What impact has technology had on the flow of information in your industry, including the flow of information to and from competitors? Are your controls keeping pace?
“Fashion Industry Gossip Was Once Whispered. Now It’s on Instagram.,” The Wall Street Journal, December 2, 2018 (online). Instagram used to track fashion statements that are strikingly similar.
Underlying this is the point that copying someone else’s creative expression is frowned upon. (Compliance) And that public shaming may be a more effective (and less expensive) control than copyright litigation. (Governance) And a photo of a jacket (or the jacket itself) is as much information as an email. (Information)
Filed under Compliance, Compliance (General), Controls, Definition, Duty, Governance, Information, Internal controls, Ownership, Protect assets, Technology, Third parties
“Wells Fargo Technology Under Scrutiny,” The Wall Street Journal, November 8, 2018 B11. Questions being raised about the technology the bank uses for cybersecurity and risk management.
Do you have the right technology to effectuate the controls you have placed around information? Will your regulators agree? If you are already on the regulator’s radar screen, will your controls measure up?
Filed under Controls, Corporation, Duty, Governance, Internal controls, IT, Oversight, Protect, Protect assets, Risk assessment, Security, Technology
“SEC Keeps Study On Speed-Bump Trading Under Wraps,” The Wall Street Journal, October 25, 2018 B11. SEC has done a study of controls that slow down high-frequency traders, but hasn’t released that publicly.
The SEC is in charge of protecting the stock trading system. As such, it watches over how quickly information moves within that ecosystem, and whether access is available to all at the same time. But the SEC refuses to release the unredacted text of a study that it did on the impact on “controls” that limit the ability of high-speed traders to take unfair advantage of their access to information.
Curious as to why (and what) the government doesn’t want us to know. Who oversees the government? (Hint: a free press is one of them).
Filed under Access, Accuracy, Controls, Data quality, Duty, Governance, Government, Information, Interconnections, IT, Oversight, Technology, Third parties, To report, Value
“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1. Tim Cook wants GDPR-style privacy protections in the US. Claims “[o]ur own information … is being weaponized against us with military efficiency.”
He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.
How do we wrest control of our information back again? Or is privacy dead? And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?
Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value
Would Macy’s tell Gimbels? Miracle on 34th Street.
“EBay Alleges Incursion by Amazon,” The Wall Street Journal, October 18, 2018 B2. Amazon accused of stealing customers by penetrating EBay’s internal emessaging platform and breaching EBay’s rules.
What’s your information worth to you? What’s it worth to your competitors? How well is it protected? What controls do you have on the acts by your employees, especially when accessing the systems and information of your competitors?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Technology, Third parties, Value
That’s a catchy headline.
“Facebook Thinks Hack Was Set by Spammers,” The Wall Street Journal, October 18, 2018 B1. FB says recent breach of ~30 million accounts was by spammers wanting to make profits, and not by nation states with evil motives. FB will likely never find who took the information.
This raises a whole host of issues about information ownership and the duty of companies who handle and store your data. And IT security, or insecurity. Which is your favorite? I personally favor what this says about the culture at FB; with these issues, the FB communication to the market and its shareholders and its customers speaks volumes about how FB views the risks of its business. So now a denial is Information, by definition.
Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Technology, Third parties, Who is in charge?
“Smart Devices Draw New Defenses,” The Wall Street Journal, October 18, 2018 B1. Companies move to add security to the Internet of Things things, like interconnected devices inside your home (e.g., cameras, routers, refrigerators, and tvs).
Do we really know how insecure the appliances you have in your house? Do we really care? I posted earlier today about Apple in China building and selling phones that have the option, but not the requirement to have two-factor authentication. Is the user the weakest link?