I was tempted to discuss the apparent breach/hack at the Office of Personnel Management, which keeps information on government employees. “U.S. Probes Federal Computer Hacking,” Wall Street Journal, July 11, 2014 A14 I was thinking about the breach notification implications.
But then I got to the last page of the last section. “Now On Campus: Drones,” Wall Street Journal, July 11, 2014 D10 Did you know that there were degree programs at some universities for unmanned aircraft systems? Drones (starting at $1,000) being used to monitor practices. Closely.
What are the new sources of information? Certainly, it is easier to see the utility of the information they can gather than perhaps it is to imagine the different uses to which the new technologies can be put. What controls are there around the collection, storage, and use of this newly available information?
Getting in our time machine and going back to 2006, when the ediscovery rules in federal civil litigation were amended; lawyers at the time were concerned with how to capture and reproduce email, text messages, and instant messages. Failure to do so could lead to charges of spoliation, and court sanctions. (Going back even further, the civil discovery rules required much the same production in the early 1990s, but few people follow those rules).
Fast-forward: Just after the IG delivered a report on the targeting of conservatives, and in the midst of the investigation, 2013 email from Lois Lerner asks IT whether instant messages are being archived, and is informed that, while they could be, they aren’t. “IRS Didn’t Archive Instant Messages,” Wall Street Journal, July 10, 2014 A4 Even if they related to the subject of a federal investigation, or something within the jurisdiction of an agency of the US government? Where were the lawyers?
While ediscovery is certainly one aspect of information governance, it is not the only one; in fact, is not the major one. So, too, is obstruction of justice.
Does your company do a better job of protecting and preserving relevant communications in the midst of ongoing litigation?
Filed under Collection, Compliance, Compliance, Controls, Definition, Discovery, Internal controls, Protect, Protect assets, Protect information assets, Risk, Value
The information that you get from others — how reliable is it and how much reliance do you place upon its accuracy?
Say, for instance, that depending upon certain data, your product would either get a generous suite of promotional activities, or not. What if someone cooked the data a bit? Would that sort of be like giving performance bonuses for VA administrators if their admission stats were good?
“Debut of ‘Transformers’ Was Big — but How Big?” Wall Street Journal, July 1, 2014 B1 http://on.wsj.com/1vtRYMQ Apparently some people are questioning whether estimates of weekend ticket sales were goosed. They can’t do that, can they? Even if the numbers were inflated, do you care?
If you use third-party data to make financial decisions, how do you make sure that data isn’t similarly goosed? What assumptions underlie that data?
What if you rely on third parties to report information to you so that you can do your job? What if they lie? How do you protect yourself, and your business?
“Phony Calls Plague 911 Centers,” Wall Street Journal, April 7, 2014 A3 http://on.wsj.com/1oHANsV
An unfortunate consequence of the federal law requiring cell phones to be able to make emergency calls even if they are no longer on a cellphone plan is that someone call place a call to 911 without risk of identifying himself/herself. Some people take advantage of this to make prank calls, which must be responded to nonetheless.
Does your business model rely on information received from third parties? Do you just accept a level of false information?
You have a big body of data and you search it. You have computers and people who can search it, but maybe that isn’t their highest and best use. Should you get help?
Say you’re interested in finding Medicare fraud and you have a bunch of Medicare records that you could search to find that. But your processes for discovering that fraud have not been 100% successful.
So what do you do? Respond to a Freedom of Information Act request and let the Wall Street Journal search it for you.
“Medicare to Publish Trove of Data on Doctors,” Wall Street Journal, April 3, 2014 A4 http://on.wsj.com/1ow6AwT
I guess one lesson from this is be wary of providing somebody information because then they own it and they will use it; and if they don’t, someone else will. Another is that if you are honest, what do you have to fear?
Filed under Analytics, Business Case, Collect, Collection, Communications, Compliance, Inform market, Inform shareholders, Information, Ownership, Risk, Use, Use