This is a straight compliance piece, where a corporation is held liable for the misdeeds of its employees (agents).
“Wells Fargo to Pay $3.4 Million Over Advisers’ Flub,” The Wall Street Journal, October 17, 2017 B10. Apparently, some of the bank’s financial advisers recommended volatility ETFs when they shouldn’t have. The advisers also didn’t have adequate training.
This is straightforward. Should some manager be fired or disciplined? Maybe. This would not seem the type of event that calls into question the Board’s duty to supervise, unless this is the third time this same compliance issue has arisen. This is only the second time. The bank paid nearly $3 million in fines and restitution in 2012 for a similar violation.
Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Requirements
Slack is a new communications software in use in many companies. Do your policies deal with the implications of the use and misuse of yet another new technology? How will you handle this when litigation comes in?
“Tips to Tighten Slack Users’ Skills,” The Wall Street Journal, October 12, 2017 B4.
Filed under Access, Communications, Compliance, Content, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Legal, New Implications, Oversight, Policy, Protect assets, Security
Apparently, NCAA rules prohibit coaches from using a burner phone to contact football recruits. Or lying about it when you do.
“‘Burner Phone’ Accusation Marks New Chapter in Ole Miss Scandal,” The Wall Street Journal, September 20, 2017 A16. Coaches accused and investigated, and asked to sign certifications that they had never used pre-paid phones for recruiting or other work-related purpose.
Is this a question you normally ask your employees, or is this a form you have them sign? Should you ask for a certification that exiting employees do not have any company information on a non-company asset or location?
Filed under Access, Board, Compliance, Compliance Verification, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Legal, Oversight, Oversight, Policy, Protect assets, Security, Third parties
“Makers Of Opioids Are Asked For Data,” The Wall Street Journal, September 20, 2017 A6. Subpoenas served on 5 manufacturers, as 41 states investigate marketing and sales of painkillers.
How much will this cost? Who will pay? What will we learn?
One unique aspect of information is that it can be stolen, yet remain in the owner’s possession. Apparently, medical facilities are required to report if your medical information is stolen, but not if it is merely kidnapped and held for ransom.
“Some Cyberattacks Go Unreported,” The Wall Street Journal, June 19, 20127 B3. Whether hospitals need to report a ransomware attack of their files as a data breach is a “gray area,” and the federal government doesn’t require such reports, even if the government knows about them. Some hospitals don’t report ransomware attacks, so these attacks are not in the HHS statistics.
So, patients don’t know when hospitals have weak security protection. What value, then, are the government statistics? Do they need a big asterisk?
Filed under Controls, Corporation, Data quality, Duty, Government, Information, Internal controls, IT, Legal, Requirements, Security, Third parties, To report, Value
Last July, after the July 5 new conference, I wrote about the consequences of James Comey’s decision not to prosecute, https://infogovnuggets.com/2016/07/12/sounds-of-silence/. I view that as The Day Information Governance Died.
This week, we had the sequel.
If you create a document in the normal course of your duties for your employer, about a conversation held in the course of your employer’s business, using the employer’s computer, then that document is the property of your employer. It’s “proprietary.” You can’t take that document with you when you’re fired and then give it to others. Even if it doesn’t contain privileged information. Or your purported recollections of a conversation in your official capacity with the President, subject to executive privilege.
But Mr. Comey seems to be above (or maybe beside) the Law, generally. And he is (until the ethics people get a hold of this) a lawyer.
“The ‘Close Friend’ Behind Memo Leak,” The Wall Street Journal, June 9, 2017 A4. Comey leaks a memo he wrote while a government employee to a friend, in order to leak it to the press.
And we wonder why we have a hard time getting traction on information governance.
I was otherwise engaged last week and missed posting. Here are some catch-ups.
- Comey – reportedly, former FBI Director wrote memos to the file on his conversations with the President. Two points: just because you write something, doesn’t mean it’s true – that’s why you have hearsay rules and cross-examination. Doesn’t mean it’s not true, either. Also, interesting question in the area of obstruction of justice: if what was written was not 100% accurate, are there implications for the former Director under 18 USC §1519? “Trump Asked Comey to Drop Probe,” The Wall Street Journal, May 17, 2017 A1.
- “Tests Show More American Workers Using Drugs,” The Wall Street Journal, May 17, 2017 B1. Does your company have a drug policy that your employees are violating?
- “Putin Says Trump Divulged No Secrets,” The Wall Street Journal, May 18, 2017 A6.
- “Cover-Up Alleged In Probe Of Attack,” The Wall Street Journal, May 18, 2017 A7. Criminal complaint by Berlin filed against police investigators, alleging documents were altered.
- VW (the adventure continues) – The VW CEO and a few others (including Board members) are being investigated over whether they intentionally withheld information about the diesel emission testing scandal from investors. “Inquiry Targets Volkswagen CEO,” The Wall Street Journal, May 18, 2017 B1.
- “Uber Threatens to Ax Executive,” The Wall Street Journal, May 20, 2017 B3. Company threatens to fire executive (hired from Alphabet) if he doesn’t turn over documents. No Fifth Amendment protections against getting fired?
Filed under Accuracy, Board, Communications, Compliance, Compliance, Content, Controls, Corporation, Directors, Discovery, Duty, Employees, Governance, Government, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, Protect assets, Protect information assets