How do you protect information in the event of an Event? Is this part of your business continuity plan? You do have a business continuity plan, right? Do you have a process to safeguard information you will need to resume operation?
“Second Black Box Eludes Search Teams,” The Wall Street Journal, November 3, 2018 A6. Divers are still searching for the cockpit voice recorder following the crash of Lion Air flight 610 in Indonesia.
Planes carry two “black boxes,” one a flight data recorder (which captures a lot of equipment operating data) and the other a cockpit voice recorder (which captures conversation in the cockpit). The information on these two boxes (which are actually neon orange) is used to determine the cause of a crash.
What information does your company generate that you would need to run your business following an “Event,” such as a computer crash or a hurricane, or whatever? Is that part of your normal operating policies and procedures? If you can’t get to that information, can you restart or run your business?
Is this an Information point (protecting information) , or a Governance point (having processes and procedures to protect mission-critical information), or a Compliance with policies and procedures?
Filed under Access, Business Case, Collection, Controls, Corporation, Duty, Governance, Information, Internal controls, Oversight, Protect, Protect assets, Risk, Use, Value
“Technology Puts Pinch on Oil Smuggling,” The Wall Street Journal, November 2, 2018 B6. Smugglers of Iranian crude will be challenged by satellites and big data.
Smugglers had in the past “hid” their ships, but that will now be harder. Certain companies find a business opportunity in helping to track these vessels.
What controls do you need to have in place to make sure your policies are followed? How have people tried to avoid your controls? How did you/will you respond? Is there a market opportunity for others to help you enforce compliance by collecting other information?
“Alternative Data Is Valued on Wall Street,”The Wall Street Journal, November 2, 2018 B1. Companies mine different types of available information to help traders.
Is information is worth so much, won’t someone start a business to provide it? Apparently. What should you be monitoring to understand how your customers make their purchasing decisions, or what your competitors are doing?
Drones looking at parking lots and where are the iPhones coming from and going to and how many construction permits were issued? What’s your metric? How do you measure it?
“Uber Engineer Fired Over Alleged Conduct at Google,” The Wall Street Journal, February 28, 2017 B5. A celebrated new hire at Uber allegedly had sexual harassment issues at his former employer. Bye bye.
Do you ask prospective employees why they left their prior position? Do they tell you the entire truth?
Filed under Accuracy, Collect, Collection, Controls, Corporation, Duty, Duty of Care, Employees, Governance, HR, Internal controls, Management
Unstructured data (largely data outside of a database, like emails and edocuments) is a challenge for information governance. How do you know what you have and where you have it, and how do you manage it, use it, and dispose of it? Lawyers conducting discovery think in terms of technology assisted review. What about real-world applications?
“McKesson Develops Tool To Analyze Medical Records,” The Wall Street Journal, January 26, 2017 B5. Company develops tool to read and analyze information contained in multiple and diverse data sources. Goal is to improve patient care.
Think for a moment about the challenge. Data on specific patients are in several doctors’ files (and hospital reports and files), likely at different locations on different computer systems, and the potentially applicable medical literature is vast and widely distributed. Hopefully, most of this information is electronic and machine-readable. How do you access all that information and then determine what’s useful for your particular patient?
Technology is the only way.
Filed under Access, Analytics, Collection, Data quality, Governance, Information, Interconnections, IT, Management, Use, Value
The entire area of Governance, Risk, and Compliance deals with assessing the risks of certain behaviors and developing and enforcing controls (people, process, and technology) to prevent the identified hazard from occurring, or mitigating the impact. Information Governance is a subset of GRC.
“Criminal Complaint Filed in Fatal Crash,” The Wall Street Journal, December 5, 2016 A11. There are international rules that require planes to have certain amounts of fuel onboard before taking off. The flight dispatcher who reviewed the flight plan for the recent charter flight that crashed in Columbia allegedly objected to the flight plan as originally filed, which only had enough fuel to reach Medellin, but not enough extra. The on-board dispatcher, again allegedly, told her not to worry, and she allowed the plane to depart. It crashed after running out of fuel.
The rules were ignored, the policy not followed. People died. Now people are chasing the dispatcher (who has fled the country). Who else is also accountable? The airline? The charter company?
Filed under Collection, Controls, Duty, Employees, Governance, Government, Internal controls, Management, Operations, Oversight, Third parties, Use, Use
Often omitted from a discussion of Information Governance is any mention of what information you use to run your business.
“It’s Time to Re-Learn The Lost Art of Reading,” The Wall Street Journal, April 2-3, 2016, B1. Investors are presented a whole bunch of information. How much of it do they read?
Does your Information Governance program address this question?
Some articles from earlier this week.
“Bill and Billy Discuss Big Data in Baseball,” The Wall Street Journal, September 22, 2015 D6. Reflections on the data-driven sport of baseball.
“U.S. Begins Criminal Probe of VW,” The Wall Street Journal, September 22, 2015 B1. VW designed its vehicles to operate differently when under test conditions than when actually being driven. Question: Why is VW criminal and GM (hiding ignition lock problem) isn’t? In the case of GM, people died.
“For Peanut Executive, 28 Years In Prison,” The Wall Street Journal, September 22, 2015 B1. Owner of peanut company sentenced for covering up salmonella contamination. Lesson: food and drug industry executives are responsible corporate officers; everybody else isn’t. It’s a long way from the misdemeanor and $50 fine in US v. Park.
“Ex-Adviser Pleads Guilty in Data Case,” The Wall Street Journal, September 22, 2015 C3. Former adviser at Morgan Stanley pleads guilty to taking client data home. Data later appeared for sale online.
“Data Pushes Aside Chief Merchants,” The Wall Street Journal, September 23, 2015 B7. Companies begin to value analytics more than insight.
Filed under Analytics, Collection, Controls, Culture, Directors, Duty, Employees, Governance, Internal controls, IT, Management, Oversight, Protect assets, Risk, Security, Use
Here’s the situation: a contractor issued a phone to one of its employees. The now-former employee is accused of insider trading based on third-party information he allegedly accessed while employed. The SEC wants his passcode for the company phone. Employee asserts Fifth Amendment protection (although he now lives in China – citizenship not clear).
“Judge Rules Phone Passcodes Are Protected Information,” The Wall Street Journal, September 25, 2015 A3. Judge rules that since the employee never shared the passcode with his employer, he can invoke the Fifth, as the passcodes are personal, and not company, information.
Leaving aside whether non-citizens can invoke the Fifth Amendment (which speaks in terms of “no person”), does this mean that the company now has to require employees with a company-issued phone to use a company-supplied passcode? Can the company require exiting employees to provide their phone code? If a company doesn’t take these steps, what does that say?
Filed under Access, Business Case, Collection, Controls, Duty, Employees, Governance, Information, Internal controls, IT, Management, Ownership, Risk, Security
Okay. Assume there is information that a consumer wants. How do you make it more accessible?
“DexCom Readies Diabetes Apple App,” Wall Street Journal, February 9, 2015 B3. An app that captures and transmits your blood glucose level to your watch may be coming soon. Helpful for diabetics. Awaiting the arrival of the Apple Watch.
The FDA apparently distinguishes between the device that captures the data and the device/app that transmits that data to the user; one is heavily controlled.
This appears to provide timely information to the user to allow him or her to make important decisions. Innovative.
But who does the risk analysis? Of the data being wrong, or being corrupted in transmission, or hacked?