Category Archives: Requirements

Barriers to entry

“Europe’s New Consumer Privacy Law Gives Edge to Tech Giants,” The Wall Street Journal April 24, 2018 A1.  The General Data Protection Regulation, which goes into effect next month, protects consumers but also gives Google and Facebook an advantage.

By wielding their power over advertisers and taking a strict interpretation of the law, Facebook and Google can make it really difficult for competitors to establish competing platforms.

Is this what the European regulators anticipated?

Advertisements

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Privacy, Requirements, Third parties, Vendors

Reliance

“U.S. Prosecutors to Weigh Criminal Case for McCabe,” The Wall Street Journal, April 20, 2018 A1. The DOJ Inspector General referred the case/matter of former FBI Deputy Director for criminal prosecution over his responses to investigators looking into leaks.

What does it say about the culture of an organization when two of its top officers, both of whom are lawyers, may have lied to federal investigators?  And what if that organization’s mission is the investigation of crimes?

How much do we rely on institutions and professionals to provide governance and to stand as examples of compliance?  Is that reliance justified?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Government, Lawyers, Legal, Requirements

Dadah is Death

News alert: Countries have different laws.

“Malaysia Aims at ‘Fake News,'” The Wall Street Journal, March 27, 2018 A6.  In the run-up to national elections, new law proposed to impose a prison sentence of up to 10 years for spreading fake news.

As information governance, this has some interesting elements.  News that hasn’t been approved by Malaysian authorities will be considered “false.”  What controls does your country or company put on the sharing of information?  Are they enforced?  Effective?

This law may also apply to “media organizations” outside Malaysia in certain circumstances. But “the government wouldn’t suppress opposing views.”  Well, that makes us comfortable.

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Data quality, Duty, Governance, Legal, Requirements, Who is in charge?

Privacy is dead; suspect under arrest

I don’t know what the record is for consecutive days on which one company’s screw-up was on the front page of The Wall Street  Journal, but Facebook is in the running.

“U.S., States Step Up Pressure on Facebook,” The Wall Street Journal, March 27, 2018 A1.  “[F]ederal regulators [including the FTC] … and 37 state attorneys general demanding explanations for [Facebook’s privacy] practices.” Stock price up 0.4% (when the market was up 669.40 points).  Demands/invitations that Zuckerberg (and Google and Twitter) testify before Congress.  And Europe hasn’t weighted in yet.

There is also a pop-up that describes FB’s practice of logging some calls and texts from Android phones.  Did you (we) know that?  Do you know what companies are doing with “your” data?  Do you care?  Privacy is dead; Facebook investigated as person of interest.

I guess that answers the question of who’s in charge:  the Feds and the states.  I guess I missed the outrage when essentially the same data was collected and used quite effectively by the Obama campaign.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Legal, Oversight, Ownership, Privacy, Protect assets, Requirements, Third parties, Vendors, Who is in charge?

Who’s responsible for your information technology?

Who’s at fault when your technology doesn’t work?  Isn’t that an inherent risk in any technology?

“NYSE to Settle With SEC Over Malfunctions,” The Wall Street Journal, March 7, 2018 B15.  NYSE penalized $14 million for not preventing “outages of critical market infrastructure” in August 2015.

Crazy the the government can create a rule making you liable if technology fails.  But then, you have to comply with the applicable requirements.

 

Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Requirements

Keeping track

Your can keep track on paper, or have a machine do it.  Which is better for compliance?

“Electronic Logs to Rule the Road,” The Wall Street Journal, December 16, 2017 B3.  For many years, larger trucking companies have used electronic systems to monitor how many hours their drivers drive, and thus comply with various DOT regs.  Now smaller companies will have to follow suit.

 

Leave a comment

Filed under Accuracy, Collect, Compliance, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Requirements, Third parties, To report, Value

Hacking denial

Keeping a hack of your enterprise secret should be difficult.  Some find it easy.

“Uber CEO Knew of Hack for Months,” The Wall Street Journal, November 24, 2017 A1.  Uber was hacked in October 2016 (they say), affecting 57 million accounts.  Less than Yahoo’s 3 billion, and Equifax’s 145 million.  The CEO learned of the breach in September 2017, shortly before taking the top job.  Uber also paid the hackers $100,000 to destroy some of the stolen data.

Would they have disclosed it at all if they weren’t seeking outside financing?

What’s your obligation to disclose to your customers that their information may have been stolen from you?

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Legal, Oversight, Ownership, Requirements, Security, To report