Monthly Archives: December 2014

December 28, 2014 · 4:05 pm

Time warp

The SEC posts a bunch of corporate regulatory filings on the web, through EDGAR.  The way things are configured now, certain people can pay $1,500/month and get early access to these filings, before they are posted through EDGAR.  Early access may only be 10 seconds.

“SEC to Close Gap in Filings’ Release,” Wall Street Journal, December 27, 2014 B1. The SEC is working to close this gap, which gives those people with early access an edge on the rest of the market.

In calculating the value of information, how much of a role does timeliness play?

Leave a comment

Filed under Controls, Information, Internal controls, Third parties, Value

December 26, 2014 · 12:01 pm

Two from the front

Two stories from the front page today.

“U.S. Puts New Focus On Cyber Defenses,” Wall Street Journal, December 26, 2014 A1. White House looks at threat posed by Sony hack.  Might others follow the trend? Is this a national security issue?  Who owns the infrastructure?  Who’s responsible for protecting a commercial business from hacking?

Long After Arrests, Records Live On,” Wall Street Journal, December 26, 2014 A1. Records of arrests (without convictions) can live forever.  Should you have a right to be forgotten, or are facts facts?  Worse than a selfie or an intemperate online posting.

Who’s in charge of internet and email security? If there’s a statute of limitations for actions, shouldn’t there be a limited period for inquiry?  Would you want to know that your doctor/teacher/minister/politician had some flaws in his or her background?  Whose interests are paramount, the individual’s or society’s?

Leave a comment

Filed under Business Case, Controls, Definition, Information, Interconnections, Internal controls, IT, Ownership, Privacy, Protect, Risk, Security, Third parties, Use, Value

December 24, 2014 · 11:28 am

Lemonade

The Sony hack just keeps on giving.

After Hack, Secret-Messaging App Is Pitched to Hollywood,” Wall Street Journal, December 24, 2014 B5.  New app uses the Sony hack as a marketing opportunity for its self-destructing messaging.

The aftermath of the hack is continuing fodder for business school classes on information governance and crisis management, among others.  If you had such an app in development, do you wait for such an event to release your app?  Did Snapchat suffer from a timing gap?  How do you deal with this if you have discovery in litigation?

Leave a comment

Filed under Business Case, Controls, Discovery, Information, Internal controls, IT, Privacy, Risk, Security, Third parties, Use, Value

December 20, 2014 · 10:26 pm

Two email stories

First, a must-read.  “Hackers Could Expose Any of Us,” Wall Street Journal, December 20, 2014 C3.  Bruce Schneier, a guru’s guru on security stuff, writes about how surprised experts were at how lax Sony’s protections were.  Then he makes the point that none of us are safe from a determined bunch of hackers.

Second, should you use email, and, if so, how long should you keep it? “Are You Sure You Want to Use Email?” Wall Street Journal, December 20, 2014 B1.  You really have to use it, so how do you reduce your exposure? Move it off-line?

Lots of lessons out of the Sony hack.

Leave a comment

Filed under Business Case, Controls, Governance, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Risk, Security, Third parties, Use

December 17, 2014 · 5:05 pm

Connected?

First they were hacked.  Then they were threatened.  What does “The Interview” tell us?

Hackers Threaten Sony Film Debut,” Wall Street Journal, December 17, 2014 B1.  Theaters released from obligation to carry movie opening following threats over “The Interview.”

Now the connection between the hacking and the threat seems a bit thin to DHS, it does raise the question, “What if they do this for all Sony films?”

Is this related to information governance, or is this just a limitation on what movies can be marketed? Are some subjects just not advisable?  Is this a risk Sony anticipated when they decided to do the film?  What does this presage for movies on other topics?  Will other theaters bow to the threats?

Leave a comment

Filed under Business Case, Risk, Use

December 16, 2014 · 12:45 pm

The delivery mechanism

How do you get information to your paying customers?  Any way they want it.

“NBC Set to Live Stream Network,” Wall Street Journal, December 16, 2014 B2. NBC takes a different model than other networks.  Rather than setting up a separate paying stream, NBC is making the service to its existing customers.

