Category Archives: Collection

Seven Bullets

Emails Track J.P. Morgan Hire in China,” Wall Street Journal, February 7, 2015 A1. Emails about the hiring and retention of the son of China’s commerce minister, potentially in return for currying favor with his father, come up in FCPA investigation.

  • Emails last forever; watch what you write. Did JPM need to retain all these emails? Could they have disposed of all of them?

White House Role in Web Plan Probed,” Wall Street Journal, February 7, 2015 A4.  White House, FCC connection explored regarding the net neutrality move.

  • What is meant by “independent agency” in the US government governance context? Who controls, under what rules?  What’s the culture?

Tribunal Rebukes U.K. Over Spying,” Wall Street Journal, February 7, 2015 A7. Judicial panel says the UK’s “communication intelligence agency … violated the rights to privacy and freedom of expression” by not disclosing enough about what the agency does.

  • Is supervision of compliance/non-compliance the essence of governance?

Engine Error Seen in Data From Taipei Crash,” Wall Street Journal, February 7, 2015 A7. Flight data recorder shows fuel to engine turned off prior to crash.

  • One reason you collect information while it is happening is to figure out what went wrong.

NBC Opens Probe of Williams,” Wall Street Journal, February 7, 2015 B1. Internal investigation into the Iraq helicopter and Hurricane Katrina stories by one of the network’s most valuable assets.

  • How do you maintain your organization’s credibility when your star performer loses his? Is this part of your crisis management plan?

Push Against China Tech Rules,” Wall Street Journal, February 7, 2015 B4.  China wants insight into source code used by Oracle and IBM in their database services, used by financial firms in China.  Do you want the business so much you’ll give up control over your most precious secrets to a potential competitor?

  • Was this a predictable consequence of Edward Snowden’s disclosures?

Google Panel: Limit Right to Be Forgotten,” Wall Street Journal, February 7, 2015 B4. Google only removes data from European based domains, despite EU privacy ruling.

  • How far does the power of governance extend?  Beyond your national boundaries?


Leave a comment

Filed under Collection, Communications, Content, Controls, Culture, Duty of Care, Governance, Internal controls, IT, Legal, Management, Oversight, Policy, Protect, Risk, Security, Use

You manage what you measure

Management and measurement are inextricably linked.

“Cracking Down on Skipping Class,” Wall Street Journal, January 14, 2015 A3. High-tech tracking devices used to measure attendance in college classes.  Link between attendance and performance — “[a]ttendance is the best known predictor of college grades….”

There are privacy restrictions on the university telling you your son’s or daughter’s grades in college, but what I’d really want to know is, “Is Johnnie or Susie in class?”  There’s an app for that.

What’s this information worth?


Leave a comment

Filed under Collection, Controls, Governance, Information, Oversight, Privacy, Third parties, Use, Value

One of two

Two articles today, one of which I’ll talk about and one of which I won’t.

New Credit Cards Fall Short on Fraud Control,” Wall Street Journal, January 5, 2015 A1.  Cost v. convenience, and who pays the cost for enhanced credit card security.  But that’s the one I’m not talking about.

More interesting for me is “Body Cameras for All: Creepy but So Helpful,” Wall Street Journal, January 5, 2015 B1. Having a body camera to record interactions with customers or others as a legal prophylactic.  For $500, a lot of protection.  Used by real estate agents, security guard, repo men, plumbers, and electricians, among others, whose interactions with the public or just the way they do their jobs can be the subject of disputes or lawsuits.

The information gathered this way is useful, but is it too intrusive for the person observed?  Do you have privacy rights when you yell at a waiter for getting your order wrong (when you misspoke)? Do the camera’s recordings, or just the visibility of a camera, reduce litigation risk?


Leave a comment

Filed under Business Case, Collection, Controls, Information, Internal controls, Ownership, Privacy, Risk, Third parties, Use, Use, Value

Benford’s Law

“Benford’s Law expects 30.1% of numbers in a list of financial transactions to begin with a ‘1.’”  Go figure.  I would have thought it would be 10%, were the sample large enough.

To Find Fraud, Just Do the Math,” Wall Street Journal, December 6, 2014 A2. When more-than-the-expected number of fours came up in a review of refunds paid, investigators looked deeper and found the outliers were committing fraud.  Benford’s Law led the way.  Interesting piece.

Security is a part of information governance.  Security includes those steps you take to make sure your employees aren’t stealing.  One of those steps is running the appropriate analytics.  Looking at the numbers differently may lead to different conclusions.

Leave a comment

Filed under Analytics, Business Case, Collection, Controls, Information, Internal controls, Oversight, Oversight, Protect assets, Risk, Use, Value

Obamacare redux

The trials and tribulations of are legendary.  It appears that the government isn’t the only one who encounters challenges when trying to corral Big Data.

“Big-Data Overhaul Jolts Old Party Ways,” Wall Street Journal, October 22, 2014 A1. Apparently, the Republicans have their problems, too.  Brought in a Facebook engineer to try to centralize at the RNC  the data the various collections of voter data around a common software. Challenges: (1) the owners of the silos where the data resides and who market their own softwares to work with it are not willing to share,  (2) developing the software took longer than expected, and (3) the Facebook engineer ruffled feathers.  Reportedly, there’s a culture problem.  BTW, the Republicans are playing catch-up on this with the Democrats, who centralized years ago.

