Category Archives: Ownership

It’s all information

This blog explores, from time to time, the outer reaches of the intersection(s) of Information, Governance, and Compliance.

Consider, for a moment, a fingerprint.  Not what you normally consider “information.”  And one seldom thinks of “managing” a fingerprint.  Who owns your fingerprint?  But consider the value of a fingerprint, and both the failure to “manage” or control where that fingerprint can be found and the ability to find that fingerprint and locate its owner.  How much information governance is involved in this process?

“Fingerprint Leads to Arrest Of Bomb Suspect in Florida,” The Wall Street Journal, October 27, 2018 A1.  Alleged mail bomber’s fingerprint in a package sent to a legislator leads to arrest of suspect.

Which leads me to the question,”What is there that isn’t information that is managed or controlled in our lives, or a least directly related to information that is managed?”  I struggle to find an example of something that isn’t information, or directly related (perhaps somewhat remotely) to information that is managed or controlled.

 

Leave a comment

Filed under Access, Accuracy, Analytics, Collect, Compliance, Controls, Data quality, Definition, Duty of Care, Governance, Information, Management, Oversight, Ownership, Records Management, Risk assessment, Use, Value

Weapons

“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1.  Tim Cook wants GDPR-style privacy protections in the US.  Claims “[o]ur own information … is being weaponized against us with military efficiency.”

He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.

How do we wrest control of our information back again?  Or is privacy dead?  And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?

Leave a comment

Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value

Hackers look to make money

That’s a catchy headline.

“Facebook Thinks Hack Was Set by Spammers,” The Wall Street Journal, October 18, 2018 B1. FB says recent breach of ~30 million accounts was by spammers wanting to make profits, and not by nation states with evil motives.  FB will likely never find who took the information.

This raises a whole host of issues about information ownership and the duty of companies who handle and store your data.   And IT security, or insecurity.  Which is your favorite?  I personally favor what this says about the culture at FB; with these issues, the FB communication to the market and its shareholders and its customers speaks volumes about how FB views the risks of its business.  So now a denial is Information, by definition.

Leave a comment

Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Technology, Third parties, Who is in charge?

You are what you eat

“Restaurants See Value In Big Data,” The Wall Street Journal, October 3, 2018 R5. A mobile app asks restaurant patrons to provide a bunch of information about themselves so that the restaurant can serve them better.

The app requests data about the patrons’ allergies.  I was surprised that the restaurant quoted in the article is in California.  Can you collect and store this information in California without infringing on the patrons’ privacy?  Are there limits on what the restaurant can do with this information?  Loyalty programs generally collect data about you.  Do you care?

What could go wrong?

Leave a comment

Filed under Access, Collect, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, Management, Ownership, Value

Inside baseball

“Panel Votes to Release Probe Records,” The Wall Street Journal, September 29, 2018 A3.  House committee votes to release some but not all of the transcripts of testimony given behind closed doors about possible Russian interference in the 2016 elections.

Interesting that, as an interviewee, you have no control over what investigators then do with what you said.  You don’t “own” that.  So, the government “governs” that information, and can ask that it be declassified; you can’t object.  But the government can decline to make some of this public, as they did here (testimony of two members or Congress were not in the interviews to be released). Power is an interesting thing.

And, as the public, you have no “right” to that information unless Congress and various intelligence agencies agree.

Leave a comment

Filed under Access, Communications, Controls, Duty, Governance, Government, Information, Internal controls, Oversight, Ownership, Third parties, To report

Email

“Yahoo, Bucking Industry, Scans Emails for Data to Sell,” The Wall Street Journal, August 29, 2018 A1.  Unlike its competition, Verizon scans your Yahoo and AOL emails and shares the data with advertisers trying to sell you stuff.

This blog focuses in part on Compliance with law and company policy and procedures.  Does one need to comply with the practices of others in the industry, even where that is not required?  Do “market forces” act as part of the Governance structure?

We already know that Yahoo feels it owns the data you exchange over their platform.  But telling others what sites you’ve visited is a bit different than telling them what you may have been mentioned in your email.

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Governance, Information, Ownership, Ownership, Privacy

Ownership

Appliances we use often capture data about how we use them.  Who owns that data, where is it stored, and what is it used for (and by whom)?

“What Your Car Knows About You,” The Wall Street Journal, August 18, 2018 B4. Large of amounts of data being collected from on-board devices, and used by car makers and others.

Will this lead to more targeted advertising?  May be worth $750 billion by 2030.  How much of that will the car owners get?

Sure, currently you have to opt in to this service.  You will read (and understand) the terms and conditions, won’t you?  And this will all be stored securely, with your privacy protected, won’t it?  Not that anyone could use your location or your driving habits against you.

Leave a comment

Filed under Access, Accuracy, Analytics, Controls, Information, Ownership, Privacy, Security, Technology, Value

Value

The value of information can be calculated in multiple ways, from multiple viewpoints.

“My Boss Makes What? (Employees Work Harder If They Know),” The Wall Street Journal, August 6, 2018 R1. Salary transparency makes people work harder.

Is what you make “private”?  Should it be?  Whose interests are served by keeping this information private?  Who owns it, you or your employer?  Do anyone have a duty to keep this private?  Why would your employer want this kept quiet?  To avoid Sally complaining that she works harder/better/faster/quieter than Sue, and should be paid more? Or to keep a competitor enticing Sally away?

Ask yourself why you want to keep your salary private.  Sure, you don’t want marketing agencies targeting you because you’re wealthy, but they probably can approximate your salary anyway.

Leave a comment

Filed under Access, Accuracy, Communications, Controls, Corporation, Culture, Duty, Employees, Governance, Information, Internal controls, Managers, Ownership, Privacy, Third parties, Value

Tapes and onions

Today, with surveillance cameras everywhere, it’s good to remember that everything you say may be recorded.  Even by someone you trust.  And those recordings turn up.

“Cohen Recorded Talk With Trump,” The Wall Street Journal, July 21, 2018 A1.  Trump’s then-personal lawyer recorded a conversation with then-private-citizen Trump about a story about a Playboy model.

Several different layers of onion involving this tape its creation, its collection by the FBI under a warrant, its production after a court-ordered review, its release to the press, and its impact.  And who owns it, at each stage of the process?  Did Trump know he was being taped?  Was this privileged?  Was the privilege waived?  How and by whom?

I just ask the questions.

 

Leave a comment

Filed under Access, Controls, Discovery, Duty, Government, Internal controls, Lawyers, Legal, Ownership, Privacy, Privilege, Third parties

Privacy breaches

“SEC Takes Close Look At Facebook Data Lapse,” The Wall Street Journal, July 13, 2018 B1. SEC looks at whether Facebook responded appropriately after learning that user data was being used inappropriately.

Is keeping investors apprised of violations of contracts or policies part of your crisis response process?  Even when it wasn’t “your” data that was breached?  Would you have caught this in time to avoid an SEC inquiry?

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, Investor relations, Oversight, Ownership, Privacy, Protect assets, Security, Third parties, To report