Category Archives: Discovery

November 13, 2018 · 7:40 am

Too much sharing

I’m a bit of a knowledge management wonk, having been involved in the then-nascent KM movement within the inhouse legal community in the early 2000s.  But there can be too much sharing.

“Sinclair Settles With U.S. on Ad-Sales Data,” The Wall Street Journal, November 8, 2018 B2.  A media group settles lawsuit over alleged sharing of information among television station owners, that may have led to higher advertising rates.

An interesting side note is that this all came to light when Sinclair proposed to buy another company and had to undergo a government investigation.

Are there restrictions on how much information can be shared between and among competitors?  Yes.  They are call “antitrust laws.”  And is there a risk of making a deal that subjects you to government scrutiny?  Yes.  The may discover all manner of minor and major sins.

Leave a comment

Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Discovery, Duty, Governance, Information, Internal controls, Knowledge Management, Oversight

July 23, 2018 · 11:23 am

Tapes and onions

Today, with surveillance cameras everywhere, it’s good to remember that everything you say may be recorded.  Even by someone you trust.  And those recordings turn up.

“Cohen Recorded Talk With Trump,” The Wall Street Journal, July 21, 2018 A1.  Trump’s then-personal lawyer recorded a conversation with then-private-citizen Trump about a story about a Playboy model.

Several different layers of onion involving this tape its creation, its collection by the FBI under a warrant, its production after a court-ordered review, its release to the press, and its impact.  And who owns it, at each stage of the process?  Did Trump know he was being taped?  Was this privileged?  Was the privilege waived?  How and by whom?

I just ask the questions.

 

Leave a comment

Filed under Access, Controls, Discovery, Duty, Government, Internal controls, Lawyers, Legal, Ownership, Privacy, Privilege, Third parties

June 15, 2018 · 11:27 am

Poster boy for Information Governance

Years ago, while teaching a course to MBA students at Rice University, I used the Target credit card breach as a case study.  It touched a lot of bases.  Now we have a better one.

While there have been a lot of information governance-related stories in the news over the past two years, including Equifax and Facebook and VW and Wells Fargo, my nominee for the one name associated with the most significant teaching example in information governance and compliance is the former FBI Director, James Comey.

First, he gave us The Day That Information Governance Died, with his July 5, 2016 pronouncement that, notwithstanding her clear violations of several applicable legal laws dealing with the handling of confidential or secret information (and the destruction of information subject to a subpoena), Secretary Hillary Clinton’s use (and wiping) of a private server to store government email was not going to be prosecuted.  Such a pronouncement deviated “‘from well-established Department policies'” that the FBI does not comment about  ongoing criminal investigations.

Then he wrote a memo ostensibly commemorating a meeting he had with his boss on government business on a government computer (while in a government vehicle) during the work day, and declared that that was his personal correspondence that he could (and did) distribute as he pleased.

And now we learn that he conducted government business over his own private gmail account {that information does not appear in the WSJ article – Ed.}, and actively avoid his boss’ oversight (and his bosses failed to adequately supervise him).  “Report Blasts FBI Agents, Comey Over Clinton Probe,” The Wall Street Journal, June 15, 2018 A1. Inspector General releases his report on the Clinton Investigation.

Recap:

  • Violations of law are not enforced
  • Evidence is destroyed notwithstanding a subpoena
  • Senior employees ignore long-standing policy
  • Senior employees treat documents prepared by them in the course of business as their personal information
  • Senior employees use private email accounts to transact government business
  • Employees hide things from their bosses
  • Bosses failed to adequately supervise their reports

And this is at the FBI, by a lawyer.

Does anyone wonder why we have a hard time getting traction on information governance initiatives?  Certainly an argument for an Information Governance case study of just the Clinton email investigation and its aftermath.  Not sure you could cover it all in one semester, at both law schools and business schools.

 

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Culture, Discovery, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Lawyers, Managers, Oversight, Ownership, Ownership, Policy, Requirements, Supervision, Who is in charge?

