Warnings v. Controls

People knew the shooter in Annapolis was a danger to the newspaper.  Employees were warned.  Police investigated his on-line comments, and determined he is not a threat.  Employees were told to call 911 if they saw him.

Five years later, he kills 5 people with a shotgun.

“Newspaper Warned About Shooter,” The Wall Street Journal, June 30, 2018 A3.

Maybe that’s why the police got there in under a minute.

Advertisements

Leave a comment

Filed under Controls, Corporation, Directors, Duty, Duty of Care, Governance, Government, Internal controls, Oversight, Third parties, To report

Facial recognition

The suspect makes his fingerprints unreadable, and doesn’t have a wallet or other ID.  Who is he?

“Controversial Facial System Identifies Suspect,” The Wall Street Journal, June 30, 2019 A3. Facial recognition used to identify the shooter at the Capital Gazette in Annapolis, where five died.  A picture was run through the drivers license data base, and up popped his license photo.

Biometrics as information?  Role of technology in information governance?

Leave a comment

Filed under Accuracy, Collect, Data quality, Privacy, Technology, Use

Compliance incentives

“CFPB Decides Not to Fine Citi on Overcharges,” The Wall Street Journal, June 30, 2018 B12.  Company failed to lower credit card interest rates for some customers when it should have.  It will refund the overcharges and fix its practices, but won’t pay a fine.

Citi self-reported, and proposed full restitution.

Would this have happened under the prior Director at the CFPB?  Or would the offense have led to a large fine as well?  To what purpose?

Leave a comment

Filed under Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, Oversight, To report

Equifax compliance education

“Former Equifax Manager Is Charged,” The Wall Street Journal, June 29, 2018 B3. To respond to the huge privacy breach at Equifax last year, the company set up a website to help some of those affected.  The former software manager setting up that website  bought some options, betting that Equifax’s stock would go down once the breach was discovered.  He faces criminal and civil charges.

Who would have thought a software engineer needed insider trading education?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, Legal, Oversight, Policy, Protect assets, Requirements

Encryption, point-to-point

“Emails Add to the Turmoil at WPP,” The Wall Street Journal, June 29, 2018 B2. A company technician recovered  WhatsApp messages from the phone of a former employee; these messages were then sent by encrypted email to a few employees.  Technician who recovered the messages has also left the company. [BTW, messages on WhatsApp are encrypted point-to-point, but are recoverable from a device that received them.]

What happens to messages on your company phone when you leave?  Do you care?  Do you use encryption  to send messages anonymously?  Why?

These messages were in an account used to coordinate the former CEO’s travel.  And maybe for other stuff.  The CEO already resigned.

 

Leave a comment

Filed under Access, Communications, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Policy, Privacy, Protect assets, Security

EU comes West

“Sweeping Privacy Bill Passes in California,” The Wall Street Journal, June 29, 2018 B1.  State law gives us the right to not share our data online, and to prohibit the sale of that information.  Downside: it may cost you more.

This will be hugely disruptive for online businesses.  But it does get to the question: “Who owns ‘your’ data?”

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Ownership, Privacy, Value

What you have, where you have it

A common starting point to information governance projects is to determine what information you have and where you have it.  Then you can start to manage it. But what happens if you don’t know what you have nor where you have it?

“Facebook Struggles to Find User Data,” The Wall Street Journal, June 28, 2018 B1. “The company can’t track where much of the [user] data went after it left the platform or figure out where is it now.”

A lot of the information is or was with app developers that are now out of business.  What happened to your/Facebook’s/their data?

Sure is easier to figure this out going forward than it is to figure out what happened between 2007 and 2015.  Especially if disclosure of some of that information is blocked by the government in far-off lands.  Or if the app developers don’t fancy having Facebook root through their servers and discovering their business secrets.  Or if Facebook doesn’t have a contractual right to get this information.

Sure would be easier if they’d had the proper controls in place at the time.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Ownership, Ownership, Privacy, Protect assets, Security, Third parties, Vendors