Archives: Information Governance @ Work

Subscribe to Information Governance @ Work RSS Feed

After the Love Has Gone: Anticipating Data Issues in Your Contract Process

Any agreement between two parties begins with the rosy optimism that the good times will last forever. In the world of technology licensing and development, however, we know this is rarely the case. While this blog has previously considered data security oversight by the board of directors of the company, it is also important for … Continue Reading

Information in Distress – Part 1

More and more frequently the following question arises: “What do we do about personal, sensitive, and business information owned by or residing with a financially troubled company?” Information is an intangible asset and often has significant value. Information increasingly resides with a party other than the owner and may need to be transferred in unexpected … Continue Reading

HIPAA punches a serious blow: Advocate Health enters into $5.5-million settlement for violations

Anytime we conduct a training, we can’t help but turn blue in the face repeating over and over again the importance of conducting an accurate and thorough risk analysis of electronic PHI (ePHI). In the event of a breach or an audit, one of the first items the Office of Civil Rights (OCR) will ask … Continue Reading

Adding yet more class to Information Governance (Part 3)

In this series on defining your company’s information security classifications, we’ve already looked at Protected Information under state PII breach notification statutes, and PHI under HIPAA. What’s next? Customer information that must be safeguarded under the Gramm-Leach-Bliley Act (GLBA), a concern for any “financial institution” under GLBA. GLBA begins with an elegant, concise statement of congressional … Continue Reading

Adding more class to Information Governance (Part 2)

In this series on establishing security classifications for your company’s information, last week’s post looked at one aspect – the widely varying definitions of Protected Information under state PII breach notification statutes. But if your organization is a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), the definition of Protected … Continue Reading

Adding some class to Information Governance (Part 1)

When governing information, it works well to identify and bundle rules (for legal compliance, risk, and value), identify and bundle information (by content and context), and then attach the rule bundles to the information bundles. Classification is a great means to that end, by both framing the questions and supplying the answers. With a classification … Continue Reading

What if companies treated their money like their information?

I’m here at RabbitHole, Inc., talking with the company’s Manager of Money in his office, which is buried in the Facilities Department, down in the building’s basement. I’m interviewing him to get a better sense of how RabbitHole manages money as a corporate asset. Pardon my asking, but how much money does RabbitHole have? “Frankly, … Continue Reading

Information Governance in 2015 – did we learn anything?

2015 was quite a year for Information Governance, and it’s now time for a year-end post.  I’ve neither the prescience nor patience for making predictions, and after briefly flirting with a Star Wars/Holiday mash-up, I remembered that’s been done before, with tragic results. So, all that’s left is a single question, which may be the only … Continue Reading

Instant Replay: banning employee recordings in the workplace

As the NFL playoffs approach, we’re reminded of just how crucial are instant replays – recordings of what happened on the field, to confirm (or second-guess) the referee’s call. Imagine how controversial instant replays would be if the recordings were made not by an impartial source, but instead by the opposing team, on a biased, selective … Continue Reading

IG perspective: Are wearable fitness trackers fit for the workplace?

Wow, our group health plan premiums are crushing us. Wait a minute—what if we ramped up our company’s wellness program, using cool technology to help get our workforce in shape? Let’s get all our employees to use those wearable fitness tracker gizmos! We can fold those into our BYOD program, offer a device subsidy, and … Continue Reading

90% of information governance is half contracting

Yogi Berra will be missed, but his wisdom will endure. Who else could have observed “No one goes there nowadays. It’s too crowded”? The information governance equivalent is “No one has information anymore. There’s too much of it.” In the last decade we have witnessed the systemic utilitization of computing power. Data used to be housed predominantly … Continue Reading

The parting shot — restricting former employees’ social media use

With a click of a button, a former employee can communicate to a large audience of connections made during his career. Such communications often involve the former employee enticing co-workers or customers to follow them to the new employer. If left unrestricted, a former employee’s social media use can damage the former employer’s customer and … Continue Reading

We’re ALL in the information business

Last Friday, when Amazon’s market cap pushed past Walmart’s, the headlines almost wrote themselves – “Internet Retailer Amazon Topples Traditional Retailer Walmart,” or the like. The lead angle? Amazon’s information-based business model had surpassed Walmart’s old-school, bricks and mortar business concept. Just one problem – totally wrong lead, with the totally wrong point.… Continue Reading

Gas, Guns N’ Records

A busy examiner, working on 15-20 other cases, sets a file aside in the “delayed/pending” queue while awaiting information, and a gun is sold and nine people died. A utility transferred responsibility for recordkeeping functions to its distribution business unit, files containing information about pressure and strength tests were not kept current, and an explosion … Continue Reading

IG perspective: adding social media to workplace websites

Old-school company intranets are like soooo boring. Why not juice things up? Sure, we’ll keep the one-directional content (employee policies, company announcements, etc.), but let’s add a dynamic platform for employee interactive training modules, capturing employee responses and quiz results. Why stop there – how about a message board for employees, to turn dull company … Continue Reading

Information governance in perspective

I met this grumpy fellow in Sabi Sands, South Africa, and took this picture with my phone (nope, no zoom… wish he’d been further away). The experience reminded me of the fable about the Blind Men and the Elephant, a classic allegory for how we often do not perceive the big picture, but instead only the … Continue Reading

Zero-based information governance

Once upon a time—back when paper ruled—junk mail was clearly junk.  We easily separated the bills from the ads, and it never crossed our minds to save the ads “just in case.”  Fast forward to today’s digital world, and we find that not only are we doubling the volume of data every two years, we … Continue Reading

Reclaiming information governance from the vendors

While governing my information (yep, cleaning up old email and files), I came across one of my early white papers on Information Governance, from 2010:  The Information Governance C Change. It can be cringe-inducing to revisit old material, but this piece seems as valid today as five years ago: “Companies are awash in an ocean … Continue Reading

The internal control platform for information governance

So, your organization has committed to Information Governance, and you’ve been tasked with making it a reality. Now what? You’ll need a framework on which to build your program, a platform that will help you bridge across siloed functions (IT, InfoSec, Legal/Compliance, Records Management, Internal Audit, Operations…) and siloed perspectives (privacy, data security, records & … Continue Reading