“Senator Presses for Disclosure Of Hospital Inspections,” The Wall Street Journal, September 20, 2017 A2. Senate wants to publicly disclose the inspection reports of accreditors of hospitals who review health and safety issues.
Wouldn’t you want to know?
To manage junk, get rid of it. To manage the junk you can’t (or won’t) destroy, you need to know where it is. Or bad things happen
“A Band Of Junk Clutters Space,” The Wall Street Journal, September 13, 2017 A1. The Air Force tracks about 23,000 objects in orbit, but doesn’t “own” all of them, nor does it have the right to destroy them all.
Sounds to me a lot like information governance — there’s a lot of stuff to manage, even though a lot of it is junk. Who owns “it” and who’s in charge? Who is the ultimate decision maker about what can be destroyed? In the absence of a governance structure, who does what?
“Judge Grants Access To Protesters’ Data,” The Wall Street Journal, August 25, 2017 A3 (when I evacuated Houston). Prosecutors get some access to data on who used a certain website to plan protests on Inauguration Day, which protests led to riots and vandalism.
Freedom of speech is a big control on information governance. But as Justice Holmes said, you can’t falsely shout “Fire” in a crowded theater with impunity. (The word “falsely” is often dropped.) So some access seems okay, does it not?
The other side of information security.
In a departure from normal practice, I comment upon an event unreported, as far as I can tell, in The Wall Street Journal. For me, some things transcend politics.
Maybe I missed it. Or maybe The Wall Street Journal didn’t see fit to print the leaked transcripts of President Trump’s post-inauguration phone calls with the leaders of Mexico and Australia.
What does it say that this story, blaring over the TV newswires, wasn’t printed? Does it say something about some organizations placing the Nation’s security above their own circulation numbers? Is that a control you can rely on? Apparently not from everyone.
Even if the paper had or did print something on this, what does the leak of those transcripts say about information governance? First, does the White House have adequate controls and culture in place? Clearly not. Maybe General Kelly can help with that.
But what about the person who signed an oath and nonetheless decided to leak these classified transcripts to the press, thinking little or nothing about the impact on future calls between world leaders? What’s their understanding of duty? Placing the Nation’s needs above those of party or self?
Hang ’em high.
Filed under Access, Compliance, Controls, Culture, Duty, Employees, Governance, Government, Internal controls, Protect assets, Third parties
A key element of governance is determining who’s in charge. And who’s responsible when something goes wrong.
“Fed Looks To Ease Curbs on Directors,” The Wall Street Journal, August 4, 2017 B10. “The Federal Reserve proposed scaling back the requirements it places on banks’ boards of directors….” The Fed is concerned “it has been overloading boards with too many specific requirements….”
Have the Fed attempts at micromanagement resulted in directors taking their eyes off the ball? Does the Fed take responsibility for over-management? Is the Fed a fiduciary, with liability to the banks or their shareholders?
Apparently, keeping the identities of confidential informants secret poses some challenges. Are there information governance lessons to be learned?
“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years. One source of information: online court records that provide clues as to who cooperated with the prosecutors. Some inmates may be posting their sentencing files to establish their bona fides.
Hard to classify this in this blog. Does this pertain to
- the value of accurate and complete information
- the risk in making information widely available
- the government’s duty to protect informants
- the government’s duty to have a transparent criminal justice system
- a defendant’s right to confront his/her accusers
- the need for security and the difficulty in providing it
- the proactive value of disclosure
- the fact that information can be misused
- the difficulty in creating effective controls
Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value
One unique aspect of information is that it can be stolen, yet remain in the owner’s possession. Apparently, medical facilities are required to report if your medical information is stolen, but not if it is merely kidnapped and held for ransom.
“Some Cyberattacks Go Unreported,” The Wall Street Journal, June 19, 20127 B3. Whether hospitals need to report a ransomware attack of their files as a data breach is a “gray area,” and the federal government doesn’t require such reports, even if the government knows about them. Some hospitals don’t report ransomware attacks, so these attacks are not in the HHS statistics.
So, patients don’t know when hospitals have weak security protection. What value, then, are the government statistics? Do they need a big asterisk?
Filed under Controls, Corporation, Data quality, Duty, Government, Information, Internal controls, IT, Legal, Requirements, Security, Third parties, To report, Value