Continuing from https://infogovnuggets.com/2019/01/04/catching-up-again/ and https://infogovnuggets.com/2019/01/04/catching-up-again-part-2/, and https://infogovnuggets.com/2019/01/04/catching-up-part-3/
- Conflicts with conflicts
“Justice Department Chides McKinsey in Another Bankruptcy Case,” The Wall Street Journal, December 17, 2018. McKinsey continues to fail to make what are viewed as adequate disclosures of conflicts when advising bankruptcy estates, and may not get paid for its work as a result.
- Voter data
“Fight Over Voter Data Roils Democrats Ahead of Election,” The Wall Street Journal, December 17, 2018. Have Republicans been better than the Democrats at collecting and storing information? What’s this worth?
- Your business partner wants you to call a shareholders’ meeting
“Renault Urges Nissan to Call for Shareholder Meeting Following Nissan Indictment,” The Wall Street Journal, December 17, 2018. Is this interfering with “your” governance? Is this a compliance matter, or a partnership matter, where your partner is concerned that you are keeping your CEO as CEO while he sits in jail?
- Is a dance move “information”?
“The ‘Fortnite’ Dance Move That Spawned a Lawsuit,” The Wall Street Journal, December 17, 2018. While longer dance routine can be protected by copyright law (which was a bit surprising to me), not so (so far) for “snippets.”
- Hiding risk information may be a problem
“Glencore-Controlled Miner to Be Fined by Canadian Authorities Over Congo Ops,” The Wall Street Journal, December 17, 2018. Fine of $22 million for company and some of its former directors and executives for hiding the risks of doing business with someone connected to Congolese president. Is a risk analysis information? Can you hide that from the shareholders?
- Warning signs
“Goldman Sachs Ignored 1MDB Warning Signs in Pursuit of Asian Business,.” The Wall Street Journal, December 18, 2018. Can chasing business too hard lead one to ignore important information and sidestep important controls? What controls can you put in place to avoid having this happen to you? Is this an oversight issue? Do criminal charges and huge fines lay ahead?
- VW vendor pleads
“Volkswagen Supplier to Plead Guilty to Conspiracy, Pay $35 Million Fine in Emissions-Cheating Probe,” The Wall Street Journal, December 19, 2018. Company that designed the software used to fool or, as some say, cheat, the emission test pleads guilty to crime and pays a fine to US. VW has paid more than $20 billion. Is this just compliance-related, or is there also an information hook here? Design a software to work around a government test.
- Looking for a whistleblower
“Barclays Fined $15 Million by New York Over CEO’s Anti-Whistleblower Push,” The Wall Street Journal, December 19, 2018. The CEO had tried to use the company’s security department to locate the writer of a letter critical of a recent hire. He pressecd on, despite advice from the head lawyer and the chief compliance officer (costing him £642,000 in fines and £500,000 of his bonus). So the shareholders pay more than the CEO did. Go figure.
- Hiding the names of the guilty
“Illinois Dioceses Withheld Names of Accused Priests, Report Says,” The Wall Street Journal, December 20, 2018. Can you legally not disclose the name of an employee or a contractor who was accused of sexual abuse? Is this a governance issue or a compliance issue or an information issue? Or a reputation problem?
Ethics and policies
“Is It Really Five Stars? How to Spot Fake Amazon Reviews,” The Wall Street Journal, December 21, 2018. How Amazon goes about trying to separate the wheat from the chaff. How does your company determine what’s a fake review and what’s the real deal?
- Information/price linkage
“Room for Improvement? New Hotelier Tests an Algorithmic Pricing System,” The Wall Street Journal, December 22, 2018. Using information about a customer and from a customer to establish the price for future sales to that customer. Interesting linkages at a new hotel chain.
Filed under Collect, Communications, Compliance, Compliance (General), Controls, Corporation, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Investor relations, Management, Oversight, Ownership, Privacy, Records Management, Risk assessment, Supervision, Third parties, To report, Use, Value, Vendors
Continuing from https://infogovnuggets.com/2019/01/04/catching-up-again/
- Pot calling the kettle black
“Comey Tells House Panel He Suspected Giuliani Was Leaking FBI Information to Media,” The Wall Street Journal, December 10, 2018. Former FBI Director Comey, who admitted to leaking information to a reporter through a law school professor, complains that someone else did it, too.
- Yes, we have no privacy
“Thieves Can Now Nab Your Data in a Few Minutes for a Few Bucks,” The Wall Street Journal, December 10, 2018. Following the series of major hacks of privacy data (e.g., Marriott, LinkedIn, Equifax, and Yahoo), “Every American person should assume all of their data is out there,” said one FBI agent. Comforting.
