Category Archives: Legal

December 3, 2018 · 7:38 am

It’s a theme

In the prior post, I expressed some shock and amazement that Amazon would meddle with the patient-doctor relationship.  See www.infogovnuggets.com/2018/12/03/these-folks-have-lost-the-plot/.

Apparently I am not alone in raising some questions about the antitrust implications of some of Amazon’s behavior. “Germany Opens Amazon Antitrust Probe, Adding to European Scrutiny,” The Wall Street Journal, November 30, 2018 (online).  Is Amazon hindering other sellers on their website?

This is primarily a Compliance issue.  I note, however, that the types of behavior at issue here are basic antitrust blocking and tackling.  If you get to a certain size, you can no longer get away with behavior that would be acceptable by a smaller player. Sometimes this isn’t part of the Compliance education package.

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Interconnections, Legal, Requirements, Third parties

December 3, 2018 · 6:13 am

What you say is information, too

“Mueller Accuses Paul Manafort of Lying to FBI After Plea Agreement, The Wall Street Journal, November 26, 2018 (online).  Did Manafort lie after he reached a plea deal?

Information is not limited to what you write in a document or an email.  It includes verbal utterances.  How do you control your “verbal utterances” when the penalty for lying to the FBI can result in 20 years in prison, regardless of what happened prior to your plea deal?

So, this involves Information (verbal statements are information), Compliance (lying to the FBI exposes you to 20 years’ in prison for each offense), and Governance (how do you avoid making an untrue utterance?).  Do your policies and controls address verbal information, and, generally, not lying to the FBI?  Need they?

Leave a comment

Filed under Communications, Compliance (General), Content, Controls, Definition, Duty, Governance, Information, Internal controls, Legal

November 13, 2018 · 7:40 am

Too much sharing

I’m a bit of a knowledge management wonk, having been involved in the then-nascent KM movement within the inhouse legal community in the early 2000s.  But there can be too much sharing.

“Sinclair Settles With U.S. on Ad-Sales Data,” The Wall Street Journal, November 8, 2018 B2.  A media group settles lawsuit over alleged sharing of information among television station owners, that may have led to higher advertising rates.

An interesting side note is that this all came to light when Sinclair proposed to buy another company and had to undergo a government investigation.

Are there restrictions on how much information can be shared between and among competitors?  Yes.  They are call “antitrust laws.”  And is there a risk of making a deal that subjects you to government scrutiny?  Yes.  The may discover all manner of minor and major sins.

Leave a comment

Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Discovery, Duty, Governance, Information, Internal controls, Knowledge Management, Oversight

July 23, 2018 · 11:23 am

Tapes and onions

Today, with surveillance cameras everywhere, it’s good to remember that everything you say may be recorded.  Even by someone you trust.  And those recordings turn up.

“Cohen Recorded Talk With Trump,” The Wall Street Journal, July 21, 2018 A1.  Trump’s then-personal lawyer recorded a conversation with then-private-citizen Trump about a story about a Playboy model.

Several different layers of onion involving this tape its creation, its collection by the FBI under a warrant, its production after a court-ordered review, its release to the press, and its impact.  And who owns it, at each stage of the process?  Did Trump know he was being taped?  Was this privileged?  Was the privilege waived?  How and by whom?

I just ask the questions.

 

Leave a comment

Filed under Access, Controls, Discovery, Duty, Government, Internal controls, Lawyers, Legal, Ownership, Privacy, Privilege, Third parties

July 2, 2018 · 5:50 pm

Equifax compliance education

“Former Equifax Manager Is Charged,” The Wall Street Journal, June 29, 2018 B3. To respond to the huge privacy breach at Equifax last year, the company set up a website to help some of those affected.  The former software manager setting up that website  bought some options, betting that Equifax’s stock would go down once the breach was discovered.  He faces criminal and civil charges.

Who would have thought a software engineer needed insider trading education?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, Legal, Oversight, Policy, Protect assets, Requirements

June 15, 2018 · 11:27 am

Poster boy for Information Governance

Years ago, while teaching a course to MBA students at Rice University, I used the Target credit card breach as a case study.  It touched a lot of bases.  Now we have a better one.

While there have been a lot of information governance-related stories in the news over the past two years, including Equifax and Facebook and VW and Wells Fargo, my nominee for the one name associated with the most significant teaching example in information governance and compliance is the former FBI Director, James Comey.

