Hopefully, building on the last three posts9https://infogovnuggets.com/2019/01/04/catching-up-again/ , https://infogovnuggets.com/2019/01/04/catching-up-again-part-2/, and https://infogovnuggets.com/2019/01/04/catching-up-part-3/, this will close out 2018.
- Fake news
“Journalist at Center of False-Reporting Scandal Faces New Allegations Over Donation Requests,” The Wall Street Journal, December 24, 2018. The first paragraph says it all: “German magazine Der Spiegel said it would file a criminal complaint against a former star writer who admitted falsifying reports, after discovering that he also appeared to have set up a fake charity operation for Syrian children.” One can only assume the paper had a policy about not making up stories, or not fleecing the readership.
- Morally but not legally guilty.
“JD.com Founder Faces Backlash at Home: ‘Behind the Law is Morality,’” The Wall Street Journal, December 24, 2018. Even though released and after the closure of a three-month investigation into a rape allegation, the founder of a large ecommerce business in China is still getting hammered in the Chinese press (and, one might imagine, at home). Is that Governance, or Compliance? How does Compliance deal with an accusation that is not sustained?
- Libor was information, too
“UBS to Pay $68 Million to Settle State Libor-Manipulation Claims,” The Wall Street Journal, December 24, 2018. Goes back to the 2008 charges of mucking about the the benchmark London Interbank Offered Rate, used a lot in loans and such. Two aspects here, first dealing with the use of a number derived from supposedly unbiased people to govern “your” deal, and, second, the cost of non-compliance, even if long-delayed.
- Which was it?
“Maintenance Lapse Identified as Initial Problem Leading to Lion Air Crash,” The Wall Street Journal, December 26, 2018. Maybe it was not improper or inadequate training; maybe it was improper maintenance. Investigation into crash of Lion Air continues. Highlights the difficulty of establishing the facts after the fact. So much information.
- Why do you track the numbers if you don’t use them?
“Psychiatric Hospitals With Safety Violations Still Get Accreditation,” The Wall Street Journal, December 27, 2018. What exactly does “accreditation” mean, if you can have a bunch of serious violations? The failure rate is about 1%, and nearly all the inspections are by one company. This is primarily an Information point, on the failure to make use of the available information, or the failure to make it available. And does the government exercise appropriate oversight/governance given the amount of federal funds involved?
- Resume errors
“Acting Attorney General Matthew Whitaker Incorrectly Claims Academic All-American Honors,” The Wall Street Journal, December 27, 2018. The Acting AG apparently made this error consistently on his resume for years; he wasn’t an Academic All American; instead he was a District VII All District selection. If he were genuinely confused about what he was awarded, this makes some sense. But one would have thought that somewhere along the way this would have been discovered. Is that Information or Governance? If it were an employee at your company, what would be the sanction?
- Information vacuum
“Commerce Department Won’t Publish Data During Shutdown,” The Wall Street Journal, December 27, 2018. One wonders what the consequences will be of the absence of this data. The article says, “Investors often depend on these reports to make trades, which affect stock values, bond yields and the value of the dollar. Businesses use them to make investment planning decisions. Federal Reserve officials depend on them to make interest-rate decisions that ripple through the economy.” If you rely on a third party for key information, what do you do when you can’t get it? What’s Plan B?
- Who owns the artwork?
“‘Absolute Control’: Cuba Steps Up Artistic Censorship,” The Wall Street Journal, December 27, 2018. Cuba severely restricts an artist’s ability to make money from his or her art. Sure, this is Governance, but is art also Information?
- How does your doctor make referrals? I want to know.
“The Hidden System That Explains How Your Doctor Makes Referrals,” The Wall Street Journal, December 28, 2018. Apparently, there are processes in place that might influence your doctor’s judgment. Would you want to know that? Is there an ethical issue (Governance/Compliance) that surround this information and how it is used? Is this conflict disclosed to you? Adequately? Do the insurers (who have money in the game) push back on this enough?
- Statements on Twitter aren’t facts?
“Elon Musk Says Pedophile Accusation Against British Man Was Protected Speech,” The Wall Street Journal, December 28, 2018. Calling a cave diver rescuing boys in Thailand a pedophile is at the heart of the suit against Elon Musk. Does Twitter have no rules with which one must comply, and no one to enforce those (non-)rules? Or do we have systems of Compliance and Governance that punish libelous statements, broadly published, regardless of the media/medium?
“Wells Fargo to Pay States About $575 Million to Settle Customer Harm Claims,” The Wall Street Journal, December 29, 2018. More fallout from the account cramming and related scandals. Total payments so far: ~$4 billion. Cost of compliance, or cost of poor governance.
Filed under Access, Accuracy, Analytics, Collect, Compliance, Compliance (General), Controls, Corporation, Data quality, Definition, Directors, Duty, Employees, Governance, Information, Internal controls, Lawyers, Management, Ownership, Use, Value
It seems that several (most of?) the large privacy breaches have something in common: something smaller happened earlier that people didn’t pay enough attention to.
