I am giving the keynote for Iron Mountain’s 2019 Education Series Webinars on Thursday, February 21, 2019. This is a review of the headlines in 2018 from an information perspective, and the implications for 2019.
This is free, but registration is required.
To register, go to http://go.ironmountain.com/2019Keynote?src=website.
“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3. Can the White House refuse to let in a member of the press into the White House for being rude?
Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide. Think instead about who can deny a single individual access to information, while providing access to 190 other people.
Who is entitled to access information in your company? What controls are in place to make sure that people who shouldn’t have access don’t get access? Who determines what those controls are? Who enforces them? Is part of this culture?
Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized
What you do when an important executive is alleged to have violated company policy says a lot about your compliance program.
“Claims About Executive Tested Uber Overhaul,” The Wall Street Journal, September 27, 2018 B3. Senior executive investigated; rather than being terminated, he received a formal warning (apparently, informal was not sufficient), his bonus was reduced Why do you give bonuses to people who violate company policy?), and was required to take sensitivity training.
This at a company that had a rather sordid history of sexual harassment.
How will Uber convince its remaining employees that this time it is serious? Do you believe them? Is this an effective compliance program under the Federal Sentencing Guidelines, assuming that’s the appropriate measure?
Where’s the Board? Do they care?
Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Uncategorized
More catching up, after a mid-summer’s nap. Catching up (part 1) is here.
- The mysterious case of the non-missing purse.
Naomi Osaka Gets the Last Word,” The Wall Street Journal, September 9, 2018 (online). Serena Williams complained mightily after she was warned, penalized a point, and then penalized a game in her dispute with the umpire. She was also fined $17,000, although she still received more than $1 million for second place. Ms. Williams alleged sexism.
What does it say when a high-profile player gets penalized for several infractions, including calling the umpire a thief? What does it say, to her and to others, when she doesn’t? And from a Governance standpoint, why don’t the rules allow for the disqualification of a player for gross disrespect to the game? Losing the $1 million+ purse would have been a more appropriate penalty.
- Whose information/computer is it?“Lawsuit Tests Limits Of Bosses’ Snooping,” The Wall Street Journal, September 10, 2018 A3. Company buys an employee a computer to work from home..Employee buys software to allow him to access his work account from his new computer at home. Dispute arises, employee fired. Three days later, company accesses not only computer at employee’s home, but also information contained on 2 attached hard drives. Former employee sues.
Would it matter if the employee had retained his former employer’s confidential information on (a) the computer or (b) the hard drives? Who owns what? Reminds me of my law school exams.
- Did I resign or was I fired?
“D.E. Shaw Faces a Fight Over Statement on Firing,” The Wall Street Journal, September 10, 2018 B1. Partner of a large hedge fund, when given the option to retire at age 36, does so. Fund later says partner was fired after an internal investigation. Former partner files a complaint.
What can you say publicly about firing someone? Would it matter if the person was accused of sexual harassment, in violation of company policy?
- When did the Board know?
“CBS Board Was Warned Of Moonves Allegations,” The Wall Street Journal, September 11, 2018 A1. Directors were told about a recent lawsuit alleging sexual harassment by the now-former CEO several decades ago, 6 months before the story broke.
What did they know and when did they know it, and what, if anything did they do about it? Investigation didn’t start for several months, after a NYT article. Is that enough?
In a similar vein, “Vatican to Address Allegations Of Abuses,” The Wall Street Journal, September 11, 2018 A7. Despite knowledge of past sexual misconduct with seminarians, retired cardinal still made an adviser to the Pope. (The retired cardinal has since resigned after allegations he had sexually abused a teenager years before.) What does that say about how that institution is governed? Can you hide this type of information?
- Text message.
“Top ’60 Minutes’ Producer Departs,” The Wall Street Journal, September 13, 2018 B1. Producer who had been with CBS for 36 years, alleged to have sexually harassed at least one employee; was fired over a text message that may have been viewed as threatening a reporter who was reporting on various harassment scandals.
