Monthly Archives: April 2014

My dog ate your feedback

Who your customer reviews? Apparently, not you.

“Online Reputations Lost As Yahoo Switches to Yelp,” Wall Street Journal, April 10, 2014 B1 http://on.wsj.com/1geVgQd

Businesses who had customer reviews through Yahoo Local were surprised to find that, when Yahoo did a deal with Yelp, some of those reviews disappeared. But Yahoo represents only 10.3% of all Internet searches.

Two perspectives. One, if you’re the business who was reviewed, how do you protect (collect?) that information from the whims of Yahoo? Does it matter to you?

Two, if you are Yahoo, how do you manage changes that delete or hide or downgrade information that is important to businesses? Do you care? Do you mitigate the damage by telling them what’s coming?

Leave a comment

Filed under Business Case, Collect, Controls, Definition, Information, Management, Ownership, Protect, Risk, Third parties, Value

Missing link

“Big Data: Love It or Face ‘Permanent Pink Slip,'” Wall Street Journal, April 9, 2014 B6 http://on.wsj.com/1k3KKwk

What does it take to get hired, or even to keep you job? How well do you analyze large collections of data, and how familiar are you with the current and developing technologies to assist that analysis? Do you understand the business well enough to know what’s useful?

Apparently, businesses are noticing that there is a gap between all the data that’s out there and how to determine what information is useful to the business and how to leverage that information for the business. Neither business knowledge nor data knowledge is enough on its own; there needs to be a link.

So people are flocking to quantitative analysis courses and books and MOOCs.

Does that mean that the information isn’t as valuable as knowing what to do with it?

Leave a comment

Filed under Analytics, Business Case, Collect, Definition, Information, Management, Use, Value

FTC and Data Security

Who establishes and enforces your rights for data security at the places you shop? I used to think it was a matter of negligence law, or maybe contract. Both enforceable through a lawsuit.

Wrong, again, sort of. The FTC has assumed unto itself the responsibility for defending our rights, under its original charter (1914) to protect us from unfair or deceptive trade practices. We can still sue.

“FTC Wins A Round Over Data Security,” Wall Street Journal, April 8, 2014 B1 http://on.wsj.com/1n0hfLV

A Federal judge in New Jersey denied a motion to dismiss from Wyndham Worldwide Corp., alleging the FTC didn’t have the power to regulate Wyndham data security practices.

Maybe it’s a good thing. One more reason for the businesses to be careful with my information. May be cumulative. And the government is not necessarily the best at IT things. We’ll see.

Leave a comment

Filed under Board, Business Case, Controls, Duty of Care, Governance, HR, Information, Internal controls, IT, Management, Privacy, Protect, Protect assets, Protect information assets, Risk, Security, Third parties, Value

Managing pranksters

What if you rely on third parties to report information to you so that you can do your job? What if they lie? How do you protect yourself, and your business?

“Phony Calls Plague 911 Centers,” Wall Street Journal, April 7, 2014 A3 http://on.wsj.com/1oHANsV

An unfortunate consequence of the federal law requiring cell phones to be able to make emergency calls even if they are no longer on a cellphone plan is that someone call place a call to 911 without risk of identifying himself/herself. Some people take advantage of this to make prank calls, which must be responded to nonetheless.

Does your business model rely on information received from third parties? Do you just accept a level of false information?

Leave a comment

Filed under Business Case, Collection, Controls, Data quality, Information, Risk, Security, Third parties, Use, Value

Who made the rope?

Capital punishment is one of those hot-button issues where people have strong opinions. But assuming your state has it, and someone is going to be executed, does he or she have the right to know who made the rope that is going to be used to hang them? Or is someone requesting the name of the rope manufacturer so that they can shame the manufacturer by tying (sorry) him to the product? And thereby reduce the number of noose manufacturers, thereby achieving a goal that they lost on at the ballot box?

“Most states shroud death drugs in secrecy,” Houston Chronicle, April 6, 2014 A3 http://bit.ly/1mTsMzq

Is the name of the maker of the execution chemical information that the condemned prisoner is constitutionally entitled to know? Sure, maybe the prisoner is entitled to reasonable assurance that the drug works. But beyond that?

Why is the information being requested and how is it being used? What’s the risk of disclosing this information, and how do you control or mitigate those risks? Maybe hanging isn’t so bad. Or more efficient.

Leave a comment

Filed under Business Case, Communications, Controls, Information, Internal controls, Protect, Risk, Use, Value

Who’s asking?