Part of information governance is figuring out how to make money from what information you have, or more money from what you’re already providing.  Will this work for NBC?

Leave a comment

Filed under Information, Management, Use, Value

December 15, 2014 · 11:02 pm

Interesting legal theory

Let’s see.  Someone hacks into your email system because you have inadequate controls.  They post embarrassing emails online.  What can you do?  Urge newspapers not to publish?Have your lawyer send a threatening letter.

“Sony Hires David Boies In a Bid to Halt Leaks,” Wall Street Journal, December 15, 2014 B1.  Sony has a high-powered lawyer send a threatening letter to news organizations to persuade them not to publish the leaked emails.

That’s the problem with freedom of the press — it’s free.  Yes, the information was stolen.  But then it was put into the public domain.  Hard to see how even Mr. Boies can succeed on this.  But letters are cheaper than lawsuits.

One problem with information is it can be stolen from you even though you still have it.  And your mitigation strategy needs to be a bit more robust.

Leave a comment

Filed under Business Case, Controls, Information, Internal controls, IT, Management, Operations, Ownership, Protect, Risk, Security, Third parties, Use

December 12, 2014 · 7:06 pm

Eyes on you

Museums, in addition to stores and websites, want to know what you’re looking at.  Is this troubling or just another manifestation of vendors wanting more information on customer behavior, to enhance the shopping experience?

“When The Art Is Watching You,” Wall Street Journal, December 12, 2014 D1.

What’s next?  Ads tied to what you looked at? Similar monitoring in the workplace, hotels, and hospitals?

Clearly, this information has value. But who owns it?  Who controls access to it?  What do they really do with it?

Leave a comment

Filed under Business Case, Collect, Definition, Information, Management, Ownership, Privacy, Protect, Risk, Use, Value

December 11, 2014 · 11:56 am

“Why” matters.

“Ruling Puts Dent In Insider Probes,” Wall Street Journal, December 11, 2014 A1. The Second Circuit Court of Appeals reverses two insider trading convictions, on the grounds that the original tippers didn’t receive a benefit for their tips.

Curious analysis that bears upon information governance. Directors and others inside a corporation have a duty not to disclose confidential company information outside the company, or to use that information for their own benefit. But, apparently, as long as that disclosure is not in return for a benefit to themselves, the tip does not lead to insider trading liability under federal security laws for people downstream who use the non-public information to profit on stock trades.

I am not an expert on insider trading.  But it strikes me that the Court in this case relies too heavily on a statement in a prior Supreme Court case that held that an insider who discloses inside information to expose a fraud does not violate his/her fiduciary duty.  The Supreme Court used somewhat loose language, saying that in the absence of a personal benefit, there was no breach of fiduciary duty.  Seems that what they may have meant is that the fiduciary duty does not require concealing a fraud.  Hard to believe that negligent disclosure of confidential information is okay.

Lessons? Do Directors and employees have a duty not to disclose confidential company information? Yes. Does an action for breach of that duty require a showing of personal benefit? Yes, if the action is under the federal securities laws; maybe not if the action is solely for the breach itself. Does the Supreme Court sometime write with less than 100% clarity?

 

Leave a comment

Filed under Board, Business Case, Controls, Duty of Care, Governance, Information, Internal controls, Ownership, Protect information assets, Risk, Third parties, Value

December 9, 2014 · 1:32 pm

Watch what you pay for

Are you getting full value for your ad dollars? Do computer bots inflate the number of views, and thus your advertising costs?

“‘Bot’ Fraud Affects 11% Of Display Ads on Web,” Wall Street Journal, December 9, 2014 B3.  Fraud may account for $6 billion in excess fees in 2015.

If what you pay for a service depends on some external metric, you may want to make sure that metric is reliable and not subject to tweaking against your interests.

Is this within the information governance realm?  If not, why not?

Leave a comment

Filed under Business Case, Controls, Data quality, Information, Oversight, Risk, Third parties, Value