Categories
Data Driven Compliance

Data Driven Compliance: Sherlock Holmes on Pattern Recognition in Data-Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I take a solo turn to talk about data analytics and pattern recognition for the compliance professional in the context of the Sherlock Holmes short story, The Adventures of the Dancing Men. For a deep dive into the story, check out the episode on my Sherlock Holmes pod, Adventures in Compliance.

In this story, Holmes decodes stick figures to solve the mystery. One of the tools he uses is pattern recognition, which plays a pivotal role in data-driven compliance programs, serving as a tool to identify anomalies and potential compliance issues. It involves the systematic observation of data to identify recurring elements or trends, even in seemingly random data, and interpreting these patterns within the appropriate context to provide meaningful insights. The importance of this process for the compliance professional cannot be overstated.

Pattern recognition requires both creativity and flexibility, and it can help predict future outcomes, optimize processes, and inform decision-making in compliance programs. I also discuss the significance of an iterative approach, which involves continuous improvement based on new information and collaboration with others to enhance analytic capabilities and gain deeper insights. Check out this most unique and interesting episode of the Data-Driven Compliance podcast, where Sherlock Holmes instructs the modern compliance professional on Data-Driven Compliance.

 Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Innovation in Compliance

Innovation in Compliance – Jeff Grant on The 400th Meeting of The White Collar Support Group

Innovation comes in many areas and compliance professionals need to not only be ready for it but also embrace it. Today, I visited Jeff Grant, a compassionate leader and the founder of a white collar support group, a platform dedicated to assisting individuals prosecuted for white collar crimes and their families.

Jeff’s perspective on the importance of such support groups is shaped by his extensive experience going through the full white collar criminal experience, including jail, disbarment, release, and recovery. He has organized over 400 meetings, creating a safe space for individuals to share their experiences and challenges. Jeff views these groups as a vital resource, filling a significant gap in the criminal justice system by providing knowledge, empathy, and compassion to those who have been isolated and stigmatized. His advocacy for the rights and leniency of individuals prosecuted for white collar crimes is driven by his desire to bring their complex human tragedies to light and promote noncustodial sentences for low-level and nonviolent crimes. Through his work, Jeff continues to expand the impact of these support groups, viewing them as a lifeline for those navigating the challenges of the impact of  their white collar crimes.

Key Highlights:

  • The 400th Meeting
  • Supporting Families of White Collar Criminals
  • Transforming Lives Through Spiritual Guidance
  • Supporting White Collar Crime Victims and Advocacy

Resources:
Jeff Grant on LinkedIn | Twitter
Grant Law
Prisonist.org

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: What The Pandemic Changed for Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the ongoing trends that accelerated during the pandemic year of 2022 and how these changes have impacted compliance literally forever.

These changes include:

  1. Compliance Convergence
  2. Public/private partnership in the ABC fight
  3. Data, Data, Data
  4. Compliance as an ethical & business advantage

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Daily Compliance News

Daily Compliance News: February 13, 2024 – The Quiet Hiring Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • What is quiet hiring?  (FT)
  • Xi’s never-ending corruption hunt. (BBC)
  • More Ohio state charges in the FirstEnergy corruption scandal. (WSJ)
  • A Huawei killer. (WaPo)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

Solar Winds Under GDPR: Corporate Responsibility and Risks in Data Protection

The General Data Protection Regulation (GDPR) has significantly changed how organizations handle data protection and privacy. It emphasizes the importance of transparency and honesty in disclosing data breaches and vulnerabilities. In a recent episode of the podcast Life with GDPR, Tom Fox and Jonathan Armstrong from Cordery Compliance discussed the topic of corporate responsibility and risks in data protection, with a particular focus on the SolarWinds case.

To recap, in late 2023, the SEC filed a lawsuit against SolarWinds Corp and its CISO, Tim Brown, following the 2020 data breach, bringing the issue of executive liability in cybersecurity disclosures to the forefront. The lawsuit raised important questions about the personal liability of senior executives for inaccurate risk disclosures and has potential implications for other industries under US securities law.