- Duty to report
“New Report Shows Olympics Executives Concealed Knowledge of Nassar Allegations,” The Wall Street Journal, December 11, 2018. Executives knew information about sexual abuse allegations, and failed to report. To whom did they breach a duty?
- Interesting intersection of the right to petition the government and your right to privacy
“U.S. Investigating Fake Comments on ‘Net Neutrality,’” The Wall Street Journal, December 11, 2018. “Earlier this year, the FCC said it would upgrade its website to try to prevent fakery. … Several federal agencies warn that it is a felony to send falsified comments to the federal government when posting on websites soliciting opinions on federal rulemaking.” What if the comments were anonymous?
- Lying or overspending on your expense account can get you canned
“Under Armour Ousts Two Executives After Review of Expenses,” The Wall Street Journal, December 11, 2018. Complying with company policy and procedures is sort of kind of like a job requirement. Even if you signed Jordan Spieth. But how were they to know how much was too much?
- Weakest link?
“Amazon, Amid Crackdown on Seller Scams, Fires Employees Over Data Leak,” The Wall Street Journal, December 11, 2018. Employees bribed for access to inside information. What’s your information worth to you? To the briber? To the (former) employee? Do you have a policy against taking bribes?
- Collateral impact
“Nissan-Renault Scandal Shows It’s Hard to Keep Car Alliances On Track,” The Wall Street Journal, December 12, 2018. A scandal at your business partner can affect your company’s relationships. Is that Governance?
- How do you deal with rumors? Are they “information,” too?
“Super Micro Finds No Malicious Hardware in Motherboards,” The Wall Street Journal, December 12, 2018. This contradicts a prior report from Bloomberg. How do you govern other sources of information? Is using a trusted third party to investigate just standard crisis management planning?
- Should Compliance be more congenial?
“Banks Get Kinder, Gentler Treatment Under Trump,” The Wall Street Journal, December 13, 2018. Regulators are urged to be more collegial with the banks they regulate. Is that better “Governance,” in the short term or in the long term?
- What does it say?
“Renault Sticks With Carlos Ghosn as Internal Probe Finds No Illegality,” The Wall Street Journal, December 13, 2018. What does it say to the rank-and-file when the Chairman gets arrested? And when he’s thereafter kept in place? The Board may have some explaining to do.
- What can your employer do with your information?
“U.S. Companies Asked to Disclose More About Their Workers,” The Wall Street Journal, December 14, 2018. Pension funds ask employers to disclose more information than the SEC currently requires. Whose decision is that? When and how can you object?
- Watch your contractors
“Chinese Hackers Breach U.S. Navy Contractors,” The Wall Street Journal, December 15, 2018. What’s this information worth, both to the US and to China? How much do you look at the security at your vendors who process or create information for you? Are they a weaker link than your employees? (See item 6, above.)
- Information and Governance and Compliance
“PG&E Falsified Gas Safety Records, California Claims,” The Wall Street Journal, December 15, 2018. From the explosion in San Bruno in 2010 (after which PG&E couldn’t find a bunch of inspection records relating to hundreds of miles of its pipelines) to more recent claims about fudging the records on pipeline locations, PG&E has had this problem for awhile. For now, these are just allegations. But what impact on every claim made against the company, and every claim made by it? If they falsify safety records, do they falsify bills, too? “The [state regulator] last month expanded a continuing probe of PG&E’s safety practices and said it would explore the way the company is structured and managed.” There seems to be a link between record-keeping and management and compliance and culture.
- Facebook, again
“Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users,” The Wall Street Journal, December 15, 2018. One almost gets the idea that protecting your privacy is not a high priority for them.
Filed under Board, Collect, Communicate, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Management, Oversight, Oversight, Ownership, Privacy, Protect, Protect assets, Records Management, Security, Supervision, Technology, Third parties, To report, Use, Value, Vendors
If you are looking to invest, it would be nice to know if the broker who has been recommended to you has a history of complaints by his/her customers or employers. If you are the prospective broker, it would be good to be able to present a clean record, even if your record isn’t clean.
“Brokers Purge Their Records,” The Wall Street Journal, November 19, 2018 B1. Brokers can request that complaints be expunged from the records of the industry-funded regulator. So, were you to ask you would be told there’s no record.
So, what is a clean record worth, when a dirty record can be so easily laundered? I guess there may be multiple definitions of “record,” one of which is documentation of a business activity or decision, and the other of which is a conviction.
