Category Archives: Uncategorized


Questions and answers are information, no doubt.  But who controls what questions can be asked?

“Supreme Court Reveals Deep Divisions on 2020 Census Citizenship Question,” The Wall Street Journal, April 24, 2019.  The Supremes to decide whether it’s okay for the Census to ask whether the responder is a citizen.

Leaving aside the political implications, one ponders not whether asking the question is a good idea but whether the Secretary of the Department of Commerce has the power to ask this question and, if so, whether that power has been properly exercised.  That is the Governance question.  Versus whether it is a good idea to ask the question.


Leave a comment

Filed under Uncategorized


Shameless self-promotion.

On April 23, I gave a presentation to the ARMA Houston Spring Conference on “Information Governance Trends 2018-2019.”  A copy of my slides, a draft version of the slides-plus-audio, and a spreadsheet with the 300+ headlines from The Wall Street Journal that were the source for this blog and be found at

This stuff is all around us.


Filed under Uncategorized

Ransomware, reprise

“Computer Attack Knocks Weather Channel Off the Air,” The Wall Street Journal, April 19, 2019.  Ransomware strikes again.

Is there a trend on ransomware attacks?  Norsk Hydro then Weather Channel?  What does this show?  Vulnerability of companies and TV channels to ransomware attacks?

Leave a comment

Filed under Uncategorized

Failure to listen

“Behind Vale’s Deadly Dam Collapse: Multiple Warnings That Went Unheeded,” The Wall Street Journal, February 25, 2019.  Inspectors failed to report and company failed to listen.

Does anyone in your company ignore or avoid the controls put in place to prevent “bad things”?  Here, the inspections were to prevent the collapse of the dam, which killed a bunch of people.  If they do it for dam inspections, one can assume they aren’t better about your controls and processes on information.

How can you confirm that your controls are working?

Leave a comment

Filed under Uncategorized

Iron Mountain Webinar

I am giving the keynote for Iron Mountain’s 2019 Education Series Webinars on Thursday, February 21, 2019.  This is a review of the headlines in 2018 from an information perspective, and the implications for 2019.

This is free, but registration is required.

To register, go to


Leave a comment

Filed under Uncategorized


“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3.  Can the White House refuse to let in a member of the press into the White House for being rude?

Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide.  Think instead about who can deny a single individual access to information, while providing access to 190 other people.

Who is entitled to access information in your company?  What controls are in place to make sure that people who shouldn’t have access don’t get access?  Who determines what those controls are?  Who enforces them?  Is part of this culture?

Leave a comment

Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized


What you do when an important executive is alleged to have violated company policy says a lot about your compliance program.

“Claims About Executive Tested Uber Overhaul,” The Wall Street Journal, September 27, 2018 B3.  Senior executive investigated; rather than being terminated, he received a formal warning (apparently, informal was not sufficient), his bonus was reduced Why do you give bonuses to people who violate company policy?), and was required to take sensitivity training.

This at a company that had a rather sordid history of sexual harassment.

How will Uber convince its remaining employees that this time it is serious?  Do you believe them?  Is this an effective compliance program under the Federal Sentencing Guidelines, assuming that’s the appropriate measure?

Where’s the Board?  Do they care?

1 Comment

Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Uncategorized