facebook-like European competitors?
- How will the users in the EU react?
- Just how hard is it to comply with the GDPR? You write a policy and take some internal steps to control your use of consumer information.
- Is this Y2K revisited?
- Is this Information, Governance, or Compliance? A combination of some all of those?
Filed under Access, Business Case, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Interconnections, Internal controls, IT, New Implications, Oversight, Privacy, Protect assets, Risk, Technology
If your business includes programming software to perform certain tasks, you no doubt have quality control processes. Are those processes “information governance”?
“Software Flaw Trips Fiat Chrysler,” The Wall Street Journal, May 26, 2018 B1. Short circuit could prevent you from disengaging the cruise control. Results in recall of 5.3 million vehicle.
Cost of effective quality control: unknown. Cost of a defect: priceless.
Are these people behind the design of driver-less cars?
“Tech Firms Update Privacy Protections,” The Wall Street Journal, May 8, 2018 B4. Firms adjust their privacy policies to comply with European restrictions, even where the European restrictions don’t apply.
The US tried, with some success, to export the joys of ediscovery in litigation; Europe has successfully imposed/influenced privacy restrictions beyond their borders.
Is this just standardization for the convenience of the firms, or for the protection of their customers? Does it matter?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Interconnections, IT, Oversight, Policy, Privacy, Protect assets, Supervision, Third parties