Normally, I think of information governance issues as being one of three types: compliance, protection, or use. Does it matter who’s asking the question?

“Prosecutors’ Bulk Requests for Email Irk Judges,” Wall Street Journal, April 5, 2014 A4 http://on.wsj.com/1smfeNS

Federal prosecutors in criminal investigations make blanket requests for all of a person’s email with an email provider, rather than limiting their requests to those emails relevant to something. Then they (the government) sort through. Some judges have become less amenable to signing such warrants, as there are Fourth Amendment issues.

Is this information governance? Or just a privacy or discovery point? Looked at from the defendant-to-be’s point of view, it’s privacy or constitutional. From Yahoo’s or Google’s point of view, it’s information governance of the compliance or protection variety. From the government’s point of view it’s just searching for evidence, I guess. How does the defendant-to-be know when to interpose an objection? Who’s information is it?

Who owns “information governance” in this context? The courts? The Department of Justice? The email provider? If not one of them, then who?

Leave a comment

Filed under Controls, Discovery, Information, Legal, Ownership, Privacy, Privilege, Third parties

Exporting democracy

What do you do to disrupt a closed society? Cut off trade from the West? Put their buddies on the no-fly list?

“U.S. Set Up Twitter-Like Programs to Reach Cubans,” Wall Street Journal, April 4, 2014 A14 http://on.wsj.com/1qaKZrh Links text messages sent over state-run phone network.

Watch out. Miley Cyrus is next.

What’s the power of communication and collaboration? How well do the local controls prevent this?

Leave a comment

Filed under Communications, Controls, Governance, Inform market, Inform shareholders, Information, Interconnections, Internal controls, IT, Third parties, Value

Distributed analytics

You have a big body of data and you search it. You have computers and people who can search it, but maybe that isn’t their highest and best use. Should you get help?

Say you’re interested in finding Medicare fraud and you have a bunch of Medicare records that you could search to find that. But your processes for discovering that fraud have not been 100% successful.

So what do you do? Respond to a Freedom of Information Act request and let the Wall Street Journal search it for you.

“Medicare to Publish Trove of Data on Doctors,” Wall Street Journal, April 3, 2014 A4 http://on.wsj.com/1ow6AwT

I guess one lesson from this is be wary of providing somebody information because then they own it and they will use it; and if they don’t, someone else will. Another is that if you are honest, what do you have to fear?

Leave a comment

Filed under Analytics, Business Case, Collect, Collection, Communications, Compliance, Inform market, Inform shareholders, Information, Ownership, Risk, Use, Use

San Bruno cont’d

Following a gas pipeline explosion in San Bruno, California, in 2010, PG&E (the responsible utility) admitted that it couldn’t find inspection records for more than 60 miles of its pipeline.

On Tuesday, PG&E was indicted for criminal violations of the Pipeline Safety Act. Twelve separate charges of “‘knowingly and willfully'” failing to keep required records.

“PG&E Utility Charged in Fatal Pipeline Explosion,” Wall Street Journal, April 2, 2014 B1 http://on.wsj.com/1pOWzbs

They made a lot of business decisions without the business records to support them. People died.

Certainly a compliance issue. But also one of culture. Who verified anything?

Leave a comment

Filed under Board, Business Case, Collect, Compliance, Compliance, Compliance Verification, Controls, Definition, Governance, Information, Internal controls, Legal, Management, Operations, Oversight, Protect, Protect assets, Protect information assets, Records Management, Requirements, Risk, Use, Use, Value

The CPU of information governance

There’s lot of discussion of information governance. The top two factors, based on the volume of discussion, are Compliance and Protection. There cover what steps you need to take to comply with applicable law and corporate policy and what steps you need to take to protect the information you have. The third factor, less discussed, is Use – what do you collect and how do you collect it, and how do you use and reuse that information to make money.

This post is about Protection.

“Federal Agents Pierce Web-Anonymity Tool,” Wall Street Journal, April 1, 2014 A6 http://on.wsj.com/1pERRgl

A web anonymizer, Tor, is apparently not as secure as we were led to believe. Or maybe it is. Does it hide your web travels from the Feds?

If you have employees who use Tor, is that a sign of a sick canary in the coal mine? Is it just to protect you and your company’s information from Uncle NSA?

Leave a comment

Filed under Business Case, Controls, Internal controls, Privacy, Protect assets, Protect information assets, Risk