Trying to get information out of your organization’s silos?  Encountering resistance? Does your culture resist help from outsiders?

Leave a comment

Filed under Board, Collection, Culture, Culture, Data quality, Governance, Information, Management, Oversight, Ownership, Use, Value

Right to be forgotten, part 2.

The page 1 story is how Home Depot reacted to the Target credit card breach, but perhaps too late.  “Home Depot Upped Defense But Hacker Moved Faster,” Wall Street Journal, September 13-14, 2014, A1.  But that’s not the subject of today’s post, as interesting as the story may be.

Instead, I turned to page 4, for “Gun Law Gone, Debate Over Files Persists,” Wall Street Journal, September 13-14, 2014 A4.  Unusual information governance issues, in a different context.  Apparently, since 1935 Durham County in North Carolina required gun owners to register their weapons with the county clerk.  The law was recently repealed.  But what to do with all those paper records?

Leaving aside the politics, what happens to information that was illegally collected (assuming a constitutional violation)?  Even if it has historic value?  What if this were the registry of people of a particular religious faith?

Does the legality of the collection of the data influence the decision to destroy it?  Maybe not a problem for corporations, but the government keeps a lot of information.  That information was collected for one purpose or another and is now a subject for retention for yet another purpose.  Who owns it?  Do different rules apply to the government?

I guess this raises the right to be forgotten.  But that doesn’t apply here.  Should it?

Leave a comment

Filed under Collection, Controls, Information, Ownership, Privacy, Requirements, Value

Farmers’ Almanac 2.0

No, this isn’t about Martoma and his 9-year sentence for insider trading.  Nor is it about Home Depot’s admission of a breach that may have affected tens of millions of credit cards.  It’s about farming.

“Cargill Inc. Harnesses Analytics For Farms,” Wall Street Journal, September 9, 2014 B4.  Cargill starts a service to compete with DuPont and Monsanto in providing farmers advice on planting.  Can increase a farmer’s yield 5%-10%; no word on what yield Cargill gets, either from the service or from its sales of seeds or pesticides.

But clearly there is a market for this information, and the Big Three are competing in its sale.  Is there something novel you can sell to your customers that will increase sales of your main products?  Ben Franklin would be proud.

Leave a comment

Filed under Collection, Information, Operations, Ownership, Use, Value

2 Targets plus 1; recurring themes

Well, the attack on Apple’s iCloud was targeted on high-value targets: celebrities.  “Apple:’Targeted Attack’ Led to Breach,” Wall Street Journal, Wednesday, September 3, 2014 B1.  It all happens a week before the roll-out of the Apple iPhone6.

And Home Depot apparently is a target for a Target-like attack. “Home Depot Investigate Possible Date Theft,” Wall Street Journal, Wednesday, September 3, 2014 B1.  Breach may have started in April (before the heavy buying season at HD), but just got reported by Brian Krebs.  He reported Target’s breach as well.

Finally, PG&E.  Following the explosion in San Bruno in 2010 that killed 8, it was reported that PG&E couldn’t find inspection records for a surprisingly large portion of its pipelines. “PG&E Faces Fine Over Blast,” Wall Street Journal, September 3, 2014 B3.  California regulators propose a $1.4 billion fine.  PG&E calls it “appropriate.”  Do those fines penalize the shareholders or directors or management at the time the decisions were made, or not, leading to the explosion?

Do you store stuff on line?  Do you use a credit card?  Is information management small potatoes?

Leave a comment

Filed under Board, Business Case, Collection, Compliance, Compliance, Compliance, Compliance Verification, Controls, Culture, Duty of Care, Governance, Information, Interconnections, Internal controls, Investor relations, IT, Management, Oversight, Ownership, Privacy, Protect, Risk, Security, Use, Value


You probably know where your car is.  But where are all your company’s vehicles, and do you need to buy more?  If you don’t know that, is your vehicle manufacturer tracking it for you?  Seems like a helpful service.

“Heavy-Machinery Makers Push Tracking Tools,” Wall Street Journal, July 29, 2014 B3 

But if this is such a good thing, why do less than 20% of the customers of the heavy-machinery makers (Caterpillar, Komatsu) take advantage?

What if a software maker (or computer manufacturer) offered a free service that would tell users (or their employers) where their documents were?  Not really free, but “included.”  Is this really an add-on?

Leave a comment

Filed under Collection, Information, Interconnections, IT, New Implications, Ownership, Use, Value

Photos on your phone

Most of my postings are about what people write and what they say.  Clearly that’s information, and if written or said in the course of a company’s business, a proper subject for information governance.

But what about photos?  Are there risks of your employees taking pictures (or video) of your information or the information of your clients?  Do your controls capture that?

“Johns Hopkins to Pay Out Millions for Secret Photos,” Wall Street Journal, July 22, 2014 A2  An egregious violation of patients’ rights leads to a settlement of nearly $200 million for 7,000+ plaintiffs.  Surprisingly low.

Can photos and videos be a way for your information to leak?  Or for your company to be out of compliance with privacy, copyright, trade secret, or HIPAA requirements?  Do your controls address this, when everyone has a smartphone?

Leave a comment

Filed under Collection, Controls, Definition, Duty of Care, Internal controls, Privacy, Protect information assets, Risk, Security