First, he gave us The Day That Information Governance Died, with his July 5, 2016 pronouncement that, notwithstanding her clear violations of several applicable legal laws dealing with the handling of confidential or secret information (and the destruction of information subject to a subpoena), Secretary Hillary Clinton’s use (and wiping) of a private server to store government email was not going to be prosecuted.  Such a pronouncement deviated “‘from well-established Department policies'” that the FBI does not comment about  ongoing criminal investigations.

Then he wrote a memo ostensibly commemorating a meeting he had with his boss on government business on a government computer (while in a government vehicle) during the work day, and declared that that was his personal correspondence that he could (and did) distribute as he pleased.

And now we learn that he conducted government business over his own private gmail account {that information does not appear in the WSJ article – Ed.}, and actively avoid his boss’ oversight (and his bosses failed to adequately supervise him).  “Report Blasts FBI Agents, Comey Over Clinton Probe,” The Wall Street Journal, June 15, 2018 A1. Inspector General releases his report on the Clinton Investigation.

Recap:

  • Violations of law are not enforced
  • Evidence is destroyed notwithstanding a subpoena
  • Senior employees ignore long-standing policy
  • Senior employees treat documents prepared by them in the course of business as their personal information
  • Senior employees use private email accounts to transact government business
  • Employees hide things from their bosses
  • Bosses failed to adequately supervise their reports

And this is at the FBI, by a lawyer.

Does anyone wonder why we have a hard time getting traction on information governance initiatives?  Certainly an argument for an Information Governance case study of just the Clinton email investigation and its aftermath.  Not sure you could cover it all in one semester, at both law schools and business schools.

 

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Culture, Discovery, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Lawyers, Managers, Oversight, Ownership, Ownership, Policy, Requirements, Supervision, Who is in charge?

June 14, 2018 · 4:07 pm

Trend to watch

“Vietnam Tightens Web Grip With New Cybersecurity Law,” The Wall Street Journal, June 13, 2018 A7.  The Vietnamese government wants access to all Vietnam-based users’ data.

Several provisions of new law will make the lives of international companies such as Facebook and Google, who must now open an office in Vietnam, store the data of Vietnam-based users in the country, and promptly take down user-posted content at the government’s request.

What happens when an irresistible force (the Internet) encounters and immovable object (the government of a sovereign country)?  The US started this (sort of) when it exported the joys of e-discovery.  Then Europe replied by imposing global privacy rules.  Now China and Vietnam are pushing some of their own requirements, but more as restrictions on Internet companies doing business in their countries.

Who’s going to win?

Intersection of Information, Governance, and Compliance.

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Governance, Legal, Requirements

June 14, 2018 · 1:38 pm

Down under

Banks normally monitor (i.e., manage) money transfers (i.e., information), in part to make sure that nefarious people are not transferring money to other nefarious people.  Apparently, they needed to monitor (i.e., manage) who their customers are (i.e., information).

“Australia’s Biggest Bank Faces Record Fine,” The Wall Street Journal, June 5, 2018 B10. Fine of $530 million proposed for bank who failed to catch transfers of money in and out of an account owned by someone who left the country (Australia) in 1999 (and who “had also been charged in Lebanon in 2004 with belonging to a terrorist organization…”).

So, does “information” include who your customers are and whether they are charged as terrorists in another country?  How do you monitor that?  Just ask your customers to notify you if they are charged with terrorism?  Have them sign a form annually stating that they haven’t been charged as a terrorist?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Governance, Information, Internal controls, Requirements, Third parties

April 26, 2018 · 2:12 pm

Barriers to entry

“Europe’s New Consumer Privacy Law Gives Edge to Tech Giants,” The Wall Street Journal April 24, 2018 A1.  The General Data Protection Regulation, which goes into effect next month, protects consumers but also gives Google and Facebook an advantage.

By wielding their power over advertisers and taking a strict interpretation of the law, Facebook and Google can make it really difficult for competitors to establish competing platforms.

Is this what the European regulators anticipated?

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Privacy, Requirements, Third parties, Vendors

April 22, 2018 · 9:18 am

Reliance

“U.S. Prosecutors to Weigh Criminal Case for McCabe,” The Wall Street Journal, April 20, 2018 A1. The DOJ Inspector General referred the case/matter of former FBI Deputy Director for criminal prosecution over his responses to investigators looking into leaks.

What does it say about the culture of an organization when two of its top officers, both of whom are lawyers, may have lied to federal investigators?  And what if that organization’s mission is the investigation of crimes?

How much do we rely on institutions and professionals to provide governance and to stand as examples of compliance?  Is that reliance justified?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Government, Lawyers, Legal, Requirements