Monthly Archives: May 2018

Multiple policies

“Starbucks Takes as Break For Its Antibias Training,” The Wall Street Journal, May 30, 2018 B2. Starbuck’s shuts down for several hours to train its employees on what “bias” means.  Response to incident when two men were arrested for refusing to either buy something or leave the store.  Cost: $10 million and counting.

While some may view this as a large publicity stunt, or post-crisis communication/image repair, others may see it as a strong statement of what Starbuck’s culture is or will be.  Starbuck’s also changed its policy of not allowing non-customers to sit in its stores and use its restrooms.

What happens when you have one policy (no bias) that conflicts with another policy (restrooms for customers only)?  How are employees supposed to know which policy to follow?

Does your company have policies that conflict with one another?

Leave a comment

Filed under Board, Communications, Compliance, Compliance (General), Controls, Culture, Culture, Duty, Employees, Governance, Internal controls, Oversight, Policy

Risk and Developers

After Hurricane Harvey, Houston residents could be heard asking, “What building developer would decide to build houses in a flood plain?” “Why would a City Official push such a project?” “Who would buy a house there?” “How would they ever get insurance?”  Similar discussions in flood-prone areas in Florida.

“Homes Were Built Despite Documented Lava Threat,” The Wall Street Journal, May 29, 2018 A3.  Affordable homes were built in an area with a history of lava risk.

Did we have any controls in place?  How were these controls implemented?  How many of them failed?  Who is responsible/accountable?

Next thing you know, we’ll rebuild houses in the same site.  Somebody else will pay for it.

If you always do what you’ve always done, you will always get what you always got.

Leave a comment

Filed under Communications, Controls, Corporation, Duty, Duty of Care, Governance, Government, Oversight, Supervision

A Mayor’s challenge

“Probes, Cyberattack Distract Atlanta as It Pitches Amazon,” The Wall Street Journal, May 29, 2018 A3.  Investigations of former mayor and the aftermath of a ransomware attack hamper efforts to entice Amazon to the city.

Corporations should conduct structured risk assessments.  Do cities?

One assumes Atlanta has done a risk assessment and identified the risk of official misconduct.  Did it also capture the risk of a cyberattack?  Did the risk assessment suggest that if these risks occurred, Atlanta would lose the chance of phenomenal growth?


Leave a comment

Filed under Business Continuity, Communicate, Compliance, Compliance, Controls, Duty, Duty of Care, Governance, Government, Internal controls, IT, Management, Operations, Oversight, Protect assets, Risk assessment, Security, Third parties

Extra credit reading

Interesting Journal Report on health care technology.  Several articles on new uses of information, or uses of new information, in order to do everything from brain surgery to looking after aging parents.


  1. “Augmented Reality Gives Brain Surgeons a Better View,” The Wall Street Journal, May 29, 2018 R1.
  2. “AI Tools Help the Blind Tackle Everyday Tasks,” The Wall Street Journal, May 29, 2018 R4.
  3. “Robots and Chatbots Look After the Elderly,” The Wall Street Journal, May 29, 2018 R6.
  4. “Apps Promise to Help Avoid Pregnancy,” The Wall Street Journal, May 29, 2018 R7.
  5. “For Those With Dementia, an Assist From Technology,” The Wall Street Journal, May 29, 2018 R8.
  6. Doctors, Beware: You’re Being Watched,” The Wall Street Journal, May 29, 2018 R10.”


Leave a comment

Filed under Collect, Definition, Information, Operations, Use, Use, Value

Bait and switch?

You make some promises, or strong indications, to a star performer that he or she is so above average, next year you will get ___ a year early.  [Fill in the blank]

How do you handle a change in direction?

“Goldman’s Rising Stars Told to Hold,” The Wall Street Journal, May 26, 2018 B9.  Two years ago, a group of high-potential employees were told they were on the fast track and would get promoted before the rest of their class.  Now they are told there is no fast track this year.

How do you handle it when you have to tell your star performer that she/he’s not going to get what you told them they were going to get?  Have you just put your crown jewels into play?  How do you rebuild trust and confidence in your best and brightest?

Is this Information or Governance or just bad management?  Does it matter whether you told them in writing or not?  Is that a risk that was considered?


Leave a comment

Filed under Definition, Duty of Care, Governance, Information, Protect assets, Risk, Who is in charge?