The 2020 breach, orchestrated by Russian hackers, targeted SolarWinds’ software, Orion, and exposed highly sensitive information. The hackers gained access to SolarWinds and planted spyware in the Orion program. SolarWinds then distributed an update to its corporate customers, unknowingly spreading the Russian spyware. This allowed the hackers to access the highest levels of the US government and major corporations.

The SEC’s lawsuit against SolarWinds and Tim Brown focused on the poor disclosures about the company’s information security throughout 2018, 2019, and 2020. While SolarWinds publicly claimed to have good cybersecurity, internal communications revealed that employees were aware of the company’s cybersecurity issues and considered them a mess. This discrepancy between internal knowledge and external disclosures formed the basis of the SEC’s allegations.

The SEC complaint alleged that SolarWinds’ public statements about its cybersecurity practices and risks were at odds with its internal assessments, including a 2018 presentation prepared by a company engineer and shared internally, including with Brown, that SolarWinds’ remote access set-up was “not very secure” and that someone exploiting the vulnerability “can do whatever without us detecting it until it’s too late,” which could lead to “major reputation and financial loss” for SolarWinds. Similarly, as alleged in the SEC’s complaint, 2018 and 2019 presentations by Brown stated, respectively, that the “current state of security leaves us in a very vulnerable state for our critical assets” and that “[a]ccess and privilege to critical systems/data is inappropriate.”

Beyond this SEC enforcement action, there were other implications as well. One key takeaway from the episode is the pressure on corporate leaders, including CISOs, Data Protection Officers, and Compliance Officers, to disclose data breaches promptly. While GDPR offers some protection to Data Protection Officers, they are not entirely exempt from liabilities. The SolarWinds case serves as a reminder of the need for specific and timely disclosure of breaches and the importance of addressing system vulnerabilities.

The risks associated with data breaches are not limited to regulatory fines. Litigation risks are a significant concern for organizations, with shareholders and whistleblowers potentially seeking legal action. The episode highlights the importance of transparency and not misrepresenting information to regulators. Misrepresentations can lead to severe consequences for individuals in positions of responsibility within corporations.

Budget constraints can also hinder the timely fixing of vulnerabilities, ultimately leading to breaches. Organizations need to take proactive measures to identify and address vulnerabilities promptly. Realistic resource assessments are crucial to ensuring that adequate resources are allocated to data protection efforts. Additionally, having adequate insurance protection, such as Directors and Officers (D&O) insurance, can help protect individuals in positions of responsibility from potential liabilities.

The episode also emphasizes the need for organizations to consider the impact on their stock exchange filings when deciding whether to disclose a data breach. The decision to admit a violation of a stock exchange can be challenging and depends on factors such as materiality. Organizations need to assign a dedicated team to consider these factors, mainly when engaged in transactions like mergers and acquisitions or fundraising.

Transparency and honesty are key principles in data protection and privacy. Audit reports and investigation findings must be acted upon promptly to address vulnerabilities. Emails and other forms of communication can serve as evidence in legal proceedings, highlighting the importance of careful communication within organizations.

The potential for litigation is significant in data breach cases. Shareholders may seek legal action if they believe the value of their stock has been affected. Whistleblowers, incentivized by various jurisdictions, may also come forward with information. This highlights the need for organizations to maintain a culture of transparency and integrity and for individuals to review their remuneration packages to avoid conflicts of interest.

In conclusion, GDPR, corporate responsibility, and risks in data protection are interconnected. Organizations must prioritize transparency, honesty, and timely disclosure of breaches and vulnerabilities. Proactive measures, realistic resource assessments, and adequate insurance protection are crucial to mitigating risks. By considering the impact on stock exchange filings and maintaining a culture of integrity, organizations can navigate the challenges associated with data protection and privacy in the GDPR era.