Monthly Archives: September 2014

Two for Tuesday

What do people do with the answers to those goofy questions they ask on the online application?

“As Personality Tests Multiply, Employers Are Split,” Wall Street Journal, September 30, 2014 A1.  This type of personality testing is a $500 million/year business.  Is that value of information, or value of using the information? Or the value of Psych majors?  Do you really know whether the person you didn’t hire would have been better?  Does this create a new way to discriminate?

How do you measure the value of the information you get (the analysis of the answers), or the value added to the improvement of the selection process (less bad hires)?  Who owns the information?  How do you protect it?

“Supervalu Hit With Second Hacking,” Wall Street Journal, September 30, 2014 B6.  After having been hacked once, Supervalu changed some controls.  But then they got hacked again.   May have affected 4 stores in Minnesota and some others that were sold to a private equity group last year.  They continue to provide IT service to the buyer.

Why them?  If you were the buyer, what’s your recourse?

Leave a comment

Filed under Analytics, Collect, Data quality, Duty of Care, Inform market, Information, Interconnections, Internal controls, IT, Oversight, Ownership, Privacy, Protect, Protect assets, Protect information assets, Risk, Security, Third parties, Value

680 million eggs

If you put all your eggs in one basket, watch that basket.  Carefully.

What about 680 million phone numbers in use?  Would you want to transfer those to a Swedish company?  Would that affect law enforcement or privacy rights? How would you know who to tap?

“Phone Database at Center of Debate,” Wall Street Journal, September 29, 2014 B1.  Proposal to transfer contract from US company to Swedish company has law enforcement folks up in arms.

Where does one start?  Whose information and privacy rights are they? What’s the information (or access to the information) worth? And who knows when someone accesses that information?  What’s that information worth?

And, a holdover from Saturday. “Just Say No to Six More Episodes,” Wall Street Journal, September 27-28, 2014 D11.  Information on how to avoid being sucked in to watching the next episode (or next five episodes) when you’re on Netflix.

Leave a comment

Filed under Business Case, Definition, Information, Ownership, Privacy, Risk, Security, Use, Value

Lewis & Clark in a favela

Who owns information that’s freely available, but time-consuming to collect again?

That’s the problem as Google and Bing and others try to map the next frontier: the uncharted depths of the favelas in Rio.

Does the State own the data, even though they don’t have it charted yet?  What about other explorers who have charted it already and who gave the map to the State? What about the criminal gangs that exercise dominion over the area, and who may want to be harder to find?  What about the residents, or the shopkeepers?

“Google, Microsoft Expose Brazil’s Slums,” Wall Street Journal, September 26, 2014 B1. The rising availability of smartphones and internet access supports a need for being able to navigate even the slums.  How do entrepreneurs monetize the data collected? Is the information worth more to Google than they are willing to pay?

Do Lewis & Clark still get royalties on their maps?

Leave a comment

Filed under Collect, Controls, Data quality, Information, Ownership, Third parties, Use, Value

Think about the plumbing

There are shiny sides of information governance — establishing and enforcing a compliance program, analyzing big data, and protecting the system from external attack.  And an interesting side — information in use, such as what do you have, where did you get it, where and how do you store and access it,  how do you validate it, and how do you use it to make money.

What is often ignored are the backroom aspects, like the underlying architecture that makes all the rest possible.

“Bandwidth Prices Steadier,” Wall Street Journal, September 25, 2014 B2. Wholesale prices for bulk Internet bandwidth are stabilizing, which may help the companies that own the underlying infrastructure (“the Internet’s plumbing”) to finally become profitable.  In part due to market consolidation, and some vendors moving to the cloud-based storage market.

Is your business providing the infrastructure that makes information transmission, delivery, and storage possible? AT&T, Verizon, USPS, DHL, FedEx, Apple, Samsung, Amazon, others?  What portion of your business depends on transmitting or reforming or repurposing other peoples’ information?  How do you monetize that?  How does the government regulate and tax that?

Leave a comment

Filed under Analytics, Board, Business Case, Collect, Compliance, Controls, Governance, Interconnections, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Risk, Use

The Use theme

What information do you have?  Does making money require you to hide that information, or can you just rent it to others? Is it your information? Can you just use it?

“SEC Is Examining Pricing at Pimco,” Wall Street Journal, September 24, 2014 C1. Allegations: Pimco bought at one price and then reported value at a higher number, pumping up the fund’s performance.  So they knew what they paid but didn’t report that to the market;  instead, they reported “value,” which is different.  Were investors misled?

“Apple’s Latest Marketing Pitch: More Privacy,” Wall Street Journal, September 24, 2014 B1.  Fresh on from the celebrity nude video breach of iCloud, Apple says one thing but appears to do another.  “‘We don’t ‘monetize’ [your] information….'” But then iAd sells the ability to reach target demographics based on user data.  Where’s the SEC when you need them?  What information do you have, how do you use it, and how do you tell the market about it? And whose data is it?