“Marriott’s Starwood Missed Chance to Detect Huge Data Breach Years Earlier, Cybersecurity Specialists Say,” The Wall Street Journal, December 2, 2018 (online). There was a prior breach in 2015 that, some say, could have been investigated more thoroughly.
Might this happen in your business? Say there’s a relatively minor breach, affecting a single client’s information. Or a minor compliance issue. You discover it and take action. But does the breach itself indicate weaknesses in your system of controls that may have broader implications? Do you change your training or other controls to reflect this experience, or the experience of others in your industry?
This brings to mind a common finding in accident investigations. Something small happened that could/should have put you on notice. But it was ignored or downplayed.
How does your organization deal with near-hits in the compliance or information governance space? Is this part of oversight? Or a part of effective knowledge management?
Filed under Analytics, Collect, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Knowledge Management, Management, Oversight, Privacy, Protect assets, Security, Third parties, Use
“Wall Street Analysts Are Selling More Data,” The Wall Street Journal, November 8, 2018 B11. Analysts are searching and make available a bunch of information on your information, including “social media sentiment … and geospatial mapping.” Think of it as expanded research reports.
Well, they are in the business of reviewing data and offering opinions (for a price). Is it much of a disintermediation for them to start selling the information directly? I guess there’s money in it. Or service.
Filed under Access, Analytics, Collect, Controls, Corporation, Duty, Information, IT, Management, Operations, Ownership, Security, Third parties, Use, Use, Value
“Technology Puts Pinch on Oil Smuggling,” The Wall Street Journal, November 2, 2018 B6. Smugglers of Iranian crude will be challenged by satellites and big data.
Smugglers had in the past “hid” their ships, but that will now be harder. Certain companies find a business opportunity in helping to track these vessels.
What controls do you need to have in place to make sure your policies are followed? How have people tried to avoid your controls? How did you/will you respond? Is there a market opportunity for others to help you enforce compliance by collecting other information?
“Alternative Data Is Valued on Wall Street,”The Wall Street Journal, November 2, 2018 B1. Companies mine different types of available information to help traders.
Is information is worth so much, won’t someone start a business to provide it? Apparently. What should you be monitoring to understand how your customers make their purchasing decisions, or what your competitors are doing?
Drones looking at parking lots and where are the iPhones coming from and going to and how many construction permits were issued? What’s your metric? How do you measure it?
What happens when you have to disclose your secret sauce?
“13 Secret Steps for Harvard Admission — They May Not Help,” The Wall Street Journal, October 29, 2018 A1. Analysis of admissions data shows what affects (helps, hurts) your chances of admission.
If you were Harvard, would you want to keep this secret, to prevent people from gaming the system? If you were an applicant, wouldn’t you want to know?
Certainly, this is Information, but to what is it relevant? Can you use it effectively, or is it just interesting? What’s it worth to you?
From a Governance perspective, did Harvard have sufficient controls in place to prevent both the violation of law and the appearance thereof? We’ll see.
This blog explores, from time to time, the outer reaches of the intersection(s) of Information, Governance, and Compliance.
Consider, for a moment, a fingerprint. Not what you normally consider “information.” And one seldom thinks of “managing” a fingerprint. Who owns your fingerprint? But consider the value of a fingerprint, and both the failure to “manage” or control where that fingerprint can be found and the ability to find that fingerprint and locate its owner. How much information governance is involved in this process?
“Fingerprint Leads to Arrest Of Bomb Suspect in Florida,” The Wall Street Journal, October 27, 2018 A1. Alleged mail bomber’s fingerprint in a package sent to a legislator leads to arrest of suspect.
Which leads me to the question,”What is there that isn’t information that is managed or controlled in our lives, or a least directly related to information that is managed?” I struggle to find an example of something that isn’t information, or directly related (perhaps somewhat remotely) to information that is managed or controlled.
Filed under Access, Accuracy, Analytics, Collect, Compliance, Controls, Data quality, Definition, Duty of Care, Governance, Information, Management, Oversight, Ownership, Records Management, Risk assessment, Use, Value
“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1. Tim Cook wants GDPR-style privacy protections in the US. Claims “[o]ur own information … is being weaponized against us with military efficiency.”
He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.
How do we wrest control of our information back again? Or is privacy dead? And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?
Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value
How is the data in that report collected? What’s included and what’s not? Do you know?
“In Crime Data, FBI Has to Fill In Missing Pieces,” The Wall Street Journal, October 20, 2018 A2. To make unified national crime estimates, the FBI fills in some gaps in the data it receives from the states. Because it follows a method developed fifty years ago.
Discrepancies run from 2.8% to 68%, per state.
“Senator Releases DNA Test Results,” The Wall Street Journal, October 16, 2018 A4. Senator Elizabeth Warren released DNA results about her ancestry.
Facts are facts. And labels are labels, and not necessarily facts. How much of a certain DNA do you need to have to be a minority, entitled to affirmative action?
So, the blood results are information. But who has the power to decide who is and who is not a Native American? Are labels just short-hand opinions? And, as opinions tend to do, are either right or they’re wrong, with the actual facts determining the actual truth or falsity.