Technology

Subscribe to Technology

Bethany Lukitsch of McGuireWoods runs down what the new regulations mean for companies based in California and beyond.

CCBJ: The California Consumer Privacy Act (CCPA) takes effect January 1, placing new data protection and user requirements on businesses that collect or sell consumers’ personal information. What do the new regulations mean for companies doing business in California?

Bethany Gayle Lukitsch: It’s important to keep in mind that this statute doesn’t just affect companies that are physically present in California but a much broader, more universal group of companies. In fact, any company that touches or does business with a California consumer is likely going to be covered by the act. The act has broad definitions and will have significant impact on the way companies in the United States and even foreign companies do business with California residents. If companies haven’t started to pay attention to the CCPA and what it means for their business, they need to immediately turn their attention and do so.

Remarks as recent as late September from the California attorney general’s office suggest they are ramping up their enforcement team. While they are not able bring enforcement actions until summer of next year, they have said


Continue Reading

Software dips below the surface to mine the unconscious patterns in written communications.

CCBJ: Tell us about KeenCorp.

Andrew Fastow: KeenCorp is machine learning software that identifies risks faster than the current suite of tools by measuring internal communications, like emails and text messages, among groups of employees. It’s not looking for keywords. It’s looking for changes in tension level and connectedness. This metric is extremely highly correlated to risk, so when something risky is going on, tension levels rise, and the software picks it up.

It is based on a science called psycholinguistics and works much like voice inflection and body language. If you’re married or have a very good friend, you probably know when that person is tense even if they tell you everything’s fine. It’s because our brains have trained themselves to measure patterns. For someone you are very close to, your brain knows their speech, voice inflection and body language patterns, and your brain is able to subconsciously pick up any changes in those patterns.

This software is analogous to that. People’s writing patterns unconsciously change when the tension and connectedness levels change. When people are writing in a natural language environment, if they are more tense or if they are disconnecting from the situation, the software will pick it up because their patterns change. An annual report is an example of what’s not natural language communication. That’s very scripted. Emails are natural language communication.

One of the most frequently heard comments among directors when there’s a problem is, “Why didn’t we know about this sooner?” KeenCorp solves that problem. Using KeenCorp allows legal staff, risk managers, HR, management, and directors to find out about and resolve problems before they become government enforcement actions, lawsuits, a short-seller attack, the loss of valued employees, or a social media disaster.

Earlier risk identification leads to better outcomes for companies. Examples of risks that have been uncovered by the KeenCorp software include safety risk, harassment risks, gender and diversity issues, retention issues, financial fraud, compliance, change adoption, project management or project health, and management alignment.

What drew you to KeenCorp, and what is your role?

I am a consultant working on strategy and marketing, and I have invested in the company. I spent significant time searching for tools that companies could use to help identify risks that they were not seeing. As I spoke to more and more directors, risk managers, HR people, all of them seemed to say the same thing using slightly differ-ent words: “The thing that keeps me awake at night is the thing that I don’t know about.” This was the best new tool to identify those unknown risks.

If KeenCorp software had been available and had been used by Enron from 1999 through 2001, the Enron scandal would not have happened. Unfortunately, I cannot change the legacy of Enron. I’m ashamed and embarrassed about that. I believe what I did was wrong. What I hope to do is layer a legacy on top of it that I was part of the solution to the problem, and I see KeenCorp as a linchpin to the solution.

How does the technology work? What intelligence can it offer employers?

The software goes through several steps. First, it an-onymizes all of the emails, all of the text messages, so there’s no ability to trace back to the original authors of any particular communication. All the personal informa-tion is blanked out: names, dates, etc.

Second, it groups employees into categories that the company determines. You can group employees in differ-ent ways to get different insights. For example, let’s say sexual misconduct is an issue, so you want to know if any groups, by gender or location or function or department, are sending off a signal that something is not quite right. The software can sort the information in a variety of ways and show whether those groups are behaving differently than other groups.

Third, it measures the patterns in those emails. Again, it is important to note that the software is not reading emails for content or specific words, like “fraud” or “mon-ey launder.” It’s evaluating if changes in patterns are occurring and measures those changes as differences in the level of tension and connectedness.

What I mean by “connectedness” is when a person personally involves themselves in the way they write. If a manager were to write, “At my Monday morning staff meeting, I presented this quarter’s financial statements,” that is different than if this manager wrote, “At the staff meeting, financials were reviewed.” In one case, the man-ager is taking personal ownership but not in the other. That’s one of the thousands of signals given off by the way people write.


Continue Reading

For a third consecutive year, Corporate Counsel Business Journal co-hosted a roundtable series on global risk with longtime contributor Clifford Chance, which provided subject-matter expertise and helped facilitate three dinner discussions with an esteemed group of general counsel and chief compliance officers.


Continue Reading

Charlie Platt, Director of Data Analytics for iDS, resumes his Ethical Hacker column with a piece on how reducing cyber risk can get in the way of your business – that is, if your rules lack flexibility. The best way to implement successful cyber risk programs without hurting your business, he says, is to design them to adapt to dynamic business requirements by providing an approved exception process.

It’s been a while since I’ve been on these pages. I’ve missed it and it’s good to be back. One big change is that I’m now also focused on data analytics in addition to cybersecurity. I will be heading up the Data Analytics practice at iDS and Robert Kirtley is heading up the Cybersecurity practice. Together we will be talking about how data analytics and cybersecurity go hand in hand, and how we can assist each other in achieving great results for our clients.

In light of that new focus, I’d like to tell you about a project I recently worked on for a client. While on the surface our work was focused on data, there were strong undercurrents of cybersecurity throughout the project. We were engaged to assist the client
Continue Reading

Michele Schochet, Director of Corporate Information Security with Facebook, discusses the corporate culture that drives one of the biggest tech companies in the world forward, including the increasingly important role that women play in computer engineering.
Continue Reading