What was he fired for, the text or the sexual harassment? To whom does it matter? What was the culture at the top of CBS? This guy was a direct report to the CEO, Mr. Moonves.
- Is it live, or is it Memorex?
“Facebook to Check Validity of Photos, Videos,” The Wall Street Journal, September 14, 2018 B5. This is part of an effort to limit Russian interference in US elections.
It’s good to have some check on the accuracy of information. Why isn’t Facebook’s effort more wide-spread?
“Amazon Investigates Suspected Staff Bribes,” The Wall Street Journal, September 17, 2018 A1. Did Amazon employees offer to sell confidential data to independent merchants?
Are these people accused of selling Amazon’s data or your data? Don’t employees have a duty not to do thing like that? There must be a company policy. Not sure that Amazon appreciated its employees “borrowing” its business model.
- Loose lips.
“Tesla Is Subject Of DOJ Probe,” The Wall Street Journal, September 19, 2018 B1. Did CEO’s tweet break the law?
It has been suggested as much, at the time of the tweet (August 7, 2018). See Loose Lips, revisited.
“Facebook Sought Users’ Financial Data for Years,” The Wall Street Journal, September 19, 2018 B1. Facebook has been trying to get your financial information from your financial firm. Some firms severely limited what Facebook could do with information transiting the Facebook Messenger servers.
Whose information is that, anyway? If your financial firm uses Messenger, the answer may surprise you. If you use Facebook to communicate with your broker, shame on you both. See also Gee, what could go wrong?
“Unrecovered Texts Muddy Probe,” The Wall Street Journal, September 20, 2018 A3. Investigators from a major law firm in Coach Meyer probe failed to look for deleted texts. See also Caesar’s wife.
What does it say about both your Governance and your Compliance when your investigators don’t collect basic forensic data? And that the day after the probe was begun, a principal discussed how to delete old text messages? Isn’t this a basic competence question?
- Don’t be evil.
“Apps Can Scan, Share Data From Gmail Accounts,” The Wall Street Journal, September 21, 2018 A4. Google (one of whose tenets is “Don’t be evil”) lets other companies scan your Gmail account.
There is no privacy. You use their service for free and they get your information, to do with what they want.
I’ve been otherwise occupied, and have fallen behind. Forgive me, Faithful Reader(s).
- Breaking the company’s word
“UBS Disclosure Breached Confidentiality,” The Wall Street Journal, August 29, 2018 B12. A senior employee got suspended after a banker at UBS revealed the name of an investor who sold shares shortly after a public offering. Breached the standard confidentiality promises to clients.
Two main points: compliance extends beyond just the law and your company policies and procedures, to reach your breach of the company’s quasi-contractual undertakings (i.e., it’s word); and senior employees get punished, too (which is highly visible to other employees when the punishment gets made public).
- Cheating on expense account is still cheating
“Wells Fargo Probes Staff Expenses,” The Wall Street Journal, August 231, 2018 B1. Employees, including at least one managing director, suspended for falsifying receipts for after-hours meals.
Three points: Wells Fargo has a serious integrity problem; cheating on a expense report is still cheating (not a Records Management issue, but a Compliance with policy issue); and publicizing the suspension of managing directors has an impact on the muggles. (Note: it appears the managing director(s) only got suspended; lower-level staff got fired. RDHIP (“Rank Does Have Its Privileges).
- Cutting out the middleman
“Truckers Take On Digital Traffic,” The Wall Street Journal, September 6, 2018 B4. Trucking companies invest big time in technology to build brokerage operations to compete with third-party brokers.
Information has value to someone.
- Wells Fargo, yet again
Perennial Information, Governance, and Compliance poster child, Wells Fargo is back in the news again, this time following allegations that employees fraudulently added information on some customers’ statements. “U.S. Probes Wells Bankers,” The Wall Street Journal, September 7, 2018 B1.