“New EU Rule Puts Scare Into Websites,” The Wall Street Journal, May 26, 2018 B4.  US websites block access by people in the EU to avoid breach of new GPDR.

This raises several interesting questions.

  1. What’s the risk that your website collects or stores information in violation of the General Data Protection Regulation?
  2. Is it better to cut off service to people in the EU rather than to take the risk that you don’t comply with EU privacy legislation?
  3. Will this open up a new market for Google-like and Facebook-like European competitors?
  4. How will the users in the EU react?
  5. Just how hard is it to comply with the GDPR?  You write a policy and take some internal steps to control your use of consumer information.
  6. Is this Y2K revisited?
  7. Is this Information, Governance, or Compliance?  A combination of some all of those?

Leave a comment

Filed under Access, Business Case, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Interconnections, Internal controls, IT, New Implications, Oversight, Privacy, Protect assets, Risk, Technology

Programming flaw

If your business includes programming software to perform certain tasks, you no doubt have quality control processes.  Are those processes “information governance”?

“Software Flaw Trips Fiat Chrysler,” The Wall Street Journal, May 26, 2018 B1. Short circuit could prevent you from disengaging the cruise control. Results in recall of 5.3 million vehicle.

Cost of effective quality control: unknown.  Cost of a defect: priceless.

Are these people behind the design of driver-less cars?

Leave a comment

Filed under Accuracy, Controls, Definition, Governance, Information, Interconnections, Internal controls, IT, Oversight, Technology

Bypass on the Information Highway

The President isn’t the only one who seeks to reach the audience direct.

“Musk Hits At Media For Tesla Coverage,” The Wall Street Journal, May 24, 2018 B4.  Elon plans a site where the public can rate the credibility of news sources.

If “the media” continues to get targeted for fake news, where will people go for their news? Facebook?  Is it possible to separate facts from opinions?

What’s next?  Macy’s telling shoppers to go to Gimbels?  Cats and dogs living together?


  • What happens if your company loses credibility?


  • Does the medium color the message?
  • Is opinion “information,” or something else?


  • Can you encourage someone else to be objective?
  • Is the policy “all the news that’s fit to print”?  Or something else?

Leave a comment

Filed under Access, Accuracy, Communications, Data quality, Definition, Duty, Governance, Information, Policy

Private speech v. public speech

Can your employer restrict what political statements you make in the course of your employment, when you’re getting paid to wear your company shirt on television?


“NFL Adopts New Anthem Policy,” The Wall Street Journal, May 24, A14. Teams (but not players) can be fined if NFL players on the field do not stand for the National Anthem.


  • Who has the power to make what rules governing whom, and how violations of those rules will be enforced?
  • The League has the power to govern teams, but not players?  (See reference to collective bargaining agreement below.)
  • Will this redirect any fan displeasure away from the NFL and onto the individual teams or players?


  • Is an employee’s political speech information?
  • If information is received, created, or distributed by a company’s employees during the workday in the workplace, is that information company information?
  • If it’s company information, can’t the company limit that distribution?


  • Does enforcing rules against the teams and not the players work?
  • Does this comply with the collective bargaining agreement?  Is that why the policy doesn’t apply to the actual players, and just the teams?


Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Employees, Governance, Information, Internal controls, Oversight, Policy, Risk assessment, Third parties, Who is in charge?

Unsocial media

The First Amendment is first for a reason.  But can it restrict what you don’t say to people to whom you don’t speak?

“Judge Thwarts Trump’s Twitter Exclusion,” The Wall Street Journal, May 24, 2018 A4.  Federal judge rules that public officials can’t restrict who can see their personal Twitter feeds.

The First Amendment says “Congress shall make no law …abridging the freedom of speech, or of the press ….”  Is blocking someone from a Twitter feed  a law made by Congress?

But leave looking at the words aside for the moment.  Assuming this ruling is affirmed, will this improve or restrict the free flow of information?  Hasn’t the judge just abridged the freedom of speech of public officials, by requiring that what they say in a tweet be available to all?

Implications from Governance (What are the Rules, and who makes them?), Information (Who owns the information in your Twitter feed?), and Compliance (Did the judge anticipate how this would apply to all public officials?  Did the judge just make a law?).

Leave a comment

Filed under Access, Communications, Controls, Duty, Governance, Government, Information, Ownership