Category Archives: Third parties

What politically sensitive information do you have on your phone?

“Spies Make Push Into Phone-Hacking,” The Wall Street Journal, June 8, 2018 B4. Governments increase attempts to hack mobile phone to access the vast troves of data there.

Well, of course they wouldn’t do that in the US.  Would they?

Advertisements

Leave a comment

Filed under Access, Communications, Controls, Duty, Governance, Government, Internal controls, IT, Oversight, Privacy, Security, Third parties

What business are you in?

“Google Bans AI in Weapons,” The Wall Street Journal, June 8, 2018 B4. Google prohibits the use of certain of its artificial information technology in weapons systems.

Do you restrict how others can use your information?  How do you enforce that?  I thought Google was in the information business.

Leave a comment

Filed under Access, Controls, Duty, Governance, Information, Internal controls, Ownership, Policy, Third parties, Vendors

Crying “Wolf”?

“Facebook Exposed Postings, The Wall Street Journal, June 8, 2018 B1.  Posts for 14 million Facebook users made public for 10 days, regardless of their default preferences.  Software bug blamed.

Whose information is it and what rules apply?  What happens when you introduce a defective product into commerce?

Leave a comment

Filed under Access, Controls, Corporation, Culture, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Ownership, Privacy, Protect assets, Security, Third parties

Errors, errors, everywhere

“Flaws Abound in Background Checks,” The Wall Street Journal, June 12, 2018 A3. {Article not available on-line).  The NCIS background check (prior to gun purchases) isn’t 100% effective, because not everyone reports.

Where does your information come from?  Is it complete, accurate, and up-to-date?  Does some of it come (or not come) from third parties?

How much do you rely on it in making important decisions?

Leave a comment

Filed under Accuracy, Controls, Data quality, Duty of Care, Governance, Internal controls, Oversight, Protect assets, Third parties

Current, accurate, and complete

When decision-makers want information upon which to make decisions, they would like to that that information be current, accurate, and complete.  Don’t we all?

“Court Backs Purge of Voter Rolls,” The Wall Street Journal, June 12, 2018 A3.  Supreme Court allows Ohio to prune its voter rolls of people who haven’t voted in a long time and who don’t reply to an inquiry as to their status.

One would expect the government would take some care in maintaining its voter rolls.  Helps provide some integrity to the process.  Is that information governance?  But we want to make sure there’s a robust process to prevent inappropriate pruning.

Is this an analog for defensible deletion?

Leave a comment

Filed under Records Management, Governance, Controls, Third parties, Internal controls, Oversight, Duty, Accuracy, Government

Compelled speech

“HHS Probes Rules on Giving Abortion Information,” The Wall Street Journal, June 1, 2018 A4.  HHS Office for Civil Rights investigates state requirements that crisis pregnancy centers must advise women about abortion services.

Leave the political/moral issues aside, and look at this from an information governance perspective.  Who mandates what information you must provide to your customers?  And are they (the mandaters) allowed to require that?

What are the limits on the government’s ability to require you to provide information to third parties? Is the U.S. Constitution a law or a policy?  Or is it Governance?

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Internal controls, Third parties, Who is in charge?

Down under

Banks normally monitor (i.e., manage) money transfers (i.e., information), in part to make sure that nefarious people are not transferring money to other nefarious people.  Apparently, they needed to monitor (i.e., manage) who their customers are (i.e., information).

“Australia’s Biggest Bank Faces Record Fine,” The Wall Street Journal, June 5, 2018 B10. Fine of $530 million proposed for bank who failed to catch transfers of money in and out of an account owned by someone who left the country (Australia) in 1999 (and who “had also been charged in Lebanon in 2004 with belonging to a terrorist organization…”).

So, does “information” include who your customers are and whether they are charged as terrorists in another country?  How do you monitor that?  Just ask your customers to notify you if they are charged with terrorism?  Have them sign a form annually stating that they haven’t been charged as a terrorist?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Governance, Information, Internal controls, Requirements, Third parties