In the prior post, I expressed some shock and amazement that Amazon would meddle with the patient-doctor relationship. See www.infogovnuggets.com/2018/12/03/these-folks-have-lost-the-plot/.
Apparently I am not alone in raising some questions about the antitrust implications of some of Amazon’s behavior. “Germany Opens Amazon Antitrust Probe, Adding to European Scrutiny,” The Wall Street Journal, November 30, 2018 (online). Is Amazon hindering other sellers on their website?
This is primarily a Compliance issue. I note, however, that the types of behavior at issue here are basic antitrust blocking and tackling. If you get to a certain size, you can no longer get away with behavior that would be acceptable by a smaller player. Sometimes this isn’t part of the Compliance education package.
“U.S. Charges Agents Of China Hacked Aviation Firms,” The Wall Street Journal, November 1, 2018 B4. Agents of the Chinese government indicted for trying to steal airline industry technology.
This is getting to be rather routine. One part of this is the value of Information, and the importance of information security. One part of this is Compliance, of course, as the US government is trying to protect the US information assets (although the company at issue probably had some responsibility for this as well, as well as their board of directors). And, of course, Governance, as the US government is prosecuting.
We all know the business case for cyber-security.
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties
“U.K. Plans to Introduce Digital Tax on Tech Firms,” The Wall Street Journal, October 30, 2018 A9. Rather than further regulating firms like Google and Facebook, the UK now tried to tax their locally generate revenue.
The lack of a universal taxing methodology may cause the big players some headaches. Compare the patchwork of privacy obligations if you operate in different countries (or states).
Look at this from two different views. First, how does a large multi-national comply with all the different laws around the world? Second, how does your company deal with the overlapping laws and your own corporate policies and procedures, which may apply differently to different parts of your company?
While one-size-fits-all makes sense at one level (if you’re on top of the Governance pyramid), does this process require a bit more granular differentiation (if you are on the bottom)?
“SEC Keeps Study On Speed-Bump Trading Under Wraps,” The Wall Street Journal, October 25, 2018 B11. SEC has done a study of controls that slow down high-frequency traders, but hasn’t released that publicly.
The SEC is in charge of protecting the stock trading system. As such, it watches over how quickly information moves within that ecosystem, and whether access is available to all at the same time. But the SEC refuses to release the unredacted text of a study that it did on the impact on “controls” that limit the ability of high-speed traders to take unfair advantage of their access to information.
Curious as to why (and what) the government doesn’t want us to know. Who oversees the government? (Hint: a free press is one of them).
Filed under Access, Accuracy, Controls, Data quality, Duty, Governance, Government, Information, Interconnections, IT, Oversight, Technology, Third parties, To report, Value
That’s a catchy headline.
“Facebook Thinks Hack Was Set by Spammers,” The Wall Street Journal, October 18, 2018 B1. FB says recent breach of ~30 million accounts was by spammers wanting to make profits, and not by nation states with evil motives. FB will likely never find who took the information.
This raises a whole host of issues about information ownership and the duty of companies who handle and store your data. And IT security, or insecurity. Which is your favorite? I personally favor what this says about the culture at FB; with these issues, the FB communication to the market and its shareholders and its customers speaks volumes about how FB views the risks of its business. So now a denial is Information, by definition.
Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Technology, Third parties, Who is in charge?
“Smart Devices Draw New Defenses,” The Wall Street Journal, October 18, 2018 B1. Companies move to add security to the Internet of Things things, like interconnected devices inside your home (e.g., cameras, routers, refrigerators, and tvs).
Do we really know how insecure the appliances you have in your house? Do we really care? I posted earlier today about Apple in China building and selling phones that have the option, but not the requirement to have two-factor authentication. Is the user the weakest link?
“Turkey Says Journalist’s Killing Was Recorded,” The Wall Street Journal, October 12, 2018 A1. Turkey alleges audio and video demonstrate that Jamal Khashoggi was killed in the Saudi consulate in Istanbul.
Was this captured in part on his Apple Watch?
Do we lose sight of the places where information can be found? How would (or do) we control this in our organization? A visitor who wears a watch?
A key element of either Compliance or Governance (or both) is penalizing violations. Otherwise, the rule is on paper only, and isn’t real.
“U.S. Steps Up Grid Defense,” The Wall Street Journal, August 6, 2018 A1. Government devising new penalties for foreign (and domestic) agents who hack into critical infrastructure.
Sounds good. But might we be better off with a few more ounces of prevention (education, technology controls, testing, etc.)? The “internal” controls. By the time you’re penalizing folks, you’ve been hacked.
Filed under Access, Compliance (General), Controls, Duty, Governance, Government, Interconnections, Internal controls, IT, Security, Technology, Third parties
How much is it worth to you to have access to the Internet on a plane trip? Apparently, less than they are charging for it.
“Airline Wi-Fi Isn’t Connecting to Profits,” The Wall Street Journal, July 26, 2018 B1. Is it because the service is too slow, or too expensive?
I adjusted years ago to the lack of quality Internet service while in the air. I actually like the peace.
But if an airline chose to compete by including this in the ticket price, would it drive traffic? How many people actually pay for this out of their own pockets, rather than charging it off to their employers? Do employers notice or care? What’s your policy?
Is this Governance or Information? Both?
“Goldman Employee Is Arrested,” The Wall Street Journal, June 1, 2018 B8. A banker now on leave from his job at Goldman Sachs charged with insider trading. He allegedly accessed information about upcoming mergers and acquisitions and then traded stocks.
‘The bank’s internal records show he accessed information about the deals when he placed his trades….”
Your company no doubt tracks who accesses what information on your computer systems, right? And connects the dots when you buy stock later?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Interconnections, Internal controls, IT, Oversight