Vendors with whom you deal can (and do) capture lots of information about you. They use that information. Hopefully to improve customer service. Can they disclose what they know to others? What if your traveling companions don’t know it’s your birthday because you don’t want them to know?
“What the Airline Knows About The Guy in Seat 12A,” The Wall Street Journal, June 20, 2018 A11. What information on you do airlines collect and how do they use it?
If the information is correct and used positively, that’s one thing. What if it’s wrong, or used negatively? What if it leaks? What if it’s sold?
Filed under Access, Accuracy, Collect, Controls, Corporation, Duty, Duty of Care, Governance, Information, Management, Oversight, Ownership, Privacy, Protect, Use
This may appear to be more a straight compliance piece than an information governance piece, but consider that the officers and directors didn’t know or didn’t report things that they should have known about. Truth or consequences?
“Wells Fargo Reaches Settlement In Lawsuit,” The Wall Street Journal, May 5, 2018 B10. Tentative settlement in suit alleging certain “current and former officers and directors of the bank had made false statements” affecting the stock price between 2014 and 2016.
The final paragraph of the article says,
The bank said Friday that it “denies the claims and allegations in the action and entered into the agreement in principle to avoid the cost and disruption of further litigation.”
One pauses to wonder if the current shareholders agree, it being their $480 million being spent to resolve the lawsuit, not the $480 million of said certain current and former officers and directors. This is on top of the $1 billion fine paid last month. Hopefully, the current and former shareholders will get some of the $480 million, less legal fees.
Telling fibs in connection with a company’s stock price can be real expensive for some one. Not knowing about abusive sales practices is about the same as lying. And how can you deny something yet still pay $480 million? Who are they trying to fool this time? At least now they can post nice ads on TV, claiming a re-invention. Has the culture problem been fixed?
Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, Oversight, Oversight, Protect, Supervision, To report, Value
Willie Sutton (a famous bank robber) was reportedly asked, “Why do you rob banks?” He reportedly said, “Because that’s where the money is.” https://www.snopes.com/quotes/sutton.asp
“Hackers Plunder Crypto Exchange,” The Wall Street Journal, January 27, 2018 B5. More than $500 million in credits hacked from the Coincheck site in Japan. One assumes virtual banks are easier to rob than brick and mortar banks.
This is a concrete example of the cost of a cyber breach. But it also follows on from an earlier post (Law School Exam Question) equating cash money and information, in terms of value.
If businesses (including the Board of Directors) treated information assets as cash, and managing, protecting, and controlling the organization’s information as currency, would that be “information governance”? Why do they handle information assets differently? Why should the Board and the officers get a pass on this? The shareholders certainly don’t.
Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Ownership, Protect, Protect assets, Protect information assets, Security, Third parties, Value
“Firm Settles Russia Probe,” The Wall Street Journal, December 12, 2017 A5. Company working on US defense projects had Russian employees who lacked appropriate security clearances (and who stored some material on servers in Russia).
No fine reported; company to institute new security protocols and thereby resolve criminal complaint.
One would have thought someone would have gotten more than their hands slapped over this one.
Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Governance, Government, Internal controls, Management, Oversight, Protect
What do you do when a rogue employee decides to express his or her politics by messing with your product? Could that affect your brand?
No, this isn’t about the NFL.
“Twitter Tightens Security,” The Wall Street Journal, November 4, 2017 B3. Security lapse allows a departing and now former Twitter employee to shut down President Trump’s Twitter feed for eleven minutes.
Cybersecurity focuses not only on external hackers but also internal bad-deed doers. Sometimes, even well-designed security plans fail. But those third-party plans are protecting your information in their control.
Do you have special controls for special celebrity cases? Do you take extra steps for departing employees?
Not sure Twitter is a brand.
Filed under Access, Business Continuity, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Oversight, Protect, Protect assets, Security, Supervision
As if Facebook weren’t enough, the Russians allegedly go after the phones of NATO soldiers.
“Russia Targets NATO Soldiers in Phone Hack,” The Wall Street Journal, October 5, 2017 A1. Use of drones suggests a national actor.
Do you control what your employees have on their phones? Can you? How? What if it is your company’s proprietary data? Or overseas?
Filed under Access, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Oversight, Ownership, Protect, Protect assets, Security
“Key Filing Made in Battle Between Alphabet, Uber,” The Wall Street Journal, October 2, 2017 B3. Uber apparently knew that “a former Google engineer had confidential Google files before buying his self-driving-car startup.” 50,000 emails, among others.
Do you have processes in place to prevent this from happening when you hire a competitor’s former employee or buy their company? What about when one of your employees (or contractors) leaves?
Filed under Access, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Ownership, Protect, Protect assets, Third parties