Monthly Archives: February 2014


Three stories on page A5 of today’s Wall Street Journal highlight information governance issues.

Nine employees, alleged to have been involved in defrauding the government, were fired from US Investigation Services LLC, the company that determined Edward Snowden eligible for his security clearance. “Vetting Firm Fires Nine In Fallout From Probe,”

Outgoing (in two senses of the word) NSA head says NSA could achieve it goals by looking at a much slimmer slice of telephone details (which we are aware of solely because of Edward Snowden). “Narrower NSA Surveillance Broached,”

A hacker who bragged he “controlled the server of the Federal Reserve Bank” was indicted by the US government for hacking into computers at the Federal Reserve and stealing names , emails addresses and phone numbers. Faces possible extradition from the UK.”U.S. Charges Briton With Hacking Fed Computers,”

Leave a comment

Filed under Business Case, Controls, Governance, HR, IT, Privacy, Risk, Security, Third parties

Shoeless Max Smart

One of the risks with having proprietary company data on mobile devices is, well, such devices are mobile and they get stolen, lost, or hacked. What controls do you put in place to reduce those risks?

For the truly security conscious, there’s a new phone from Boeing (yes, that Boeing) that destroys all its data and software if someone tries to open the case.

“From Boeing, a Secure Phone Equipped to Self-Destruct,” Wall Street Journal, February 27, 2014 B1

But does it disable GPS tracking? Or keep you from playing Candy Crush on company time?

Leave a comment

Filed under Business Case, Controls, IT, Risk, Security

Intellectual property down on the farm

Thanks to iPad-equipped tractors and the like, farmers generate a lot of electronic data about how they plant crops.  But they wonder whether offers from big agriculture companies of technology to guide crop  planting will deprive the farmers of the value of their information.

“On the Farm, Data Harvesting Sows Seeds of Mistrust,” Wall Street Journal, February 26, 2014 A1

Recognizing that the collected data has value, who gets to profit from it?  Is this the same battle as net neutrality, or is it different? Do the mean agriculture companies get to benefit from making technology available on the cheap in return for the data flow?  Are the farmers uneasy because they don’t know how of when the data will be used?  Why not put the data into a space open to all, and let the agriculture companies sell their analyses of what it means?  Or is the secrecy of the competitive nature of the information that is the issue?

Leave a comment

Filed under Business Case, Definition, Information, Knowledge Management, Ownership, Risk, Use, Value

Risk that information is no longer available?

Leave a comment

Filed under Business Case, Data quality, Information, Risk, Use, Value

Using it

It’s easy with the security breaches and compliance issues to forget that information governance is, for the most part, about using information to yield better results.

“‘Waste Not’ Becomes Easier for Hospitals,” Wall Street Journal, February 24, 2014 R3

Hospitals looking at the data to find savings, great and small. Using information to save money. Watching the metrics. Figuring out why your costs are out of whack. Advisory firm provides analysis for free.

Isn’t this what information governance is about?

Leave a comment

Filed under Business Case, Controls, Data quality, Information, Internal controls, Knowledge Management, Operations, Use, Value

Function follows form

I had to dig for an article to post about.  It’s Sunday.   So I looked deeper.

So, you’re designing office space for a company that has three or four generations of workers, from the silverbacks preparing for retirement, to the seasoned players, to the up-and-comers, to the newly arrived. And everyone in between. Does how you set up the office assist with the internal information flow, and if so, is that part of information governance? Yes and yes.

“Design can help ease office space interactions,” Houston Chronicle, February 23, 2014 D1

From a management perspective, how do you access/harness the wisdom of the silverbacks, and how do you facilitate the transfer of that wisdom to the newly arrived? Chevron favors closed office space, while Shell prefers open plan. Some of this is to meet the cultural expectations of the silverbacks. And some to facilitating recruitment of new employees. Facilitating the information flow is part of management’s job, isn’t it, implicitly placing a value of information?  Information governance or knowledge management, do the labels matter, as long as the information flows?

Leave a comment

Filed under Culture, Governance, Information, Knowledge Management, Operations, Use, Value

Is something rotten in Denmark?

From one view, it’s a bog-standard case of insider trading.  Harvard Business School grad joins investment bank.  A year later, he uses his access to insider information to enrich his father and ex-girlfriend (also the mother of his child).  During the investigation, he denies that a man with the same name as his father (and who was allegedly receiving some of the  illegal profits) was, in fact, his father.  Round up the usual suspects. Lock ’em up, Danno.

What struck me as noteworthy was a quotation from the Wall Street Journal: “…the tight-knit world of Wall Street deal makers, where confidentiality is sacrosanct.”  Is that really the culture they have, or the culture to which they might aspire? Quoting again, this time from the investment bank: “‘This conduct is completely inconsistent with our culture and professional standards.”  Well, that must be a relief to their other clients.

“Banker Used Tips to Trade, Officials Say,” Wall Street Journal, February 22, 2014 B1

Why did he do it?  Based on text messages, it was to pay child support to his ex-girlfriend.  And maybe to hide those payments from his wife, who is probably not amused.

How could someone who’d been in this business for years do something so dumb?  You just don’t turn around at age fifty and start cheating, do you?  How did his employers and clients miss this?  Was the ex-girlfriend a clue?  If someone is cheating on cab fares, what else are they cheating on?


Leave a comment

Filed under Business Case, Controls, Culture, Definition, Governance, Information, Internal controls, Ownership, Risk, Third parties, Value

Speed premium

High-speed traders used to pay for quicker access to news of corporate earnings, and use the momentary advantage to make money. Not at Business Wire, or at least not now.

“Traders’ Access to Releases Curbed,” Wall Street Journal, February 21, 2014 C1

Was it the fact that some traders get the information sooner than others, or was it that Berkshire Hathaway was profiting from the profiting?  Can we ever level the playing field enough that someone won’t get information a little sooner than someone else?  Hasn’t this always been the case?

Isn’t part of the value of information the fact that you have it sooner than someone else?

Leave a comment

Filed under Controls, Definition, Information, Interconnections, IT, Third parties, Value

Are your employees listening?

Your employees bring their phones to work. They sometimes use their personal PCs at home to do work. Do they back up these appliances to the cloud or elsewhere? Do those backups include your company’s proprietary information? Do the employees backup their data files on company equipment to the cloud? Do you know?

“Perilous Mix: Cloud, Devices From Home.” Wall Street Journal, February 20, 2014 B4

You probably have policies that restrict or prohibit your employees’s use of certain technologies to store your company’s information. But you also put pressure on those same employees to work efficiently. Is it easier for your employees to ignore your policies if those policies get in the way of how the employees want to work?

Which is more important? Your company policy or your employees’s autonomy over how they do their work?

Leave a comment

Filed under Business Case, Compliance, Controls, Culture, Governance, Information, Internal controls, Ownership, Policy, Risk

Hobson’s choice

Questions have arisen regarding your practice of collecting a lot of information.  Legislators are considering new legislation; potential litigants abound.

You are running out of secure storage space, either because of availability or because of cost constraints.  So, do you stop collecting the information on an ongoing basis (even though the jury is still out, so to speak, on whether it is legal for you to collect it) or do you start deleting the old information?  Or just get more money from the shareholders to cover infinite storage space? Is there a litigation hold in place?

“NSA Weighs Retaining Data for Suits,” Wall Street Journal, February 20, 2014 A4

Cost constraints on keeping data that may be relevant to a legal case? Welcome to the party.

Leave a comment

Filed under Business Case, Business Continuity, Controls, Discovery, Legal, Operations, Risk