IT, Privacy and Security
With the highly anticipated release of its Guidelines on the National Security Review of Investments, the Canadian government has finally shed some light on circumstances which may draw investors and parties involved in the investment into the realm of a national security review.
I did a video with Joe McCafferty of MISTI last month. I am interested in whether you share my views. I also have some questions for you—after you watch the video.
Biometric authentication is becoming increasingly common. Smartphones and computers use it, banks have started to use it, and recently MasterCard began rolling out “selfie pay” allowing users to authenticate online payments by using their face at the point of sale. Biometric authentication refers to the validation of a user’s identity by measuring physical or behavioral characteristics. Biometric samples may include fingerprints, retinal scans, palm scans, face and voice recognition.
A blockchain is a peer network of nodes that use a distributed ledger that can be used to track transactions involving value including money, votes, property, etc. The most well-known application of blockchain technology is bitcoin. Transactions on a blockchain are not regulated by any central counterparty: the individuals involved in a given transaction provide their information (including personal information), a record is created that can be verified by nodes in the network. In this sense, the users forming the community act as their own regulators.
While the new record-keeping requirements are relatively straightforward for corporations with just a few “ownership interests” in real property, corporations with significant interests, such as those involved in property development, face a much more onerous task. It is therefore recommended that Ontario corporations begin preparing the register as soon as possible to gather the required information and to establish a common practice.
Can a company which provides a corporate e-mail account to a contractor, and then gets into a legal dispute with that contractor, use the contractor’s emails in that corporate account in the litigation? The answer appears to be no, in certain circumstances.
I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.
James Lam has an impressive resume: Chief Risk Officer for major financial institutions, author of a respected book on ERM, consultant, and board member. Recently, he wrote a white paper that is available through RIMS or Workiva, Next Frontier: Performance-Based Continuous ERM. I think it is fair to say that James and I agree on many points but disagree on others.
If someone asked you “where” your cloud storage is, would you know the answer? The “cloud” is the common term used when data is stored remotely but yet accessible (to your multiple devices) through the internet. Given that the data is now ‘remote’ we often receive questions from clients as to whether keeping books and records in this way meets their obligation under the Income Tax Act.
When potential material weaknesses are discovered during SOX or internal audit testing, my suggestion is to review the issue with the legal function. They can advise the CEO and CFO whether this should be disclosed as part of the Section 302 certification. This new front is clearly starting to open. Don’t let it pull you under.
Many people feel that New Year’s resolutions are passé, particularly since so many resolutions go unachieved each year. But, a resolution is essentially a plan to tackle something of importance, and planning is often half the battle. The following are 4 resolutions that can help strengthen charities and other not–for–profits in 2017.