“Websites Wary of Facebook Tracking,” Wall Street Journal, September 24, 2104 B1. Does Facebook really monetize your browsing information by allowing advertisers to target you?  Whose information is it, anyway? [Read the user license]  But online retailers are nervous about Facebook’s practices, but for a different reason.  They view information about your visits to their sites as their information.  So, what information do you have and how do you use it to make money?

“Data Breach Triggers Fraud,” Wall Street Journal, September 24, 2014 C2.  Story follows fraudulent uses of credit cards following Home Depot breach.  Is this news, or res ipsa loquitur (a legal term for “the thing speaks for itself; used to establish negligence)Dog bites man?  Or just a bad headline? From an information governance perspective, what happens if your controls fail?  People using your information that you used with a retailer.  To make money.

Leave a comment

Filed under Board, Business Case, Collect, Controls, Duty of Care, Governance, Inform market, Information, Internal controls, Investor relations, Management, Oversight, Ownership, Privacy, Protect, Protect information assets, Risk, Security, Use, Value

Less information, more information.

First, “Phone Protections Alarm Law Enforcement,” Wall Street Journal, September 23, 2014 A4.  New Apple (and soon to be Google) technology to place photos, videos, and contacts of a locked iPhone outside the easy reach of law enforcement, even with warrants.  Just don’t backup on iCloud.  Take that, NSA.  And others.  Law enforcement will need to get the passwords from the users.

Second, and for me foremost, “Use of Voice Is Key To Managing Teams,” Wall Street Journal, September 23, 2014 B1.  For those who recognize the value of the brand of voice for internal corporate communications, three newish technologies: Talko, Slack, and Tango.  If Ray Ozzie supports it, I’m interested. Talko bridges the gap from groupchat to voice + video.  These have promise and are technologies to watch.

How will information governance policies and practices have to change to adapt?  How will ediscovery handle the unavailability of information on an iPhone, other than by forcing the disclosure of passwords and the like?

Leave a comment

Filed under Business Case, Collect, Compliance, Controls, Interconnections, Internal controls, IT, Management, Risk, Security

Who’s responsible?

This isn’t so much about information as it is about governance.

“Regulators, Accounting Firms Spar Over Rule,” Wall Street Journal, September 22, 2014 C1. At issue is having the name of the engagement partner of a company’s accounting firm sign off on each public company audit.  And their name will be disclosed to investors.  The fight is over whether the disclosure is in a 10-K, and thus reasonably accessible to investors, or on a Form 2, which is harder to get.

A major failing of many information governance initiatives is the failure to designate one C-suite resident as the owner of the information governance program, with responsibility for what gets done and what doesn’t.  See also the Federal Sentencing Guidelines Manual.  A contributing cause to the failure of many information governance programs is the absence of a procedure by which the managers of each group of employees sign off at least annually on the compliance by those who report to the managers.

If your boss has to sign off that you’re in compliance, will he or she do more to find out how you’re doing?  Will you? What will happen to the culture, both in your group and in your company?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Controls, Culture, Culture, Governance, Internal controls, Management, Oversight, Protect

Information protection

With limited exceptions, what gets written down in a business has to be produced in litigation.  Example: GM’s ignition switch litigation.

“GM Ordered to Open Files on Defect Response,” Wall Street Journal, September 20-21, 2014 B3. GM required to turn over documents of its investigation, while bankruptcy proceeding continues apace.  The pending bankruptcy filed in July 2009 doesn’t protect the documents that may relate in part going back to 2005, even though some accidents prior to July 2009 may be beyond scope of current litigation.

Lesson:  don’t rely on attorney-client privilege or work product to protect documents from disclosure.  Write them with that in mind.

1 Comment

Filed under Business Case, Discovery, Legal, Risk


Sports is a target-rich environment for information-related pieces.  Here’s one on information-in-use.

“Baseball Experiments With Brain Science,” Wall Street Journal, September 20-21, 2014 A16. Use of neurologic training systems designed to improve a batter’s ability to hit the ball.  Interesting graphic on what’s going through a batter’s mind in the 400 milliseconds between the pitch and the ball arriving at home plate. baseball pic

Information governance has three main areas: compliance, protection, and use.  This is “use.”

Leave a comment

Filed under Analytics, Collect, Information, Management, Use, Value


“Home Depot Breach Tops Target’s,” Wall Street Journal, September 19, 2014 B1. A custom-made virus allowed hackers to steal data from 56 million credit cards over 5 months before it was detected and, hopefully, removed.  Cost for investigation, credit monitoring, call center, and the like: $62 million, or a bit more than $1.10 per breached card.  Cost of lawsuits: priceless.

Insurance covered $27 million of initial costs.

How good are your protections against hackers?  How good is your cyberrisk insurance? How much information do you have that belongs to others?  How well do you protect it?

Leave a comment

Filed under Board, Business Case, Collect, Controls, Governance, Information, Interconnections, Internal controls, IT, Management, Ownership, Protect, Protect assets, Protect information assets, Risk, Security, Third parties, Value