Monthly Archives: March 2015

Conflict with privacy rights

An employer wants to know that the employee is fit for duty.  The employee doesn’t want the employer to know he’s being treated for an illness that may or may not affect his or her ability to perform on the job.  The employer pays for the medical tests.  The risks are huge.

Who’s rights are paramount?

Co-Pilot Hid His Depression,” Wall Street Journal, March 28, 2015 A1.  The co-pilot at the helm when a plant full of people crashed into the French Alps hid his treatment for depression from his employer.

It’s a slippery slope when you intrude into the doctor-patient relationship.  Is this a case where the doctor should have notified the airline?  Would that information have affected the airline’s staffing decision?


Leave a comment

Filed under Business Case, Collect, Compliance, Controls, Duty of Care, Governance, Internal controls, Management, Privacy, Protect, Risk, Third parties, Use

Hold the presses! Banks agree not to lie, cheat, or steal

Following episodes where traders at large banks were sharing information about their clients’ positions in various currency trades, resulting in fines of more than $4 billion, the Federal Reserve Bank of New York and several other central banks agreed not to do that anymore.

Bankers Agree on Client-Data Protections,” Wall Street Journal, March 26, 2015 C4. An eight-page agreement  says foreign exchange traders should not share more information than necessary to effectuate the trade, and they should not pass along information they know or suspect is misleading.

What does it say about an industry culture where such an agreement is necessary?  And who is going to establish regulations and who is going to enforce this in multiple countries?  I guess it’s better than the banks using their clients’ information to trade on the bank’s account.  Or can they do that?  Whose information is it, anyway?

Leave a comment

Filed under Compliance, Culture, Governance, Investor relations, Oversight, Protect, Use


Is one of the information governance risks your company monitors the risk of being delisted from the stock exchange for submitting filings late?

Hertz Is Out of NYSE Compliance,” Wall Street Journal, March 25, 2015 B6. Unable to file its annual report on time because of an investigation into prior financial reports, Hertz was notified by NYSE that it was out of compliance.  If they can’t file within six months, delisting proceedings would begin.

Talk about a death sentence.

How likely is it that your company will have to file reports to the government or to its stock exchange after the deadline?  What’s the impact if that happens?  Thus, the calculus of risk.

Leave a comment

Filed under Board, Business Case, Compliance, Compliance Verification, Inform market, Inform shareholders, Oversight, Risk

Reviewing presentations

Why do organizations have policies that require internal review of presentations to outsiders?  What about review of internal presentations?

Merrill Lynch Fined Over Presentation,” Wall Street Journal, March 24, 2015 C2.  Failure to comply with company policy requiring compliance department pre-publication review of presentations leads to $2.5 million fine.  For an internal presentation by the brokerage division that did not disadvantage any clients.

That’s why we have policies and procedures, I guess.

Leave a comment

Filed under Business Case, Communications, Compliance, Compliance, Controls, Governance, Internal controls, Management, Oversight, Policy, Risk, Use

Government statistics

Would the agency in charge of gathering data on the budget deficit “massage” the numbers to make the deficit look worse?

Greeks Investigate Statistics Chief Over Deficit Figure,” Wall Street Journal, March 23, 2015 A8.  A prosecutor filed criminal charges alleging falsification of data (they don’t have 18 USC §1519 in Greece) against the head of the statistics agency.  Was the deficit 4% of GDP in 2009 or 15%?  More than a rounding error.

What happens if government numbers are a political football?  Who’s watching this?


Leave a comment

Filed under Business Case, Collect, Compliance, Compliance, Compliance, Compliance Verification, Data quality, Duty of Care, Governance, Management, Oversight, Oversight, Reliance, Risk, Use

All eggs in one basket

Do you rely on a document management system to store your documents?  What if the system misfiles a document, or several?  What if the misplaced documents arguably affected a defendant’s defense?

Glitch May Have Tainted Criminal Cases,” Wall Street Journal, March 18, 2015 A3. Misfiling by a court’s document management system raises potential objections from defendants.

This goes to access and care.  What duties do you have to file things correctly?  What if you don’t, and as a result someone doesn’t get to see what they’re entitled to see?  What’s that worth?

How do you protect against this risk?

Leave a comment

Filed under Access, Business Case, Collect, Compliance, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Management, Protect, Risk, Value

Using information you don’t have

All the buzz is creating your bracket for the office pool for March Madness.  What if, like me, you don’t follow college hoops that closely?

Let Our Machine Build Your Bracket,” Wall Street Journal, March 17, 2015 D6.   The Journal has a machine that will pick your teams based on your preferences.  Even if you don’t know much.

You weren’t going to win the pool anyway.

Any other use for a machine that will make decisions for you based on your preferences and a bunch of stuff you don’t know??

Leave a comment

Filed under Analytics, Collect, Use

Algorithm to determine who’s thinking about quitting

What does your organization look at to determine who may be thinking of quitting? Do they really look at that?

Thinking of Quitting? The Boss Knows,” Wall Street Journal, March 14, 2015 A1. Several large firms monitor data to determine who may be leaving soon.

But what do you do with that data after you get it?  How reliable is it?

Leave a comment

Filed under Analytics, Business Case, Collect, Management, Privacy, Risk, Use, Value

Two days’ news

Computer problems on Thursday.  Just getting to Friday.


U.K. Panel Eyes Better Metadata Protection,” Wall Street Journal, March 13, 2015 B4. Recommended enhancements to protections for browsing history and location data, among others.

Surprising how a little data can reveal a lot about you and your preferences.


Thieves Steal Company Web Addresses,” Wall Street Journal, March 12, 2015 B4.  Thieves redirect traffic and hijack your web address, leading to lost and confused customers.

Denying others access to information you want your customers to see can be costly.




Leave a comment

Filed under Access, Analytics, Business Case, Controls, Information, Interconnections, IT, Privacy, Risk, Security, Third parties, Value

Who’s on first?

One aspect of information governance is “Who’s in charge?”  Who governs?  And what if two people think they govern?

Medical Device ID Effort Hits Snag,” Wall Street Journal, March 11, 2015 B1.  The FDA tells medical device makers to include a unique device identification number on each device.  The plan was to have this number entered on billing forms so the devices could be monitored for failure more easily.  But Medicare is afraid it will cost too much to change their forms.

Does your organization have one person who makes The Decision, or is there more than one decision maker? Well, tri-partite government seems to have resolved the issue. Or has it?

This is why I prefer a single owner to an Information Governance Steering Committee.

Leave a comment

Filed under Board, Business Case, Compliance, Governance, Oversight, Risk