Where to file this one, under “Dog Bites Man,” or something else?
- Governance or Compliance?
“Moonves Negotiates Exit at CBS,” The Wall Street Journal, September 7, 2018 A1. Departure of CEO accused of sexual harassment comes during contentious battle for corporate control.
You know it’s bad when this is the lead headline, above the fold, on page one. But is this enforcing policy for policy’s sake, or for some other purpose? Does it matter? Or does that depend on whether you’re the departing CEO or a shareholder?
- Using Information to intimidate
“Weinstein Is Investigated for Possible Fraud,” The Wall Street Journal, September 7, 2018 A2. Did Harvey use a secretive Israeli investigator and a white-shoe Wall Street law firm to dig up dirt on people accusing Harvey of bad deeds? Is this wire fraud, or piling on?
If the information is truthful, what’s the harm in getting and using it? Doesn’t there have to be “something else” to be a crime? Is using it to “encourage” a witness not to testify an evil motive?
“Booker’s ‘Spartacus’ Moment Thwarted,” The Wall Street Journal, September 8, 2018 A4. Senator says he will risk his Senate seat to publish confidential documents. Turns out the documents weren’t confidential.
A crime require both an mens rea (evil intent) and a bad act. But what does it say about one’s ethics when one thinks he is violating the applicable rules? Or is lying? Is it one or the other? Is this Governance, or Compliance, or Information? Or some combination?
- What do you do with a drunken sailor?
“Exits, Musk Interview Sting Tesla,” The Wall Street Journal, September 8, 2018 A1. CEO apparently smokes marijuana during live interview.
What impact does your CEO’s commission of a crime on live TV have on the share price? What impact on the rank and file employees? What is the culture on Compliance at Tesla? What does it say about the executives who left?
“Another NFL Problem: Fake Fans Lobbying the FCC,” The Wall Street Journal, September 8, 2018 A1. People use fake names to lobby a federal agency.
Is this against the law? You have the absolute right to petition your government. Do you have to use your name to do it? The Journal says, however, “Submitting fraudulent statements or representations to the federal government is a felony.” If it obviously not your name, is it still a felony, since no one was confused?
Interesting, as the information isn’t information, in the sense of being accurate; but it still is the opinion of an entity. What are the Compliance ramifications? How do you govern against this? Pass another law?
“States Ramp Up Legal Scrutiny of Tech,” The Wall Street Journal, September 10, 2018 A3. Are major tech companies banding together to suppress conservative viewpoints?
Assuming for purposes of discussion that this is true, is it wrong? What if it were the suppression of the speech from some other category, such as blacks, or Catholics, or students? Why isn’t the Federal Government asking these questions? Is this a states’ rights issue? Some Governance, some Compliance, and some Information.
“Facebook Asks Banks for Customer Data,” The Wall Street Journal, August 7, 2018 A1. “[T]o offer new services to users,” Facebook asks banks for “detailed financial information about their customers.”
I can see what’s in it for Facebook, and maybe for the banks. But isn’t this your information? Shouldn’t you have some control what the banks do with it? Are you comfortable with the controls the banks and Facebook will place on this information? It might be convenient for you, but at what risk?
Do we remember Cambridge Analytica? Will Facebook try to do this in Europe?
To whom do you complain? Your elected representative? Your bank? The state or federal regulators?
Filed under Access, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Third parties, Uncategorized, Who is in charge?
Knowledge, or lack thereof, is often a good defense.
“Fiat Says It Didn’t Know CEO was Ill,” The Wall Street Journal, July 27, 2018 B1. Company says privacy of health care information meant they didn’t know that their CEO had been sick for a year.
Who knew or should have known? Was this insider information that would affect the value of investments?
Should the Board have known? Did the CEO have a duty to disclose? For more than a year!
Governance, Compliance, and Information. All in one. Add a dash of privacy.
Filed under Access, Accuracy, Board, Communications, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Directors, Duty, Employees, Governance, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, To report, Uncategorized