“Senator Releases DNA Test Results,” The Wall Street Journal, October 16, 2018 A4.  Senator Elizabeth Warren released DNA results about her ancestry.

Facts are facts.  And labels are labels, and not necessarily facts.  How much of a certain DNA do you need to have to be a minority, entitled to affirmative action?

So, the blood results are information.  But who has the power to decide who is and who is not a Native American?  Are labels just short-hand opinions?  And, as opinions tend to do, are either right or they’re wrong, with the actual facts determining the actual truth or falsity.


Leave a comment

Filed under Analytics, Data quality, Definition, Information


“Delete Old Digital Haunts,” The Wall Street Journal, October 15, 2018 B4.  A how-to guide on how to clear out the electronic information and the applications you don’t use any more.

Part of information governance is getting rid of data that we no longer need (and that is no longer required by law) – goes by the catchy title Defensible Disposal.  A part of governance is how we manage this (or not) in our own lives.  If you don’t do it in your own life, how can you be expected to do it at work?

Leave a comment

Filed under IT, Security, Records Management, Controls, Internal controls, Technology

Sexual assault

I hesitated to discuss the Kavanaugh hearings as an information governance teaching case, due to the raw political nerves.  Another case presented itself.

“A Sexual-Assault Claim Spotlights National Dilemma,” The Wall Street Journal, October 15, 2018 A1.  A state employee in New Jersey promptly reported an assault to the police, and even wrote to the governor and his wife.  The alleged assailant also works for the state.  The matter was investigated, but the state did not prosecute the alleged assailant.

How does the victim document and prove an assault?  What evidence, beyond her word, is required to secure a conviction?  Immediate outcry?  DNA results?  Video?  Is the absence of information itself information?

How does the alleged assailant establish his or her innocence?  How does the state investigate and how does it decide whether to prosecute?  How does the judge or the jury decide, based on what evidence?  What documents and policies govern the process?  How do we protect the privacy of the complainant and the defendant until a verdict is rendered (and beyond)?

I know this may seem to have wandered rather far afield from the focus of this blog.  But this involves serious questions around Information, and Compliance, and Governance.  If we agree the system isn’t working, how do we propose to fix it?  What controls can we put in place, beyond talking to our sons and daughters?  How do we establish a process that protects the rights of everyone?


Leave a comment

Filed under Compliance (General), Controls, Definition, Duty, Governance, Information, Internal controls, Privacy, Third parties

Facebook again. Plus or minus 20 million.

“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1.  Data exposed between July 2017 and September 2018.  But thankfully only affected 30 million users, not the 50 million users originally feared.  It only took 2 days to stop it after it was discovered.  A flaw in the computer code opened a door.

The decrease in the number of affected users was reported in a blog post.

Does this mean that a defective product was released into commerce?  So who pays how much to whom?

Leave a comment

Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology

Apple watch

“Turkey Says Journalist’s Killing Was Recorded,” The Wall Street Journal, October 12, 2018 A1.  Turkey alleges audio and video demonstrate that Jamal Khashoggi was killed in the Saudi consulate in Istanbul.

Was this captured in part on his Apple Watch?

Do we lose sight of the places where information can be found?  How would (or do) we control this  in our organization?  A visitor who wears a watch?

Leave a comment

Filed under Controls, Information, Interconnections, Internal controls, IT, Security, Technology, Third parties

Hiding another ball

“HSBC to Pay $765 Million in U.S. Pact,” The Wall Street Journal, October 10, 2018 B12.  Bank hid the risks of defective mortgages for at least 2 years.  Sold mortgaged-back securities in the meantime.

“Wells Fargo … [paid] $2.09 billion to settle similar claims.”  Four other banks also settled.

Why do we keep our money in banks?  Weren’t they supposed to be safe?  What does it say about the Boards of these companies?  Did the directors screw up?

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Protect assets, Supervision, To report

Hiding the ball

“Google Hid Data Breach for Months,” The Wall Street Journal, October 9, 2018 A1.  Alphabet hid or failed to disclose the breach of “hundreds of thousands of users” for six months, to avoid “regulatory scrutiny and … reputational damage.”  Data accessed between 2011 and 2018.

What did the delay in notification cost customers? Did Google care?  Who at Google knew, and are they still employed?  Why?

Don’t be evil.

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, IT, Privacy, Security, To report