Category Archives: Uncategorized

Gee, what could go wrong?

“Facebook Asks Banks for Customer Data,” The Wall Street Journal, August 7, 2018 A1. “[T]o offer new services to users,” Facebook asks banks for “detailed financial information about their customers.”

I can see what’s in it for Facebook, and maybe for the banks.  But isn’t this your information?  Shouldn’t you have some control what the banks do with it?  Are you comfortable with the controls the banks and Facebook will place on this information?  It might be convenient for you, but at what risk?

Do we remember Cambridge Analytica?  Will Facebook try to do this in Europe?

To whom do you complain?  Your elected representative?  Your bank?  The state or federal regulators?

Advertisements

Leave a comment

Filed under Access, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Third parties, Uncategorized, Who is in charge?

We didn’t know

Knowledge, or lack thereof, is often a good defense.

“Fiat Says It Didn’t Know CEO was Ill,” The Wall Street Journal, July 27, 2018 B1.  Company says privacy of health care information meant they didn’t know that their CEO had been sick for a year.

Who knew or should have known?  Was this insider information that would affect the value of investments?

Should the Board have known?  Did the CEO have a duty to disclose?  For more than a year!

Governance, Compliance, and Information.  All in one.  Add a dash of privacy.

Leave a comment

Filed under Access, Accuracy, Board, Communications, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Directors, Duty, Employees, Governance, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, To report, Uncategorized

Cybersecurity

Interesting piece in the Journal Report on Cybersecurity on May 30, 2018.  Even a quick read provides some helpful context.

Some of the headlines:

Leave a comment

Filed under Protect assets, Security, Uncategorized

Departure – Wells Fargo

For those of you who want a fuller history of the Wells Fargo case(s), here’s a link to a solid piece from the D&O Diary.

https://www.dandodiary.com/2018/05/articles/securities-litigation/wells-fargo-settles-phony-account-securities-suit-480-million/

 

Leave a comment

Filed under Uncategorized

Shameless

A small promotional message.  I was honored to provide a presentation at the ARMA Spring Conference in Houston yesterday.  The title of the presentation was “Headlines: A Year’s Worth of Information Governance Failures.”

The presentation described the top seven IG failures since April 25, 2017, and then discussed other headlines that fell into a number of buckets.  The source materials were the headlines from this blog in the last year, pulled from the Archives.

If you want to see and hear a rough draft of the presentation, or to just see the slides, go to www.LiipfertConsulting.com/articles.

 

Leave a comment

Filed under Uncategorized

Google this

“Google’s Practices Threaten Privacy, Too,” The Wall Street Journal, April 23, 2018 B1. Google’s practices may expose more information related to you.

What is you information worth to you?  What is it worth to someone else?  Who profits? What controls are in place and how effective are they?

Do you read their policies?  Do you care?

Leave a comment

Filed under Access, Analytics, Controls, Information, Ownership, Privacy, Third parties, Uncategorized, Value

Routine teaching case

“Insider Trade Alleged After Equifax Breach,” The Wall Street Journal, March 15, 2018 B1.  The CIO of an Equifax unit indicted for insider trading after learning of the Equifax hack, but before that information was disclosed.  Sold nearly $1 million in stock 10 days before the disclosure.

This reminds me of the lawyer who approved the sale by some Equifax execs of some stock after the breach but before disclosure.  See post here.  Those executives have since been cleared, as they didn’t know of the breach at the time of the sale.

The company said it had cooperated in the investigation (no doubt having re-read a copy of the Yates memo).  The defendant had been promoted to be Equifax’s CIO before the trading was discovered, at which time the offer was “rescinded.”  He hadn’t been told about the breach, but figured it out.  Avoided $117,000 in losses.  But not getting fired and indicted.

 

Leave a comment

Filed under Access, Compliance, Controls, Duty, Employees, Governance, Internal controls, IT, Oversight, Security, Uncategorized