“Probe Focuses on Cellphone IDs,” The Wall Street Journal, April 21, 2018 B1. DOJ investigates.
Are phone companies (and a standard-setting company) conspiring to make it harder for you to keep your phone number if you change carriers? Or are they trying to make phones smaller?
Is your phone number information? If so, to whom does it belong? Is this just about whether you have to remove the SIM card to change carriers?
“U.S. Authorities Can Access Data Stored Overseas,” The Wall Street Journal, March 24, 2018 A6. US warrants will soon reach can information stored by US tech companies on cloud servers overseas.
You now need to know what you have and where you have it; now you have to know who you store it with. Saying that you have it in France and can’t turn it over to the FBI isn’t going to work here. Much like telling the French court that you need to turn it over to the US, despite French blocking statutes that forbid that.
In the event of a conflict, who wins? Is that how you know who is in charge? Are you still going to use a cloud service hosted by a US company?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Interconnections, IT, Privacy, Protect assets
What does blockchain have to do with information governance?
It’s early days yet, but think about what happens with information. It gets created, modified, transferred, stored, used, reused, exchanged, and, hopefully, deleted at the end of its life. Would it be useful to be able to track who owns the information and where it is at each step of its life? Is a piece of information that much different than a cargo container being tracked from origin to destination?
“Blockchain Has Power to Transform,” The Wall Street Journal, March 12, 2018 B4.
Filed under Access, Accuracy, Analytics, Controls, Governance, Information, Interconnections, IT, Operations, Supervision, Technology, Third parties, Use
It was bad when the Office of Personnel Management got hacked. Worse, perhaps, overseas.
“German Government Network Was Breached,” The Wall Street Journal, March 1, 2018 A9. Multiple ministries were breached. May have been the Russians. May have been the Chinese. Was it the super-secret stuff? No one knows.
What does it say when the government can’t protect its own information, much less yours?
Where does your vendor store your information? Whose laws apply?
“Justices to Hear Microsoft Case on Email Storage,” The Wall Street Journal, February 27, 2018 B4. Supreme Court to resolve whether a search warrant to a person in the US (Microsoft) can require that person to turn over materials of a non-US person stored outside this jurisdiction. At issue is the Stored Communications Act, passed in 1986, which gives some privacy protection to materials stored online.
This involves both questions of governance (does the US government get to control information stored in, say, France, if within the control of a party in the US? Even though France says the US can’t have it? Does the DOJ get to ignore laws passed by Congress?)) and questions of storage of information. Discovery rules in civil litigation go to things within your possession, custody, or control. Is there any doubt that Microsoft controls where this information is stored? Why would a search warrant be able to get less information than a litigant in a civil case? What happens if Microsoft wins? Who owns the information? Does ownership matter?
If the Court rules for Microsoft, is the issue back with Congress, to further define (or eliminate) our privacy rights?
Does the government need to obey our laws? Must Microsoft protect the rights of non-US citizens?
Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Government, Information, Interconnections, Internal controls, IT, Ownership, Privacy, Protect assets, Security, Third parties
The cobbler’s children have no shoes. Experts tend not to tend to things at home.
“Errant Charges at Coinbase,” The Wall Street Journal, February 17, 2018 B9. A bitcoin firm ended up charging its customers multiple times (as many as 50!) for the same transactions. Blames its vendors.
Let me see. You can’t work out your own electronic invoicing and you want to store our digital currency? We should trust you why, exactly?
Wouldn’t you think you’d keep a close eye on the processes by which customers are charged and you are paid?
Filed under Accuracy, Board, Controls, Corporation, Directors, Duty, Governance, Interconnections, Internal controls, IT, Oversight, Supervision, Third parties, Vendors
What if you get information from an unexpected source? What’s that worth?
“Stanford’s Aid Whistleblower,” The Wall Street Journal, February 1, 2018 B5. A second-year MBA student does a study of scholarship decisions and blows the whistle on his own school. Based on information found on a shared drive.
The information is there. Are you aware what it says? What’s it worth to have that analysis before someone else does it? Is this something that Stanford wished wasn’t found, eight years later, on a shared drive?
Is this post about the value of information or the value of managing who gets access to what? Or something else?
Filed under Access, Controls, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Protect assets, Security, Value