As I begin to catch up, here’s a quick summary of some of the week’s information governance headlines.
- “FTC Approves Roughly $5 Billion Facebook Settlement,” The Wall Street Journal, July 13, 2019 (online). Violation of prior consent order involving user privacy leads to big fine and additional controls. Privacy, Governance.
- “U.S. Reaches $1.4 Billion Opioid-Drug Settlement With U.K.’s Reckitt,” The Wall Street Journal, July 12, 2019 (online). Drug company misleads as to the safety of its product and pays the price.
- “Google Contractors Listen to Recordings of People Using Virtual Assistant,” The Wall Street Journal, July 12, 2019 (online). Who’s listening to what you tell your Google Assistant? Somebody.
“Schools Wrestle With Privacy of Digital Data Collected on Students,” The Wall Street Journal, July 11, 2019 (online). Who owns the data, and what rules govern? How long do schools keep disciplinary information.
“Kim Darroch Resigns as U.K. Ambassador to U.S. After Leaked Cables,” The Wall Street Journal, July 11, 2019 (online). Loose lips sink ships.
“PG&E Knew for Years Its Lines Could Spark Wildfires, and Didn’t Fix Them,” The Wall Street Journal, July 11, 2019 (online). When you have information, you need to use it appropriately. No playing ostrich.
“D.C. Attorney General Sues Marriott Over Fees,” The Wall Street Journal, July 10, 2019 (online). Bad week for Marriott. Adding undisclosed fees to your advertised rates – it that deceptive? Who governs when information is hidden?
- “Marriott Faces $124 Million Fine Over Starwood Data Breach,” The Wall Street Journal, July 10, 2019 (online). Less than British Airways, but still a lot. Marriott should have done a better due diligence before buying Starwood. Privacy is pricey.
Between visiting my kids in Hong Kong and moving from Houston to Austin, I haven’t posted to my blog since late May. I am starting up again, but the online version of print editions of The Wall Street Journal only goes back to July 9. So I am a bit resource-constrained.
I will go back and capture some of the major relevant stories since July 9, but it’s probably more important to get in the routine of doing the daily posts again.
“Potential Facebook Settlement With FTC Likely to Include WhatsApp,” The Wall Street Journal, May 3, 2019. Privacy settlement over misuse and disclosure of users’ information may include WhatsApp, but maybe not Instagram.
The government steps in to apply privacy protections to Facebook and its subparts. That’s potentially good for your information security. The fines (rumored in the $5 billion range) may be the least of it.
Governance. Privacy. Information.
“U.K. Prime Minister Theresa May Fires Defense Secretary Gavin Williamson Over Huawei Leak,” The Wall Street Journal, May 2, 2019. He allegedly leaked sensitive information about the use of Huawei equipment in the UK’s 5G network.
One wonders what will happen if the equipment leaks, too.
Information. Security. Compliance. Governance.
Questions and answers are information, no doubt. But who controls what questions can be asked?
“Supreme Court Reveals Deep Divisions on 2020 Census Citizenship Question,” The Wall Street Journal, April 24, 2019. The Supremes to decide whether it’s okay for the Census to ask whether the responder is a citizen.
Leaving aside the political implications, one ponders not whether asking the question is a good idea but whether the Secretary of the Department of Commerce has the power to ask this question and, if so, whether that power has been properly exercised. That is the Governance question. Versus whether it is a good idea to ask the question.
On April 23, I gave a presentation to the ARMA Houston Spring Conference on “Information Governance Trends 2018-2019.” A copy of my slides, a draft version of the slides-plus-audio, and a spreadsheet with the 300+ headlines from The Wall Street Journal that were the source for this blog and be found at http://liipfertconsulting.com/news.html.
This stuff is all around us.
“Computer Attack Knocks Weather Channel Off the Air,” The Wall Street Journal, April 19, 2019. Ransomware strikes again.
Is there a trend on ransomware attacks? Norsk Hydro then Weather Channel? What does this show? Vulnerability of companies and TV channels to ransomware attacks?
“Behind Vale’s Deadly Dam Collapse: Multiple Warnings That Went Unheeded,” The Wall Street Journal, February 25, 2019. Inspectors failed to report and company failed to listen.
Does anyone in your company ignore or avoid the controls put in place to prevent “bad things”? Here, the inspections were to prevent the collapse of the dam, which killed a bunch of people. If they do it for dam inspections, one can assume they aren’t better about your controls and processes on information.
How can you confirm that your controls are working?
I am giving the keynote for Iron Mountain’s 2019 Education Series Webinars on Thursday, February 21, 2019. This is a review of the headlines in 2018 from an information perspective, and the implications for 2019.
This is free, but registration is required.
To register, go to http://go.ironmountain.com/2019Keynote?src=website.
“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3. Can the White House refuse to let in a member of the press into the White House for being rude?
Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide. Think instead about who can deny a single individual access to information, while providing access to 190 other people.
Who is entitled to access information in your company? What controls are in place to make sure that people who shouldn’t have access don’t get access? Who determines what those controls are? Who enforces them? Is part of this culture?
Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized