Category Archives: Ownership

Same song, different verse

“App Developers Gain Access To Millions of Gmail Inboxes,” The Wall Street Journal, July 3, 2018 A1.  Depending what you signed up for, your Gmail inbox may be being viewed by hundreds of outside software developers.

Be careful what you agree to, and who you let see your information.

Advertisements

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

EU comes West

“Sweeping Privacy Bill Passes in California,” The Wall Street Journal, June 29, 2018 B1.  State law gives us the right to not share our data online, and to prohibit the sale of that information.  Downside: it may cost you more.

This will be hugely disruptive for online businesses.  But it does get to the question: “Who owns ‘your’ data?”

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Ownership, Privacy, Value

What you have, where you have it

A common starting point to information governance projects is to determine what information you have and where you have it.  Then you can start to manage it. But what happens if you don’t know what you have nor where you have it?

“Facebook Struggles to Find User Data,” The Wall Street Journal, June 28, 2018 B1. “The company can’t track where much of the [user] data went after it left the platform or figure out where is it now.”

A lot of the information is or was with app developers that are now out of business.  What happened to your/Facebook’s/their data?

Sure is easier to figure this out going forward than it is to figure out what happened between 2007 and 2015.  Especially if disclosure of some of that information is blocked by the government in far-off lands.  Or if the app developers don’t fancy having Facebook root through their servers and discovering their business secrets.  Or if Facebook doesn’t have a contractual right to get this information.

Sure would be easier if they’d had the proper controls in place at the time.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Ownership, Ownership, Privacy, Protect assets, Security, Third parties, Vendors

That clears that up

“Court Ruling Boosts Phone Privacy,” The Wall Street Journal, June 23, 2018 A1.  The Supremes’ rule that, in order to get your cell phone’s location data from your service provider, the government needs a warrant.

This raises several interesting Information-related points.  First, who owns that information?  Second, who (beyond the “owner”) has possession of that information? Third, who does the warrant get served on – the third party (also) in possession of this data, or the person who owns it and who doesn’t possess this data, and who in fact seldom knows that this data exists? Fourth, what else, beyond cell phone location data, is within this special zone of privacy, both today and in the future?  Fifth, what exactly are the exceptions?  Are they limited to bomb threats and shooters and child abductors?  Or is that somewhat flexible, too?  Does this hinge on “reasonableness,” which is somewhat loosy-goosey except in retrospect?  Does this apply to your Metro card?  Or your PayPal account?

And, then, as a Governance point, how does one justify this expansion of protection to things that are not “their persons, houses, papers, and effects …”?  Expanding a right to privacy that does not exist in the express language of the Constitution.

I haven’t read the decision and the dissents, just some news reports.  But didn’t a statute passed by Congress allow the government to access your data when stored with third parties? Is that statute (the Stored Communications Act) now valid or invalid?

Leave a comment

Filed under Access, Compliance, Duty, Governance, Government, Information, Ownership, Ownership, Privacy

Happy Birthday!

Vendors with whom you deal can (and do) capture lots of information about you.  They use that information.  Hopefully to improve customer service.  Can they disclose what they know to others?  What if your traveling companions don’t know it’s your birthday because you don’t want them to know?

“What  the Airline Knows About The Guy in Seat 12A,” The Wall Street Journal, June 20, 2018 A11.  What information on you do airlines collect and how do they use it?

If the information is correct and used positively, that’s one thing.  What if it’s wrong, or used negatively?  What if it leaks?  What if it’s sold?

Leave a comment

Filed under Access, Accuracy, Collect, Controls, Corporation, Duty, Duty of Care, Governance, Information, Management, Oversight, Ownership, Privacy, Protect, Use

Car 54, Where Are You?

Is where you are “information”?  If so, who owns it?  Can one piece of information be owned by more than one person, at the same time?  Is this something unique about “information” generally?

“Phone Giants Cut Off Two Location Services,” The Wall Street Journal, June 20, 2018, A1.  Verizon, AT&T, and Sprint will stop selling your location to two middlemen.

This decision wasn’t a recognition that your location is your information.  Rather, it was because one middleman allowed law enforcement agencies to see location data without a warrant. So, the phone companies are protecting your privacy from the government, but not from the phone companies.

One would hope that you could decide how and when your location data could be used by someone else.  But that is your decision, on your information.

Toody and Muldoon, where are you?

 

Leave a comment

Filed under Access, Controls, Corporation, Definition, Duty, Information, Internal controls, Ownership, Privacy, Third parties

Information – Use

In a robbery investigation, the victim gave police an Instagram photo of the suspect and the police ran that photo through a facial recognition system and the state’s drivers license database, and a driver’s license photo was identified.  The driver was arrested.

Is it okay for police to use (a) the Instagram photo or (b) the driver’s license photo to identify a robbery suspect?  Who’s information is it?  Is this an invasion of privacy?  As long as the suspect can contest the accuracy of the facial recognition software, do his rights count more than the victim’s?  Do restrictions on the use of biometrics in some states (Texas, Illinois, and Washington that I know of) change the calculus?

“Police Use of Driver Photos Stirs Debate,” The Wall Street Journal, June 18, 2018 A3.

Leave a comment

Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, Ownership, Privacy, Third parties