Monthly Archives: August 2013

The Board and the Cloud

In Vince Polley’s latest issue of MIRLN, he links to an article regarding the legal obligations of the Board when the company uses the cloud.  http://bit.ly/16oCyvV

What is the Board’s duty to take reasonable care to protect the company’s assets, like information put in the cloud? Can the Board fulfill this duty without knowing which officer is responsible for managing all aspects of information?

Vince and I have a long history – both hired by Schlumberger out of DC law firms by the same guy in the same year and both independently coming to Knowledge Management for Lawyers, from an inhouse perspective. MIRLN is a must-read collection of information-related stuff, presented in a very usable form. http://www.knowconnect.com/mirln/current/

Advertisements

Leave a comment

Filed under Ownership, Policy, Risk, Security

University? We don’t need no stinkin University

“Online Class Aims To Earn Millions,” Wall Street Journal, August 31, 2013 A3. http://on.wsj.com/1crRCOU Two professors at UT Austin are trying to make millions from online psychology course.  Following Coursera, EdX, and other online, watch-it-when-you-want-it college course offerings, they are trying to get 10,000 students at $550 each.  No time-shifting allowed.

Implications? Well, compare what’s happened with newspapers.  Which ones can still charge for access to daily content (WSJ is one) versus access to the archives?  Who needs the big campus quad to get a degree (or to pass the tests seniors may have to take to satisfy prospective employers?  (See earlier post at http://bit.ly/14yTJif)

I am not an economist, but let’s say there are 2,000 professors nationwide offering an introductory psychology course.  One of those professors is “the best.”  How do those other 1,999 professors stay in business if “the best” puts his or her course online at a reasonable rate?  Without the overhead of an ivy-walled university with a great reputation.

Who :owns” the content?  The university or the prof?

 

Just asking.

Leave a comment

Filed under Data quality, New Implications, Ownership, Risk, Use, Value

NASDAQ stops finger-pointing, almost

“Nasdaq Takes Blame for Stock Halt,” Wall Street Journal, August 30, 2013 C1.  While shouldering some of the blame for the trading halt, Nasdaq still argues rival platform NYSE Euronext was the root cause (I use this term with reservation, as it was not used in the story. Root cause investigations are to find what to do differently the next time, not to find out what “caused” an accident.  But people use the term as a noun anyway.).   http://on.wsj.com/16XSHvT

When you find yourself in a hole, the first thing to do is stop digging. One of the lessons from successful crisis management is to act responsibly, while leaving determination of legal liability for later.

When you’re in the information business, being sloppy is not good.  Being snarky and blaming someone else in the business is worse.  What’s a reputation worth, anyway?

Leave a comment

Filed under Business Continuity, Content, IT, Risk, Value

Rules? They’re more like guidelines.

“Fed Staffers Broke Rules In Release Of Minutes,” Wall Street Journal, August 30, 2013 A2. http://on.wsj.com/1duW7LO. Fed staffer emailed minutes of policy meeting a day early to a bunch of banks, investment firms and congressional staffers. Distribution list changed to exclude financial industry trade associations and bank lobbyists.

Lower-level employees often make mistakes, or don’t follow rules exactly.  Is an email to a distribution list the best practice for sensitive data? Do you have a second line of defense?  And a third? Does digital rights management offer a possible solution?

Leave a comment

Filed under Policy, Risk, Security

Libor fixing, continued

“Rate-Probe Spotlight Shines on Higher-Ups,” Wall Street Journal, August 29, 2013 A1. http://on.wsj.com/1a1HKy9

Citigroup employee fired for Libor-fixing attempt says senior levels were doing same thing.

This has the normal ties to discovery and following the chain.  Assuming there was a policy in place prohibiting this behavior, and the fired employee violated it, then in a sense the system worked, as it caught him.  But if his allegations are true, and senior-level officials were doing the same thing, was there a core defect in culture for which the Board bears some responsibility?  Either selection of the seniors, or failure to adequately monitor, or whatever?

Leave a comment

Filed under Uncategorized

Syrian attack on DNS, NYT, Twitter

“Syrian Electronic Army’s Alleged Attack Hit Soft Spot,” Wall Street Journal, August 29, 2013 B3. http://on.wsj.com/1dTSRZ9  Attack on Australian domain registrar leads to denial of service at New York Times, Twitter, Huffington Post and other sites. Syrian Electronic Army claims responsibility.

There was an optional feature that would have prevented this, but NYT and Twitter didn’t use it.  Now they do.

Focus on IT security is often at the server level.  Prevent physical access by outsiders, and limit system access to approved people.  Snowden was a failure in limiting system access and downloading.  But what was the process in place for deciding whether to activate the registry-change lock ?  Did people quantify the risks?  Who was involved in the decision?

Where else do third parties control potential links?  Are you using the cloud?

Leave a comment

Filed under Business Continuity, Risk, Security

How many official requests to Facebook for information?

“Facebook tells of official requests for data,” Houston Chronicle, August 28, 2013, D1 http://bit.ly/15kiBGd Government requests for information on >30,000 members in first six months of 2013.  Reporting required by law.

If the government requested your information, would you know? Do you care?  Facebook owns the information, right? Does this limit what you put on-line? Is there any privacy to what goes on-line?

 

 

Leave a comment

Filed under Ownership, Privacy, Requirements, Risk