Monthly Archives: February 2015


Not sure what this means yet.  Combine this with retinal imaging and a fingerprint scanner to provide fool-proof security?

A Keyboard That Knows Who You Are,” Wall Street Journal, February 14, 2015 C4. A keyboard that recognizes an individual user’s typing style and electrical potential.

Access to information is a part of information governance.  This is access to information that didn’t exist before.

Leave a comment

Filed under Business Case, Definition, Information, IT, New Implications, Security, Use, Value

Automated investment “advice”

Next Tech Bet: Automated Advice,” Wall Street Journal, February 13, 2015 C1. The electrical banana, bound to be the very next craze. A look at startups engaged in handling investments without the need for the middle man, or his or her office.

Is investment advice the provision of information or the management of a service? Is the service, which adds value by personalizing the contact, and hand-holding, worth the cost?  We’ll see.

Leave a comment

Filed under Business Case, Information, Risk, Value

Ownership, disposal, and transition

Managing information transfers when an employee leaves or moves within an organization is part of information governance (and, of course, knowledge management). So, too, is disposal of information when retaining it is no longer required.  And who owns that information?

These three points, and perhaps others, are all raised in “For Facebook Users, Options Upon Death,” Wall Street Journal, February 13, 2015 C1. Facebook has settings that allow one designated representative to make decisions about your Facebook account after you die; if you check the right box, they can delete the account .

Are you organizing information in your personal life so that that information can be handled appropriately after your death?  What about the analogous situation with workplace information in your possession, custody, or control?  What happens to that when you leave?  Have your organized it with that in mind? Why should you care?

Why should your employer?  Whose information is it?


Leave a comment

Filed under Business Case, Collect, Controls, Information, Internal controls, Knowledge Management, Ownership, Privacy, Risk, Third parties, Use

A better mousetrap, for free

Sex trafficking drives need for visualization of data available online.MK-CS757A_MEMEX_16U_20150211190914[1]

Sleuthing Search Engine: Even Better Than Google?,” Wall Street Journal, February 12, 2015 B1. A DARPA-developed tool, offered for free (well, “included,” as your tax dollars paid for its development), used to track down sex trafficking rings.  Other uses: tracking down terrorist recruiting patterns, spread of diseases, and money laundering.

How long before Madison Avenue discovers a use for this?  How does the competition compete with free? Does this make information accessible in a new, more useful, way?


Leave a comment

Filed under Analytics, Collect, Use

The medium and the medium

Crisis management meets information governance.

In crisis management, communicators understand that your message includes who you have speaking. In information governance, one issue is picking the correct medium for conveying your message.  Do you want to select a medium that’s relatively permanent (e.g., email) for a message whose content you wish had a limited life?

NBC Suspends News Anchor Brian Williams For Six Months,” Wall Street Journal, February 11, 2015 A1. After disclosures of other factual distortions by Brian Williams, NBC pulls the plug to give him time and space for rehabilitation.

Did William’s actions violate NBC’s Code of Conduct?  Strange as it seems, most Codes of Conduct don’t prohibit lying, cheating, or stealing.  Maybe a morals clause of his contract prohibited him from doing anything that brought NBC into disrepute.  Was his apology insufficiently heart-felt?

What does the delayed response say about NBC’s culture?

Leave a comment

Filed under Board, Business Case, Communications, Culture, Culture, Governance, Oversight, Oversight, Risk

Where does one focus one’s energies?

How the Hacking Scandal At Sony Changes the Picture,” Wall Street Journal, February 10, 2015 R4. Takeaways from the Sony hack:

  • Breach was not particularly sophisticated.
  • Discovering the breach early is critical to limiting damage
  • Government trails industry
  • Raising awareness is a good thing
  • Financial and defense industries the biggest targets

The depressing part was the statement that the hacking is unavoidable.  Or refreshing, because then you can focus on the secondary and tertiary lines of defense.

Leave a comment

Filed under Board, Business Case, Compliance, Controls, Duty of Care, Governance, Internal controls, IT, Management, Oversight, Oversight, Protect, Protect assets, Protect information assets, Risk, Security


Okay.  Assume there is information that a consumer wants.  How do you make it more accessible?

DexCom Readies Diabetes Apple App,” Wall Street Journal, February 9, 2015 B3. An app that captures and transmits your blood glucose level to your watch may be coming soon. Helpful for diabetics.  Awaiting the arrival of the Apple Watch.

The FDA apparently distinguishes between the device that captures the data and the device/app that transmits that data to the user; one is heavily controlled.

This appears to provide timely information to the user to allow him or her to make important decisions.  Innovative.

But who does the risk analysis? Of the data being wrong, or being corrupted in transmission, or hacked?


Leave a comment

Filed under Collection, Information, Interconnections, IT, Risk, Security, Use, Value

Seven Bullets

Emails Track J.P. Morgan Hire in China,” Wall Street Journal, February 7, 2015 A1. Emails about the hiring and retention of the son of China’s commerce minister, potentially in return for currying favor with his father, come up in FCPA investigation.

