This blog often deals with Compliance, both compliance with law and compliance with company policy. But another aspect of Compliance is the corporation’s compliance with its own contracts.
“Professor Wins College-Freedom Case in Wisconsin,” The Wall Street Journal, July 7, 2018 A3. Private university penalizes professor for posting a factual post online, despite academic freedom protections he had in his contract; professor wins back pay and reinstatement.
So, does your compliance program cover your organization’s compliance with its own contracts? Does your compliance training mention that point? Is contract compliance more or less important than ethics? Or is it part of ethics? How strong are your processes around contract compliance?
I just ask the questions.
Filed under Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Third parties
The suspect makes his fingerprints unreadable, and doesn’t have a wallet or other ID. Who is he?
“Controversial Facial System Identifies Suspect,” The Wall Street Journal, June 30, 2019 A3. Facial recognition used to identify the shooter at the Capital Gazette in Annapolis, where five died. A picture was run through the drivers license data base, and up popped his license photo.
Biometrics as information? Role of technology in information governance?
“Europe’s Privacy Law Fails to Stoke Demand for Cyber Insurance,” The Wall Street Journal, June 21, 2018 B10. Companies aren’t buying as much privacy insurance as people thought.
Certainly, in the wake of the GDPR rollout, the risk of a privacy law violation has increased. Apparently companies think that they have adequate controls in place, and don’t need the protection of insurance to backstop their controls. Insurance is a mitigation in case your controls aren’t totally effective.
Are these companies doing the same with other risks to other assets? Or is you private data somehow different?
Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Internal controls, IT, Management, Oversight, Ownership, Privacy, Protect, Protect assets, Protect information assets, Security, Third parties
“Tesla Accuses Former Employee of ‘Sabotage,'” The Wall Street Journal, June 21, 2018 B3. Did a former employee hack Tesla’s manufacturing software and trade secrets and transfer information outside the company? Was this for convenience, or was it theft? Or to give to the press?
Do you have adequate controls to prevent this? Or to discover it? Who’s responsible if your controls fail?
Will the directors or senior officers be punished? Did they fail in their obligations to protect the corporation’s assets? Or is it just the shareholders who pay? And pay, and pay.
Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Management, Oversight, Oversight, Protect, Protect assets, Protect information assets, Third parties, Value
Vendors with whom you deal can (and do) capture lots of information about you. They use that information. Hopefully to improve customer service. Can they disclose what they know to others? What if your traveling companions don’t know it’s your birthday because you don’t want them to know?
“What the Airline Knows About The Guy in Seat 12A,” The Wall Street Journal, June 20, 2018 A11. What information on you do airlines collect and how do they use it?
If the information is correct and used positively, that’s one thing. What if it’s wrong, or used negatively? What if it leaks? What if it’s sold?
Filed under Access, Accuracy, Collect, Controls, Corporation, Duty, Duty of Care, Governance, Information, Management, Oversight, Ownership, Privacy, Protect, Use
“Old Spy Plane Tries to Learn New Tricks,” The Wall Street Journal, June 8, 2018 A3. Using new data analytical techniques to harvest more information from U2 spy photos taken from 70,000 feet, freeing up human viewers for other duties.
What old information do you have that you could process differently with newly available technology? What value could you harvest?
Who owns the information on social media? Everyone?
“Wall Street Moves Toward Mining of Social-Media Data,” The Wall Street Journal, June 4, 2018 B4. Companies now looking focusing on “alternative data reports” concerning a potential acquisition target, which are things such as user “purchase data, mobile app usage[,] and web surveys of prices.”
This data is mined from social media.
A powerful case for (a) using what’s available and (b) the ownership of data of social media.