Category Archives: Information

What you say is information, too

“Mueller Accuses Paul Manafort of Lying to FBI After Plea Agreement, The Wall Street Journal, November 26, 2018 (online).  Did Manafort lie after he reached a plea deal?

Information is not limited to what you write in a document or an email.  It includes verbal utterances.  How do you control your “verbal utterances” when the penalty for lying to the FBI can result in 20 years in prison, regardless of what happened prior to your plea deal?

So, this involves Information (verbal statements are information), Compliance (lying to the FBI exposes you to 20 years’ in prison for each offense), and Governance (how do you avoid making an untrue utterance?).  Do your policies and controls address verbal information, and, generally, not lying to the FBI?  Need they?

Advertisements

Leave a comment

Filed under Communications, Compliance (General), Content, Controls, Definition, Duty, Governance, Information, Internal controls, Legal

Coming up to speed

Marriott Says Starwood Data Breach Affects Up to 500 Million People,” The Wall Street Journal, November 30, 2018 (online).  Data breach potentially affecting passports and credit cards of as many as 500 million guests at Marriott’s Starwood properties, which were acquired in 2016.  They knew about this in September, but reflects a breach that may go back to 2014.

So, two years after an acquisition, the target’s information security practices blow up in the acquiror’s face.  What does that say about the acquiror’s duty to integrate the data practices and controls around information protection?

Does your M&A team think about information governance issues?  Is that an identified risk, with an identified (and owned) action plan?  Did the Board identify this as a risk?  What the value of this information considered part of the transaction value?  How was that reflected?

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Risk Assessment, Risk assessment, Security, Value

When is a record no longer a record?

If you are looking to invest, it would be nice to know if the broker who has been recommended to you has a history of complaints by his/her customers or employers.  If you are the prospective broker, it would be good to be able to present a clean record, even if your record isn’t clean.

“Brokers Purge Their Records,” The Wall Street Journal, November 19, 2018 B1. Brokers can request that complaints be expunged from the records of the industry-funded regulator.  So, were you to ask you would be told there’s no record.

So, what is a clean record worth, when a dirty record can be so easily laundered?  I guess there may be multiple definitions of “record,” one of which is documentation of a business activity or decision, and the other of which is a conviction.

On the internet, no one knows you’re a dog.

2 Comments

Filed under Access, Accuracy, Controls, Definition, Information, Records Management, Third parties, Value

Very interesting

“Beware the ‘Free’ Internet,” The Wall Street Journal, November 15, 2018 A2.  How much money do Facebook, Twitter, and Google get from allowing others to access you based on your data?

The article makes an interesting comparison to Wikipedia, where a large amount of information is made available for free, without advertising.  That’s truly free.  As opposed to social media.

How much is your data worth?  To you?  To Google?  Do you agree with the implicit bargain, whereby you give use of your information in return for cat videos and an endless stream of ads?

Leave a comment

Filed under Access, Collect, Controls, Information, Internal controls, Management, Ownership, Third parties, Use, Value

Where’s Rosemary Woods?

“Trudeau Says Canadians Heard Khashoggi Tapes,” The Wall Street Journal, November 13, 2018 A7. Canadian intelligence officials hear audio tapes related to killing.

One assumes that this is a tape of some conversation picked up by intelligence folks after the killing, and not a recording of the killing itself.  Unless someone wanted to have proof for the boss.  Perhaps intelligence agencies spy on other governments or phone calls.

Often, people think information governance is all about the written word.  But the spoken word is information, too, whether it is recorded or not.  It’s just a problem of proof.  Is someone listening or taping your conversation?  Would it matter?

Leave a comment

Filed under Access, Accuracy, Communications, Controls, Definition, Duty, Governance, Government, Information, Internal controls, Risk assessment, Security, Third parties

Too much information?

“Boeing Withheld Data On Potential Hazards,” The Wall Street Journal, November 13, 2018 A1.  Did Boeing fail to disclose potential problems with its new flight-control feature?  Was that a factor in the Lion Air crash in Indonesia, killing 189 people?

Maybe this feature didn’t factor into the crash; we’ll have to wait for the cockpit voice recorder and the flight data recorder.  But if you know something and don’t tell other people who would like to know — well, that’s bad.  Even if you didn’t want to confuse them by providing them too much information.  Was it better “marketing” to tell their customers that they wouldn’t need as much training?

How do you decide how much information to provide your customers?  Are there problems you don’t mention?  Why?

Leave a comment

Filed under Access, Accuracy, Communicate, Communications, Controls, Corporation, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Management, Risk assessment, Third parties

The government does it better

In the macro sense, one of the bits of information that we own, manage, and hopefully control is who we are. How does the government control and manage this?

“Banks Find Solutions for ID Fraud at DMV,” The Wall Street Journal, November 13, 2018 B10.  Banks may use DMV databases to verify your online identity, because how you have to establish your identity to get a driver’s license normally involves you appearing in person and providing supporting documents.

Key to the process at the DMV is the trained person who checks your supporting documents.  The banks want to leverage that person’s knowledge and experience, rather than relying on a bank manager to do it.

Where else in our lives do we rely on government employees rather than ourselves as a critical control?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Definition, Duty of Care, Governance, Information, Internal controls, Knowledge Management, Operations, Oversight, Privacy, Protect assets, Third parties, Use