Category Archives: Government

November 19, 2018 · 10:15 am

Governance?

Who governs access to the White House?  The Executive or the Judiciary?

“Judge Grants CNN’s Press-Pass Motion,” The Wall Street Journal, November 17, 2018 A3.  Reporter’s due process rights “appear to have been violated” when his access to the White House itself is restricted.

Who controls access to your building?  To your floor?  To your office?  To your desk?  To your computer?  To your company’s information?

How do they do it?

In the absence of a written rule, who governs what behavior is permitted in a press briefing within the White House?  The White House?  The “press corps”?  The courts?  The Secret Service?

Leave a comment

Filed under Access, Controls, Culture, Duty, Governance, Government, Internal controls, Third parties, Who is in charge?

November 19, 2018 · 10:01 am

Another one

“UC System is Sued for Data On Admissions,” The Wall Street Journal, November 16, 2018 A2.  Is the state university using race inappropriately in making admissions decisions?

The government has different obligations with respect to information than a private company.  Government also collects a lot of information.  What controls are in place to allow and to prevent the disclosure of this information?  What about for non-core activities, like running the state’s university system?

 

Leave a comment

Filed under Access, Collect, Compliance, Compliance, Controls, Duty, Governance, Government, Internal controls, Management, Third parties, To report, Use

November 19, 2018 · 9:50 am

External governance

“Rebuke at Wells Shows Clash,” The Wall Street Journal, November 15, 2018 B1.  Chief administrative officer (and former head of HR) at Wells placed on leave after the Office of the Comptroller of the Currency criticizes the oversight that she and the bank’s chief auditor provided.

If your company interacts with government regulators (and whose doesn’t?), is the government effectively a part of your governance structure?  Or is government a separate component of Governance, whether that is Compliance Governance or Information Governance?  Or just “Governance”?

And what does it say about communications when the government holds up a senior official for poor oversight?  What about the board?  Highly visible to the worker bees.

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight, Third parties, To report

November 19, 2018 · 9:25 am

Access

“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3.  Can the White House refuse to let in a member of the press into the White House for being rude?

Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide.  Think instead about who can deny a single individual access to information, while providing access to 190 other people.

Who is entitled to access information in your company?  What controls are in place to make sure that people who shouldn’t have access don’t get access?  Who determines what those controls are?  Who enforces them?  Is part of this culture?

Leave a comment

Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized

November 19, 2018 · 9:14 am

Where’s Rosemary Woods?

“Trudeau Says Canadians Heard Khashoggi Tapes,” The Wall Street Journal, November 13, 2018 A7. Canadian intelligence officials hear audio tapes related to killing.

One assumes that this is a tape of some conversation picked up by intelligence folks after the killing, and not a recording of the killing itself.  Unless someone wanted to have proof for the boss.  Perhaps intelligence agencies spy on other governments or phone calls.

Often, people think information governance is all about the written word.  But the spoken word is information, too, whether it is recorded or not.  It’s just a problem of proof.  Is someone listening or taping your conversation?  Would it matter?

Leave a comment

Filed under Access, Accuracy, Communications, Controls, Definition, Duty, Governance, Government, Information, Internal controls, Risk assessment, Security, Third parties

November 7, 2018 · 2:37 pm

Pesky little emails

Hard to believe that people are still tripping over emails.

“Emails Raise Doubts on FBI Plan,” The Wall Street Journal, November 3, 2018 A3.  Emails surface contradicting White House claims that moving the FBI from Pennsylvania Avenue in Washington D.C.  (as proposed by the prior administration) would cost more than leaving it where it is (down the street from the Department of Justice and across the street from the Trump Hotel).

Perhaps there were “soft costs” involved in the move than weren’t considered, or there were other reasons for not moving the FBI from its current location, notwithstanding the higher cost.  But it is embarrassing when emails coming to a different conclusion are discovered.

How transparent is your decision-making process?  Do you allow for some contrary information in your final decision?  Is that proactive information management of negative information?  Do you have a policy or a procedure on this?  Should you?

Leave a comment

Filed under Controls, Duty, Governance, Government, Information, Internal controls, Oversight, To report

November 7, 2018 · 1:22 pm

Chinese hacking alleged

“U.S. Charges Agents Of China Hacked Aviation Firms,” The Wall Street Journal, November 1, 2018 B4. Agents of the Chinese government indicted for trying to steal airline industry technology.

This is getting to be rather routine.  One part of this is the value of Information, and the importance of information security.  One part of this is Compliance, of course, as the US government is trying to protect the US information assets (although the company at issue probably had some responsibility for this as well, as well as their board of directors).  And, of course, Governance, as the US government is prosecuting.

We all know the business case for cyber-security.

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties

November 7, 2018 · 1:13 pm

Managing information

What does it say when you try too hard to “manage” the information that gets out?  Do you have the necessary “control” of that information?  When you try to “control” it, what does it say about you when the information gets out anyway?

This sounds like “the risk of selectively releasing information.”

“Turkey Slams Saudis Over Lack of Clarity About Slain Journalist’s Body,” The Wall Street Journal, November 1, 2018 A9.  Changing stories on the death of Jamal Khashoggi.

Apparently, there are international norms on what you need to say and how you need to say it, even if it information concerns events within a consulate.  Was disclosure legally required?  Maybe not, at least legally.  But when you do disclose, it’s a good idea to do so honestly.  Especially if someone else gets the information.

Leave a comment

Filed under Accuracy, Communications, Compliance, Controls, Culture, Duty, Governance, Government, Information, Internal controls, To report

October 28, 2018 · 12:23 pm

Compare and contrast

Europe is big on privacy.  That’s a good thing.  But perhaps not as good on freedom of speech and freedom of religion.

“Woman Who Insulted Islam Loses in Europe Court,” The Wall Street Journal, October 27, 2018 A7.  Woman fined in Austria for “disparaging” a religious doctrine, and judgment upheld by European Court of Human Rights.

So, the same place that says you have the right to be forgotten also says that you have the right not to have your religious feelings hurt.

Governing information is a tricky area, apparently, especially where the information is speech about religion. That this arose in Austria, which may because of history be especially sensitive to harming the religious feelings of others, may explain this.  Or it may not.  Is this the unintended consequence of a control that in a limited context made sense?  Or is this political, and therefore outside the normal controls?

We’re not in Kansas any more, Toto.

Leave a comment

Filed under Compliance (General), Controls, Duty, Governance, Government, Third parties

October 26, 2018 · 10:45 am

Non-disclosure non-agreement

“SEC Keeps Study On Speed-Bump Trading Under Wraps,” The Wall Street Journal, October 25, 2018 B11.  SEC has done a study of controls that slow down high-frequency traders, but hasn’t released that publicly.

The SEC is in charge of protecting the stock trading system.  As such, it watches over how quickly information moves within that ecosystem, and whether access is available to all at the same time.  But the SEC refuses to release the unredacted text of a study that it did on the impact on “controls” that limit the ability of high-speed traders to take unfair advantage of their access to information.

Curious as to why (and what) the government doesn’t want us to know.  Who oversees the government? (Hint: a free press is one of them).

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Duty, Governance, Government, Information, Interconnections, IT, Oversight, Technology, Third parties, To report, Value