Category Archives: Technology

Weakest links

“Smart Devices Draw New Defenses,” The Wall Street Journal, October 18, 2018 B1.  Companies move to add security to the Internet of Things things, like interconnected devices inside your home (e.g., cameras, routers, refrigerators, and tvs).

Do we really know how insecure the appliances you have in your house?  Do we really care?  I posted earlier today about Apple in China building and selling phones that have the option, but not the requirement to have two-factor authentication.  Is the user the weakest link?

Leave a comment

Filed under Access, Controls, Duty, Interconnections, Internal controls, IT, Security, Technology, Third parties


“Apple Says It’s Sorry for Chinese Hacks,” The Wall Street Journal, October 17, 2018 B4.  Apple apologizes to customers who didn’t use two-factor authentication and who lost money when their accounts got hacked.  No disclosure of how the Apple IDs were stolen.

One could comment on this as a hack, or as the failure of the user to use optional controls in a software/hardware app, or as the failure to make the control required rather than optional.  But, as with the earlier post today, this post takes a different tack: what does it say about Governance in China when a vendor is pressured to apologize for its customers’ decisions?  That doesn’t happen stateside, much.  Is this punishment for Apple’s non-compliance?  Versus a lawsuit, which would be the Western approach?


Leave a comment

Filed under Access, Communications, Compliance (General), Controls, Corporation, Culture, Duty, Governance, Internal controls, Technology, Third parties, To report

Information delayed

“Advertisers Allege Facebook Put Off Disclosing Error,” The Wall Street Journal, October 17, 2018 B1.  Facebook sued two years ago for knowing the statistics on how long users were looking at videos were flawed, overstating the average time videos were viewed but failed to let the advertisers know.  So advertisers paid for posting videos based on inaccurate information from the seller (Facebook).

I guess one could comment on the culture at Facebook that would permit this behavior, or upon the Compliance implications of the apparent failure to punish anybody (employees, directors) for this apparent breach of customer trust. But instead one could focus on how much value Facebook derived from not disclosing information about known defects in its processes.  So, either (a) the definition of Information includes information you don’t disclose or (b) the value of information can include the value of not disclosing it.

The documents turned over in discovery are not favorable to FB.

Leave a comment

Filed under Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Reliance, Supervision, Technology, To report, Value


“Delete Old Digital Haunts,” The Wall Street Journal, October 15, 2018 B4.  A how-to guide on how to clear out the electronic information and the applications you don’t use any more.

Part of information governance is getting rid of data that we no longer need (and that is no longer required by law) – goes by the catchy title Defensible Disposal.  A part of governance is how we manage this (or not) in our own lives.  If you don’t do it in your own life, how can you be expected to do it at work?

Leave a comment

Filed under Controls, Internal controls, IT, Records Management, Security, Technology

Facebook again. Plus or minus 20 million.

“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1.  Data exposed between July 2017 and September 2018.  But thankfully only affected 30 million users, not the 50 million users originally feared.  It only took 2 days to stop it after it was discovered.  A flaw in the computer code opened a door.

The decrease in the number of affected users was reported in a blog post.

Does this mean that a defective product was released into commerce?  So who pays how much to whom?

Leave a comment

Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology

Apple watch

“Turkey Says Journalist’s Killing Was Recorded,” The Wall Street Journal, October 12, 2018 A1.  Turkey alleges audio and video demonstrate that Jamal Khashoggi was killed in the Saudi consulate in Istanbul.

Was this captured in part on his Apple Watch?

Do we lose sight of the places where information can be found?  How would (or do) we control this  in our organization?  A visitor who wears a watch?

Leave a comment

Filed under Controls, Information, Interconnections, Internal controls, IT, Security, Technology, Third parties

FB in the news. Again.

“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1.  Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code.  May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.

Is Facebook responsible for making sure its site is secure?  How did the executive in charge of safety and security miss this?  Does the Board at Facebook have liability?  Facebook no longer has a Chief Security Officer.

1 Comment

Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties


Appliances we use often capture data about how we use them.  Who owns that data, where is it stored, and what is it used for (and by whom)?

“What Your Car Knows About You,” The Wall Street Journal, August 18, 2018 B4. Large of amounts of data being collected from on-board devices, and used by car makers and others.

Will this lead to more targeted advertising?  May be worth $750 billion by 2030.  How much of that will the car owners get?

Sure, currently you have to opt in to this service.  You will read (and understand) the terms and conditions, won’t you?  And this will all be stored securely, with your privacy protected, won’t it?  Not that anyone could use your location or your driving habits against you.

Leave a comment

Filed under Access, Accuracy, Analytics, Controls, Information, Ownership, Privacy, Security, Technology, Value


A key element of either Compliance or Governance (or both) is penalizing violations.  Otherwise, the rule is on paper only, and isn’t real.

“U.S. Steps Up Grid Defense,” The Wall Street Journal, August 6, 2018 A1. Government devising new penalties for foreign (and domestic) agents who hack into critical infrastructure.

Sounds good.  But might we be better off with a few more ounces of prevention (education, technology controls, testing, etc.)?  The “internal” controls.  By the time you’re penalizing folks, you’ve been hacked.

Leave a comment

Filed under Access, Compliance (General), Controls, Duty, Governance, Government, Interconnections, Internal controls, IT, Security, Technology, Third parties

Blockchain, again

“Blockchain Helps Track Web Ads,” The Wall Street Journal, July 13, 2018 B4.  Technology used to determine whether “views” are by humans or bots, and where the advertising dollars are going.

How do you track how much of your sales price you actually receive?  For online ad publishers, Blockchain may help.  Also helps the advertisers.

More information is good.  Accurate information, even gooder.

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Information, Internal controls, Technology, Third parties, Value