With the Massachusetts Data Privacy Law now in place (and presumably you are in compliance with it), you need to think about what to do if you have an incident. Verizon has published the Verizon Incident Sharing Framework to help. Our goal for our customers, friends, and anyone responsible for incident response, is to be able...
Read more »

One of the features of the new Massachusetts Data Privacy Law is that it forces some knowledge management on companies in the context of data breaches. Since the law required compliance on or before March 1, 2010, I assume you already have the policy and safeguards in place. That is, if you have social security...
Read more »

March 1 is the compliance deadline for the Massachusetts Data Privacy Law. 201 CMR 17.00 requires you to be in full compliance on or before January 1, 2009 January 1, 2010 March 1, 2010. If your company receives, stores, maintains, processes or otherwise has access to “personal information” acquired in connection with employment or with...
Read more »

Here are some interesting compliance related stories from the past week: List of Troubled Banks at 16-Year Peak, F.D.I.C. Says by Eric Dash in the New York Times After weathering the nation’s worst run of bank failures in nearly two decades, the Federal Deposit Insurance Corporation announced Tuesday that it had added 450 institutions to its...
Read more »

The SEC has charged Daniel Bonventre, Madoff’s Director of Operations, with securities fraud. “According to the SEC’s complaint, Bonventre was responsible for the firm’s general ledger and financial statements that were materially misstated because they did not reflect the manner in which investor funds were maintained and used. Bonventure ensured that BMIS financial reports did...
Read more »

The Securities and Exchange Commission voted to issue a statement that lays out its position regarding global accounting standards. They want to make it clear that “the Commission continues to believe that a single set of high-quality globally accepted accounting standards would benefit U.S investors.” By 2011, the SEC will decide whether to incorporate IFRS...
Read more »

Mary C. Gentile put together a great piece on how to challenge unethical behavior at work in the March issue of the Harvard Business Review: Keeping Your Colleagues Honest. She starts with four rationalizations for staying silent when encountering an ethical problem: It’s standard practice. It’s not a big deal. It’s not my responsibility. I want to be loyal. The...
Read more »

So you write a blog post about the fiduciary duty of financial service providers to their clients. Actually, the real story is about the lack of fiduciary duty that brokers have to their customers. Then an SEC Commissioner chimes in. Tara Siegel Bernard writes for New York Times blog, Bucks: Making the Most of Your...
Read more »

Dow Jones and Ethisphere put on a great conference addressing ethics and compliance professionals. The Global Ethics Summit 2010 had a stellar line up of panels and presenters. As with most conference’s it lacked power and wifi access. Fortunately, my company’s sturdy laptop battery and AT&T wireless access card allowed me to live blog from...
Read more »

I am attending the Global Ethics Summit 2010, hosted by Dow Jones and Ethisphere. Here are my notes, live from this session: When trouble arises, one of the factors prosecutors consider during an investigation is the existence of a strong compliance program. Recently proposed amendments to the Federal Sentencing Guidelines would formally lower the sentencing...
Read more »

I am attending the Global Ethics Summit 2010, hosted by Dow Jones and Ethisphere. Here are my notes, live from this session: What’s the best course of action when addressing a regulatory inquiry? Many have suggested that having a better than average compliance program to showcase will certainly help your case. But what are some...
Read more »

I am attending the Global Ethics Summit 2010, hosted by Dow Jones and Ethisphere. Here are my notes, live from this session: How much should a company be disclosing to shareholders, investing communities, regulatory authorities and customers about its compliance program and other ethics-related activities? What risks does a company shoulder when it takes a...
Read more »