  • Emails last forever; watch what you write. Did JPM need to retain all these emails? Could they have disposed of all of them?

White House Role in Web Plan Probed,” Wall Street Journal, February 7, 2015 A4.  White House, FCC connection explored regarding the net neutrality move.

  • What is meant by “independent agency” in the US government governance context? Who controls, under what rules?  What’s the culture?

Tribunal Rebukes U.K. Over Spying,” Wall Street Journal, February 7, 2015 A7. Judicial panel says the UK’s “communication intelligence agency … violated the rights to privacy and freedom of expression” by not disclosing enough about what the agency does.

  • Is supervision of compliance/non-compliance the essence of governance?

Engine Error Seen in Data From Taipei Crash,” Wall Street Journal, February 7, 2015 A7. Flight data recorder shows fuel to engine turned off prior to crash.

  • One reason you collect information while it is happening is to figure out what went wrong.

NBC Opens Probe of Williams,” Wall Street Journal, February 7, 2015 B1. Internal investigation into the Iraq helicopter and Hurricane Katrina stories by one of the network’s most valuable assets.

  • How do you maintain your organization’s credibility when your star performer loses his? Is this part of your crisis management plan?

Push Against China Tech Rules,” Wall Street Journal, February 7, 2015 B4.  China wants insight into source code used by Oracle and IBM in their database services, used by financial firms in China.  Do you want the business so much you’ll give up control over your most precious secrets to a potential competitor?

  • Was this a predictable consequence of Edward Snowden’s disclosures?

Google Panel: Limit Right to Be Forgotten,” Wall Street Journal, February 7, 2015 B4. Google only removes data from European based domains, despite EU privacy ruling.

  • How far does the power of governance extend?  Beyond your national boundaries?


Leave a comment

Filed under Collection, Communications, Content, Controls, Culture, Duty of Care, Governance, Internal controls, IT, Legal, Management, Oversight, Policy, Protect, Risk, Security, Use

Three updates and a new story

Old News:

Updates on three pending stories.

Anthem’s Records Weren’t Encrypted,” Wall Street Journal, February 6, 2015 B1.  I had thought Anthem did some good stuff, at least in the discovery of and response to the recent breach.  But it appears that Anthem had earlier decided not to encrypt their records for the convenience of their employees.

If you hold a third party’s confidential data, can there be a compelling case for not encrypting that data when it’s at rest within the company?

Hackers’ Revenge: Sony’s Pascal Out,” Wall Street Journal, February 6, 2015 B1. Well, someone lost her job in connection with the Sony hack.  But not because of the hack, but because she didn’t watch what she wrote in emails (and others did).

Maybe it was just unfortunate timing.  But emails are hard to delete completely.

Tale Draws Criticism For NBC’s Williams,” Wall Street Journal, February 6, 2015 B2.  The beat goes on about the tall tale from anchor Brian (aka Pinocchio) Williams and his helicopter trip. He had just signed his new contract (unlike Amy Pascal at Sony, who was in negotiations when her story broke). Not covered in the Journal today – incredulous comments on another claim he made on (an award-winning) video about watching a body float by in New Orleans while reporting on Hurricane Katrina.

For me the main point is how will NBC ever punish someone for padding their resume when Brian Williams can lie on camera with impunity? Again, what is the culture when a big star can break the rules?  How do you get others to follow those rules or any rules?  Will there be any SNL skits on this?

New News:

What do the numbers mean?

One of the metrics professionals use to track insurance companies is their excess capital – the excess reserves above the case reserves required by regulators.  Apparently, Prudential misplaced $1.5 billion of excess capital in two months.  And even worse: they couldn’t adequately explain what happened.

Prudential Suffers After Disclosure,” Wall Street Journal, February 6, 2015 C8.   Prudential describes it as a “mysterious decline.”  Lost 5.7% in market value.

Do we rely too much on metrics that even the experts can’t explain?  E.G., the unemployment statistics. If the basis for calculation changes, do they have to explain that? Can you rely on the experts, or might they have an agenda? Do you understand what goes into the numbers?

Would a 5.7% market value decline be a career limiting move?

Leave a comment

Filed under Business Case, Compliance, Compliance, Controls, Culture, Culture, Governance, Internal controls, IT, Oversight, Oversight, Policy, Privacy, Risk, Security


What happens when you puff up your experience to enhance your reputation?

You get caught.

NBC News’s Williams Recants War Story,” Wall Street Journal, February 5, 2015 B3.  Brian Williams’s oft-repeated story that he was on a helicopter that got hit by an RPG in 2003 was false.

Why did it take this long for the truth to come out?    What do you make of the way that he released the news, including a retraction to Stars and Stripes, an apology on his network news show, and a post on Facebook.

If you’re NBC, how do you protect against the risk of one of your news anchors repeatedly telling a major fib?  Is this how you’d mitigate the impact of the fib after it was discovered? Should he be fired to protect the NBC brand?  If not, what does that say about the culture?

Leave a comment

Filed under Communications, Controls, Culture, Governance, Internal controls, Oversight, Risk