On the internet, no one knows you’re a dog.
A Tesla employee is indicted for creating fake documents to cover up a fake-payment scheme. “Former Tesla Employee Is Indicted,” The Wall Street Journal, November 12, 2018 B5.
Companies have a lot of controls to prevent fraud by employees, and often these controls work. Why are there more such controls to prevent financial fraud than to prevent violations of other company procedures, such as those related to document creation, retention, and storage?
One wonders whether, in the aggregate, companies lose more money through poor document management and control than they lose through financial fraud. How would one conduct such a study?
Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Protect assets, Records Management, Security, Third parties, Value, Vendors
This blog explores, from time to time, the outer reaches of the intersection(s) of Information, Governance, and Compliance.
Consider, for a moment, a fingerprint. Not what you normally consider “information.” And one seldom thinks of “managing” a fingerprint. Who owns your fingerprint? But consider the value of a fingerprint, and both the failure to “manage” or control where that fingerprint can be found and the ability to find that fingerprint and locate its owner. How much information governance is involved in this process?
“Fingerprint Leads to Arrest Of Bomb Suspect in Florida,” The Wall Street Journal, October 27, 2018 A1. Alleged mail bomber’s fingerprint in a package sent to a legislator leads to arrest of suspect.
Which leads me to the question,”What is there that isn’t information that is managed or controlled in our lives, or a least directly related to information that is managed?” I struggle to find an example of something that isn’t information, or directly related (perhaps somewhat remotely) to information that is managed or controlled.
Filed under Access, Accuracy, Analytics, Collect, Compliance, Controls, Data quality, Definition, Duty of Care, Governance, Information, Management, Oversight, Ownership, Records Management, Risk assessment, Use, Value
“Delete Old Digital Haunts,” The Wall Street Journal, October 15, 2018 B4. A how-to guide on how to clear out the electronic information and the applications you don’t use any more.
Part of information governance is getting rid of data that we no longer need (and that is no longer required by law) – goes by the catchy title Defensible Disposal. A part of governance is how we manage this (or not) in our own lives. If you don’t do it in your own life, how can you be expected to do it at work?
Sometimes tracking is a good thing.
“Tech to Track Errant Kegs,” The Wall Street Journal, June 21, 2018 B4. Sensors installed to reduce 10% shrinkage rate from theft or misplacement of beer kegs. Could also track temperature.
Do you track similar information? Is this more or less valuable than knowing what records you have and where you have them?
When decision-makers want information upon which to make decisions, they would like to that that information be current, accurate, and complete. Don’t we all?
“Court Backs Purge of Voter Rolls,” The Wall Street Journal, June 12, 2018 A3. Supreme Court allows Ohio to prune its voter rolls of people who haven’t voted in a long time and who don’t reply to an inquiry as to their status.
One would expect the government would take some care in maintaining its voter rolls. Helps provide some integrity to the process. Is that information governance? But we want to make sure there’s a robust process to prevent inappropriate pruning.
Is this an analog for defensible deletion?
A fascinating area for exploration is the drafts that led to the final version. The dates, the wording, the recipients. Why do people keep drafts? Just because?
“Comey Originally Tougher On Clinton, The Wall Street Journal, November 7, 2017 A5. A Republican Senator discloses that Comey’s early draft of the exoneration document used the language “grossly negligent,” the statutory test.
I’ve referred to July 5, 2016 as the Day that Information Governance Died. That’s when the Director of the FBI announced his decision not to prosecute someone who had routinely violated the rules on handling secret documents, because “no reasonable prosecutor would bring charges.” Not to get into the politics of things, but how can you argue that following the rules is required when the Secretary of State isn’t held to the standards that apply to a Navy seaman?
That being said, why do people hold on to drafts? Because it’s easy? Or because it’s hard to get rid of them? There is seldom a reason to retain them beyond when the document is final. Maybe a phrase or a paragraph. But the entire document? How can we convince people not to keep drafts?
Filed under Compliance, Controls, Corporation, Discovery, Duty, Employees, Governance, Internal controls, Legal, Records Management, Risk
One of the early warning signs of most crises is a similar problem elsewhere in your industry.
“EU Officials Raid BMW’s Headquarters,” The Wall Street Journal, October 21, 2017 B2. Raid was apparently looking for evidence of antitrust violations in the industry, perhaps including agreements on emissions technologies.
Is this related to the emissions scandal at VW and other car makers?
If you’re a European car manufacturer, does this raise the risks of what’s in your information systems and files today? How can you address?