Yes, Richard, I was watching some of that on the BBC News channel/webcast and found it difficult to believe. I've always viewed in-house lawyers in my organisations as friends to stop me getting into trouble and, whereas the standard risk analysis is a RAG categorisation of red-amber-green for high, medium and low business risks, I added a fourth in my own infosec team (although I don't think I had cause to use it): black (borrowed from the F1 black flag), which was essentially saying "stop, you can't do that, it's illegal! But I would be thinking of things that, for example, breached the GDPR, FSA regulations or MiFID reporting, not a criminal failure to disclose information to a defence counsel in court!I'm interested that a senior lawyer didn't think of talking to a non-exec board member about their concerns. I think that's something that's been suggested by senior lawyers at several seminars I've attended for infosec and data privacy specialists when in the past senior execs haven't taken those issues seriously; that, of course, has changed now with all the publicity around ransomeware attacks and data leaks by hackers.I can understand from a commercial point of view the PO and Fujitsu wouldn't want to broadcast system defects publicly from a reputational and system vulnerability aspects (that might create real security and fraud possibilities!), but to mislead a court by failing to disclose "anomalies" is, er, criminal?And, as the CEO, irrespective of what else she did or didn't do, shouldn't she have been getting Fujitsu and the PO heads of IT, marketing, legal and operations - and possibly Second Sight - in the same room to get to the bottom of it rather than just relying on pinging emails around about it?
Michael Ixer ● 394d