November 9, 2017 · 4:32 pm

Drafts

A fascinating area for exploration is the drafts that led to the final version.  The dates, the wording, the recipients.  Why do people keep drafts?  Just because?

“Comey Originally Tougher On Clinton, The Wall Street Journal, November 7, 2017 A5.  A Republican Senator discloses that Comey’s early draft of the exoneration document used the language “grossly negligent,” the statutory test.

I’ve referred to July 5, 2016 as the Day that Information Governance Died.  That’s when the Director of the FBI announced his decision not to prosecute someone who had routinely violated the rules on handling secret documents, because “no reasonable prosecutor would bring charges.”  Not to get into the politics of things, but how can you argue that following the rules is required when the Secretary of State isn’t held to the standards that apply to a Navy seaman?

That being said, why do people hold on to drafts?  Because it’s easy?  Or because it’s hard to get rid of them?  There is seldom a reason to retain them beyond when the document is final.  Maybe a phrase or a paragraph.  But the entire document?  How can we convince people not to keep drafts?

 

 

Leave a comment

Filed under Compliance, Controls, Corporation, Discovery, Duty, Employees, Governance, Internal controls, Legal, Records Management, Risk

October 30, 2017 · 1:56 pm

Problems in your industry

One of the early warning signs of most crises is a similar problem elsewhere in your industry.

“EU Officials Raid BMW’s Headquarters,” The Wall Street Journal, October 21, 2017 B2.  Raid was apparently looking for evidence of antitrust violations in the industry, perhaps including agreements on emissions technologies.

Is this related to the emissions scandal at VW and other car makers?

If you’re a European car manufacturer, does this raise the risks of what’s in your information systems and files today?  How can you address?

Leave a comment

Filed under Definition, Discovery, Information, Legal, Records Management

October 17, 2017 · 2:58 pm

Electrical banana (reprise)

Slack is a new communications software in use in many companies.  Do your policies deal with the implications of the use and misuse of yet another new technology?  How will you handle this when litigation comes in?

“Tips to Tighten Slack Users’ Skills,” The Wall Street Journal, October 12, 2017 B4.

Leave a comment

Filed under Access, Communications, Compliance, Content, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Legal, New Implications, Oversight, Policy, Protect assets, Security

September 20, 2017 · 8:39 pm

Burned by a phone

Apparently, NCAA rules prohibit coaches from using a burner phone to contact football recruits.  Or lying about it when you do.

“‘Burner Phone’ Accusation Marks New Chapter in Ole Miss Scandal,” The Wall Street Journal, September 20, 2017 A16. Coaches accused and investigated, and asked to sign certifications that they had never used pre-paid phones for recruiting or other work-related purpose.

Is this a question you normally ask your employees, or is this a form you have them sign?  Should you ask for a certification that exiting employees do not have any company information on a non-company asset or location?

Leave a comment

Filed under Access, Board, Compliance, Compliance Verification, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Legal, Oversight, Oversight, Policy, Protect assets, Security, Third parties

September 20, 2017 · 8:31 pm

Investigations

“Makers Of Opioids Are Asked For Data,” The Wall Street Journal, September 20, 2017 A6.  Subpoenas served on 5 manufacturers, as 41 states investigate marketing and sales of painkillers.

How much will this cost?  Who will pay?  What will we learn?

Leave a comment

Filed under Discovery, Information, Legal, Value

May 22, 2017 · 11:09 am

Digging out

I was otherwise engaged last week and missed posting.  Here are some catch-ups.

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Content, Controls, Corporation, Directors, Discovery, Duty, Employees, Governance, Government, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, Protect assets, Protect information assets

May 9, 2017 · 1:16 pm

Spooky

Companies begin to move towards the use of quantum mechanics into practical application.

“A Quantum Leap for Computers Looms,” The Wall Street Journal, May 8, 2017 B4.  Huge processing speed increases possible when processing and analyzing huge volumes of data.

You think you have ediscovery problems now, wait until the qubits disappear or mutate (sublimate?) to a different state.

Leave a comment

Filed under Access, Analytics, Data quality, Definition, Discovery, Information, IT, Legal