Category Archives: Privacy


It’s one thing when an insurance company asks you to install an appliance that tracks your driving habits.  You can qualify for rate discounts.  But what if the car manufacturer installs an app that sends the data to the insurer?

“App Tracks Driving Habits,” The Wall Street Journal, July 6, 2018 B3.  Mitsubishi installs app and offers to arrange to send data to insurers.

Again, this looks like someone else stepping in and trying to make money from sharing your data, not theirs.  Will this, as this article says, lead to insurers economically forcing you to share this information?  How you drive is one thing; but this would also include where you go, and when.  And can be tied to your credit rating, ZIP code, age, gender, etc.

What’s this data worth to you?  More or less than what it is worth to Mitsubishi and the insurance companies?  What will they do with this data once they have it?  Will they keep it secure?  Do they do this on cars sold in Europe or, for that matter, Japan?  Both countries have significantly stronger privacy protections than the US.

Leave a comment

Filed under Access, Analytics, Controls, Information, Privacy, Security, Technology, Third parties, Value


“Cheap Phones Grab User Data,” The Wall Street Journal, July 6, 2018 B1. Cell phones sold in developing countries with limited privacy protections loaded with programs that harvest data.

While the phone give free access to the Internet, they are loaded with apps that track the user’s location, run targeted ads, and send usage data to the phone manufacturers.  But the users aren’t given a choice, beyond whether they want a phone or not.

Is this similar to the Faustian bargain already made in developing countries, trading our privacy for access to Facebook or Google or Amazon?  At least we were given the choice.  Sort of.  And we have privacy laws.  Sort of.




Leave a comment

Filed under Access, Controls, Privacy, Security, Technology, Third parties, Value


This blog looks at the intersection of Information, Governance, and Compliance.  Normally, when one hears “Compliance,” one assumes it means compliance with law.  But Compliance also extends to compliance with policy.

“Barnes & Noble Cites Policy In Firing,” The Wall Street Journal, July 5, 2016 B1.  B&N CEO and a member of the board fired after a little more than a year for violation of a so-far-undisclosed company policy..  No severance package.  Ouch.

What sort of message does that send to the rank and file when the CEO gets punished for violating company policy?  Does that extend beyond the policy the CEO is accused of violating?  Is that why the specific policy wasn’t mentioned?

I assume this was for a violation more serious than failing to follow the company’s Records Retention Policy.  But aren’t all violations of company policy by the CEO equally serious? Aren’t all violations of policy equal, or are there capital “P” policies, and small “p” policies?  How does an employee tell the difference?

And the company chose to publicize at least the basic reason for the firing; does it do that in all firings for policy non-compliance?  Does the CEO have more or less privacy rights than the lowest-paid employee?

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Policy, Privacy

Same song, different verse

“App Developers Gain Access To Millions of Gmail Inboxes,” The Wall Street Journal, July 3, 2018 A1.  Depending what you signed up for, your Gmail inbox may be being viewed by hundreds of outside software developers.

Be careful what you agree to, and who you let see your information.

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

How to prevent contamination?

“Amazon Delves Into Health Data,” The Wall Street Journal, July 2, 2018 B3.  Amazon buys a company with a bunch of personal health information.

It’s not like Amazon doesn’t have to deal with a whole host of privacy regulations, including the EU and, more recently, California.  But personal medical information is different, and subject to different controls.

How does a company that lives on finding relationships in large bodies of information deal with information that can’t be used freely?

We’ll see.

Leave a comment

Filed under Access, Analytics, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Policy, Privacy, Third parties

Telling the truth is a journey

“Facebook Details Data Sharing,” The Wall Street Journal, July 2, 2018 A1.  Facebook “expands” its answer to the question, “Who else saw our data?”  Apparently, a lot more people than Facebook said originally.  A bunch of special deals and exemptions from Facebook’s “policy.”

So, apparently Facebook does not have a personal relationship with the truth, but they sure have your information.

One expects further revelations in the months ahead.


  • Lying is not an effective communications strategy
  • When you’re being investigated, either tell the truth or say “I don’t know.”
  • The only person who can grant an exception to a policy is the person who issued the policy (or their superior)
  • Strictly enforce your company policies, or they won’t help much
  • Treat my data with as much care as you treat your data

Leave a comment

Filed under Accuracy, Communications, Compliance, Controls, Corporation, Culture, Duty, Governance, Internal controls, Investor relations, Oversight, Policy, Privacy, To report

Facial recognition

The suspect makes his fingerprints unreadable, and doesn’t have a wallet or other ID.  Who is he?

“Controversial Facial System Identifies Suspect,” The Wall Street Journal, June 30, 2019 A3. Facial recognition used to identify the shooter at the Capital Gazette in Annapolis, where five died.  A picture was run through the drivers license data base, and up popped his license photo.

Biometrics as information?  Role of technology in information governance?

Leave a comment

Filed under Accuracy, Collect, Data quality, Privacy, Technology, Use