Category Archives: Legal

Dadah is Death

News alert: Countries have different laws.

“Malaysia Aims at ‘Fake News,'” The Wall Street Journal, March 27, 2018 A6.  In the run-up to national elections, new law proposed to impose a prison sentence of up to 10 years for spreading fake news.

As information governance, this has some interesting elements.  News that hasn’t been approved by Malaysian authorities will be considered “false.”  What controls does your country or company put on the sharing of information?  Are they enforced?  Effective?

This law may also apply to “media organizations” outside Malaysia in certain circumstances. But “the government wouldn’t suppress opposing views.”  Well, that makes us comfortable.

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Data quality, Duty, Governance, Legal, Requirements, Who is in charge?

Privacy is dead; suspect under arrest

I don’t know what the record is for consecutive days on which one company’s screw-up was on the front page of The Wall Street  Journal, but Facebook is in the running.

“U.S., States Step Up Pressure on Facebook,” The Wall Street Journal, March 27, 2018 A1.  “[F]ederal regulators [including the FTC] … and 37 state attorneys general demanding explanations for [Facebook’s privacy] practices.” Stock price up 0.4% (when the market was up 669.40 points).  Demands/invitations that Zuckerberg (and Google and Twitter) testify before Congress.  And Europe hasn’t weighted in yet.

There is also a pop-up that describes FB’s practice of logging some calls and texts from Android phones.  Did you (we) know that?  Do you know what companies are doing with “your” data?  Do you care?  Privacy is dead; Facebook investigated as person of interest.

I guess that answers the question of who’s in charge:  the Feds and the states.  I guess I missed the outrage when essentially the same data was collected and used quite effectively by the Obama campaign.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Legal, Oversight, Ownership, Privacy, Protect assets, Requirements, Third parties, Vendors, Who is in charge?

Public utility

Is YouTube a public utility, subject to government control and with an obligation to serve all comers?  Or is it something else, subject to different rules?

“YouTube Clamps Down on Gun Videos,” The Wall Street Journal, March 22, 2018 A4.  YouTube decides to restrict certain videos about guns and gun sales.

Once you open your business up to the public, don’t you have an obligation to allow legal conduct on your site?  Where else can you refuse to serve someone who wants to do something that’s legal?  Say, for instance, could YouTube forbid any use of its site by Democrats, Republicans, or Catholics?

Where do you draw the line, and who draws it?

Leave a comment

Filed under Access, Accuracy, Compliance, Content, Controls, Corporation, Duty, Governance, Internal controls, Policy

Who’s responsible for your information technology?

Who’s at fault when your technology doesn’t work?  Isn’t that an inherent risk in any technology?

“NYSE to Settle With SEC Over Malfunctions,” The Wall Street Journal, March 7, 2018 B15.  NYSE penalized $14 million for not preventing “outages of critical market infrastructure” in August 2015.

Crazy the the government can create a rule making you liable if technology fails.  But then, you have to comply with the applicable requirements.

 

Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Requirements

Keeping track

Your can keep track on paper, or have a machine do it.  Which is better for compliance?

“Electronic Logs to Rule the Road,” The Wall Street Journal, December 16, 2017 B3.  For many years, larger trucking companies have used electronic systems to monitor how many hours their drivers drive, and thus comply with various DOT regs.  Now smaller companies will have to follow suit.

 

Leave a comment

Filed under Accuracy, Collect, Compliance, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Requirements, Third parties, To report, Value

Hacking denial

Keeping a hack of your enterprise secret should be difficult.  Some find it easy.

“Uber CEO Knew of Hack for Months,” The Wall Street Journal, November 24, 2017 A1.  Uber was hacked in October 2016 (they say), affecting 57 million accounts.  Less than Yahoo’s 3 billion, and Equifax’s 145 million.  The CEO learned of the breach in September 2017, shortly before taking the top job.  Uber also paid the hackers $100,000 to destroy some of the stolen data.

Would they have disclosed it at all if they weren’t seeking outside financing?

What’s your obligation to disclose to your customers that their information may have been stolen from you?

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Legal, Oversight, Ownership, Requirements, Security, To report

It depends what you mean by “lost”

When someone touts numbers, what do they really mean?

“Your Lost Luggage May Not Count as Lost,” The Wall Street Journal, November 16, 2017 A12.  The “official” figures on how many pieces of luggage each airline misplaces are different than how many bags get lost.  The government defines the operating statistics that must be reported.

Are your sufficiently critical when someone gives you numbers?  Especially when it affects their compensation?

Leave a comment

Filed under Accuracy, Controls, Data quality, Definition, Information, Requirements

Drafts

A fascinating area for exploration is the drafts that led to the final version.  The dates, the wording, the recipients.  Why do people keep drafts?  Just because?

“Comey Originally Tougher On Clinton, The Wall Street Journal, November 7, 2017 A5.  A Republican Senator discloses that Comey’s early draft of the exoneration document used the language “grossly negligent,” the statutory test.

I’ve referred to July 5, 2016 as the Day that Information Governance Died.  That’s when the Director of the FBI announced his decision not to prosecute someone who had routinely violated the rules on handling secret documents, because “no reasonable prosecutor would bring charges.”  Not to get into the politics of things, but how can you argue that following the rules is required when the Secretary of State isn’t held to the standards that apply to a Navy seaman?

That being said, why do people hold on to drafts?  Because it’s easy?  Or because it’s hard to get rid of them?  There is seldom a reason to retain them beyond when the document is final.  Maybe a phrase or a paragraph.  But the entire document?  How can we convince people not to keep drafts?

 

 

Leave a comment

Filed under Compliance, Controls, Corporation, Discovery, Duty, Employees, Governance, Internal controls, Legal, Records Management, Risk

Crime without punishment

How do you enforce the rules in the future if you haven’t enforced them in the past?

“Bergdahl Avoids Jail Time,”  The Wall Street Journal, November 4, 2017 A3.  A convicted deserter loses some benefits but doesn’t go to jail or get executed.

If you’re the Army, what steps can you take to prevent desertion in the future?  For those in the private sector, has your employer failed to enforce the rules?  What does that do to the culture?  If he had been convicted of sexual harassment, would the sentence have been different?

 

Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Governance, Government, Internal controls, Requirements, Third parties

Violating patents

Violating the patents of others can be expensive.

“Qualcomm Feels Sting of Fine and War with Apple,” The Wall Street Journal, November 2, 2017 B4.  Between a fine of almost $800 million and a major customer (Apple) withholding royalty payments for patent licenses, profit drops $1.4 billion for the fourth quarter.

As you attempt to quantify the risk of violating the intellectual property rights of others, this provides some data points.  Were the directors aware of this risk?  If not, why not?  If they were, what does that say about them?

4 Comments

Filed under Compliance, Corporation, Directors, Duty, Governance, Oversight, Requirements, Risk