“Germany Slaps Data Curbs on Facebook,” The Wall Street Journal, February 8, 2019 B3. Germany accuses Facebook of abuse of a dominant position and restricts Facebook’s use of your information.
So, a government can impose controls on use of your information that you can’t. And hits Facebook in its pocketbook.
What if France or China or the US takes a different position, or the same position? How do you comply with the laws of the multiple jurisdictions in which you operate?
Information, Governance, and Compliance, all at once.
“Recording Toppled Herbalife Boss,” The Wall Street Journal, February 8, 2019 B2. CEO resigned after a decade-old recording surfaces where he said to ignore a company policy on expense reporting. He was CFO at the time.
What does it say when the CFO of a company tells others to ignore expense reporting policies? What does it say that nobody mentioned this to the Compliance folks? What was the culture at that company?
The fact that the conversation was recorded says something else about the culture, eh?
Governance. Information. And Compliance.
“Bezos Accuses Tabloid of Blackmail,” The Wall Street Journal, February 8, 2019 A1. Did the National Enquirer blackmail Jeff Bezos with compromising photos? Is it okay to tell people not to search for the leaker?
Mr. Bezos published the correspondence from the National Enquirer, thereby destroying any value of the information to the alleged blackmailer.
What’s the value of Information? How did Mr. Bezos’ emails get hacked (Governance/Compliance)? Why was this photo ever taken?
How does blackmail differ from reporting? Especially given the now-broken story of Mr. Bezos’ divorce?
If you’re told of a risk of failure, but discount it, you can be in real trouble if the warned-of-risk happens.
“Company Was Told Of Risks To Dam,” The Wall Street Journal, February 7, 2019 A1. Report from months before dam collapse warned of those risks. Report was from an independent safety inspector who also acted as a consultant for the company. No conflict there, apparently.
Who do you get your information from? Were you right to continue to operate in light of the risk? Was your decision reasonable, when viewed in hindsight after 150 people are killed?
Information (risks are information, too) and Governance (did you use the information correctly?) and Compliance (is a safety inspector still independent if you’re also using them as a consultant?).
“Troubles Grow for Top Virginia Officials,” The Wall Street Journal, February 5, 2019 A3. After a blackface photo emerges in a 1984 medical school yearbook, and sexual assault allegations are made, Virginia’s senior politicians are scrambling.
What happens when old news becomes current news? Who makes the decision whether rules were violated, and who should be punished, and how?
So, Information (the old photo and the allegations – history is information, too), Governance (who decides, the voters or the incumbent politicians?), and Compliance (handling allegations of criminal behavior).
“HIV Status of More Than 14,000 People Leaked in Singapore Data Breach,” The Wall Street Journal, January 29, 2019. The partner of a doctor with access to the records released the information after he was deported.
How do you keep your employees from leaking sensitive data to their partners? How do you prevent those partners from disclosing that information?
Principally a Compliance and an Information point, although one could argue there’s some Governance.
“Two Groups Account for $1 Billion in Cryptocurrency Hacks, New Report Says,” The Wall Street Journal, January 29, 2019. The suspected hackers are still active, and there are many others as well.
Willie Sutton, when asked why he robbed banks, reportedly said (but personally denied saying, but why believe him?), “Because that’s where the money is.”
Cryptocurrencies, like bitcoin, are Information, in a sense, with a monetary value. Protection of such currency in place, in a digital world, is Governance (you have a fiduciary duty to protect the assets entrusted to your care), and Compliance (with law and with company policy). So, security is a bit Governance and a bit Compliance.