April 30, 2015 · 5:27 pm
One dimension of “access” is when you give or get access to information. Can you discriminate between players, giving one quicker access than the other?
“Boy, High-Frequency Lawsuit Was Dismissed in a Flash,” Wall Street Journal, April 30, 2015 C3. Dismissal of suit alleging high-frequency traders were given unfair access to information.
Not sure why suit was dismissed.
BTW- this is the 600th post on this blog.
Filed under Access, Business Case, Controls, Governance, Information, Interconnections, Internal controls, IT, Oversight, Risk, Value
April 29, 2015 · 3:07 pm
You bought shares in a company and follow the company’s reports on performance. What happens when the company decides to stop reporting a statistic you thought was valuable? Why did they really drop it and what can you do, other than sell?
“Twitter Goes Off Message,” Wall Street Journal, April 29, 2015 C12. Twitter stock drops 18% on bigger-than-expected losses.
Leaving aside for now how the earnings information got leaked early (was it tweeted?), buried in the piece was the info that Twitter dropped reporting of “timeline views” as no longer relevant. As the Journal says, “it didn’t offer investors a substitute.”
The company has decided to stop reporting certain information to its shareholders. Is that, by itself, useful information? What obligations do the directors and company management have to share information with the shareholders?
Filed under Access, Board, Communications, Culture, Governance, Inform market, Inform shareholders, Information, Investor relations, Oversight, Value
April 28, 2015 · 12:36 pm
I was tempted to post about how the costs of breaches like the one at Target are spread among the different participants (“Small Lenders Cry Foul Over Breach Costs,” Wall Street Journal, April 28, 2015 C1), but then I saw an article about hospitals. Not in Business & Technology or Money & Investing sections. In the Personal Journal.
“Researchers Map Where Hospital Pathogens Are Lurking,” Wall Street Journal, April 29, 2015 D3. Study of what pathogens exist where in a hospital.
Your company has millions or billions documents (paper and electronic). How do you track what you have and where you have it? How do you analyze all that information and determine what’s useful? How do you use it?
The hospitals gather a lot of data and analyze it to find out where bacteria live and prosper, with a view to preventing infection and keeping patients healthy (which is the core mission of a hospital). Parallel universe?
April 25, 2015 · 5:00 pm
When we conduct or attend compliance training sessions, there’s a sign-in sheet. What if that gets fudged and someone gets a pass when he or she shouldn’t have?
“Tulsa Probe Eyed Reserve Deputy’s Certification,” Wall Street Journal, April 25, 2015 A2. Questions about the certification of the reserve deputy who allegedly shot and killed man. The reserve deputy may have mistaken his gun for his Taser.
One of the reasons companies do training is to prevent accidents. Another reason is to insulate the company from liability. If there is an accident, the company wants to prove it trained the employee and he or she didn’t follow that training. But what if the documents around that training, or the competence of the trainee, are ambiguous?
Is this part of information governance?
Filed under Business Case, Collect, Compliance, Compliance, Controls, Governance, Internal controls, Management, Oversight, Risk, Use
April 24, 2015 · 2:36 pm
“Lehman Trader Taped Conversations,” Wall Street Journal, April 24, 2015 C2. Trader recorded discussions with his employer about what would happen to his Lehman bonus after he went to work for Barclays. Some ambiguity in conversations and subsequent contract with Barclays leads to lawsuit. Claim: $83 million.
How do manage and preserve what our employees say? How do we control what they record? Who owns the information contained in a discussion with an employee about salary and benefits? Is that proprietary to the company?
There’s an app for that.
Filed under Business Case, Collect, Communications, Controls, Definition, Duty of Care, Governance, Information, Internal controls, Management, Oversight, Ownership, Ownership, Policy, Protect, Protect assets, Risk, Use, Value
April 23, 2015 · 11:51 pm
Is your computer code tangible property that can be stolen, especially if you still have it?
That’s one question in the “Secret Sauce” case.
“Jury Gets Goldman ‘Secret Sauce’ Case, Wall Street Journal, April 23, 2015 C3. Defendant raises technical defenses in criminal case involving theft of computer code from Goldman Sachs, arguing non-tangible binary data don’t/doesn’t have physical form.
Can you steal something the plaintiff still has? We’ll see. A not guilty verdict would raise a lot of questions about identity theft. Among other things.
April 18, 2015 · 5:08 pm
Lot of focus this week on access to information, and how managing access is a key element of information governance. Here’s another one.
“Bloomberg Terminal Outage Roils Trading,” Wall Street Journal, April 18, 2015 B5. Traders worldwide scramble to communicate when one of their primary trading and communications platform shuts down for a few hours. Bloomberg provides a heavily used chat function in a heavily regulated industry.
Would your employees be able to continue to communicate if your email went down? Would that communication be captured and backed up? How would you find it later? Are there regulatory or policy prohibitions on the use of personal email or chat accounts for company business? Is it secure? It’s your company’s information, right?
Filed under Access, Business Case, Collect, Communications, Compliance, Compliance, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Management, Oversight, Ownership, Ownership, Protect, Protect assets, Risk, Use
April 17, 2015 · 11:46 pm
If you live in the US and access your Netflix from an ISP from your hotel room in England, some movies are blocked, for licensing reasons, among others. But you can set things up so Netflix thinks you’re accessing from Virginia.
“Video Streaming Geo-Blocking Is Getting a Workaround,” Wall Street Journal, April 17, 2015 B4. How to get around geo-blocking.
If you want to limit your customers’ access to your information depending on where they are, can your customers circumvent those limits? Does that make your information more or less valuable? To whom? Is it legal?
Filed under Access, Business Case, Controls, Governance, Information, Interconnections, IT, Management, Protect, Protect assets, Risk, Third parties, Value
April 16, 2015 · 3:23 pm
Managing access to information is clearly an element of information governance. That can be gaining access to useful information or can be permitting and limiting access to your information. Lots of security and leveraging issues.
“‘Ransomware’ Becomes Bigger Company Threat,” Wall Street Journal, April 16, 2015 B1. Companies admit to paying up to get access to their data. Small businesses are targets, and initial payments seem inconsequential.
What would happen if someone blocked your company’s access to its data? How much would you pay? Who’s job would be in jeopardy? Would your business survive?
Filed under Access, Board, Business Case, Business Continuity, Collect, Controls, Duty of Care, Governance, Information, Internal controls, IT, Management, Operations, Oversight, Oversight, Protect, Protect assets, Protect information assets, Risk, Security, Value
April 15, 2015 · 6:26 pm
If you are en employer looking to hire, you know exactly what you want: you want someone like Joe (or Judy). But how do you find a Joe or a Judy based on the pile of resumes?
Well, you have a company ask Joe or Judy a lot of questions. It doesn’t matter whether their answers are “right,” just that they have answered. Then you ask the same questions to your applicant pool and select the potential new hires from those who answered the same as Joe or Judy. Or so the theory goes. Early industrial psychology.
“To Get A Job, New Hires Are Put To The Test,” Wall Street Journal, April 15, 2015 A1. Use of tests to identify “good” hires, based on responses of “good” employees, leads to better retention.
So, there’s nothing you can do, other than try to predict how Joe or Judy would have answered. Is this analytics? It is certainly using information for your business, even if you don’t know what that information means.