Chained wallet. Conception of blockchain, finance security and protection

I had been thinking about writing a post on Blockchain when I happened across the Washington Post’s In/Out List for 2017, and that sealed the deal:

Out:  Not being able to explain Bitcoin.

In:     Not being able to explain Blockchain.

So, feeling up to the challenge, here goes.

Blockchain is really just a distributed, shared database technology. Its use demands that multiple, untrusted entities (such as different companies in a supply chain) write transactions to multiple, duplicate copies of the database that propagate through peer-to-peer protocols.  Each node (or copy) of the database verifies the transaction independently by requiring the transaction to be confirmed in a blockchain.  The blockchain is chronological, and the database can only be changed when there is consensus among the participants.  Most important for the discussion here, however, is that the transactions and the distributed database are claimed to be immutable and permanent.  And that’s a real problem for information governance.

Continue Reading Blockchain – “Shiny Object Syndrome”?

aerial view of forestAs the calendar year turned there were several great posts highlighting lessons learned in 2016 from notable HIPAA breaches and enforcement actions.  It’s also useful to climb up out of the trees and view the forest.  The HHS Office of Civil Rights publishes information each year on reported HIPAA security breaches affecting 500 or more persons, and this database offers a unique, multi-year dataset on such breaches of protected health information.

Here’s a forest-altitude look at significant HIPAA breaches suffered by healthcare providers (setting aside health plans and clearinghouses), looking for key trends emerging during the five years from 2012 to 2016.

Continue Reading HIPAA trends emerge from five years of provider breaches

P.S.  My youngest son read my last post, 2016: Blinded by the Likes, and said it was “OK” (high praise).  He added, though, that I was missing the generational angle.  Bear in mind, this is a 22-year-old who added to his browser the Chrome extension that replaces the word “Millennial” wherever it appears with “Snake People.”

Anyway, he shared with me the YouTube viral video of Simon Sinek’s take on the Millennial Question.  Millions have already watched this, so it may be old news to you.  Nevertheless, great stuff, particularly the discussion of the dopamine-triggering, addictive aspect of using social media, smart phones, and other information technologies.  I don’t think Snake People have a monopoly on this problem.

Viral Shares and Likes.I put off writing this post for months, because I found the April news item so profoundly disturbing.  But as I reflect on the past year, now that 2016 has finally come to a close, it strikes me that one detail of this news story metaphorically captures a deep and troubling problem in our technology-fueled, dysfunctional relationship with information.

On February 27, in Columbus, Ohio, 18 year-old Marina Lonina used Twitter’s Periscope app on her phone to live-stream the rape of a 17 year-old high school friend.  The live video lasted at least 10 minutes, with no sign of Lonina doing anything of consequence to help her friend.  It took someone viewing live in another state to notify the authorities.

This is not a post about how crimes are increasingly captured through live streaming apps like Periscope.  Instead, what makes this story so chilling is the explanation for why Lonina didn’t try to stop the rape, while her friend was heard repeatedly saying “Please stop,” and “Please no.”

As reported by the New York Times, “Mr. O’Brien, the prosecutor, said Ms. Lonina had apparently hoped that live-streaming the attack would help to stop it, but that she became enthralled by positive feedback online.”  According to the prosecutor, “She got caught up in the likes.” Continue Reading 2016: Blinded by the Likes

Wild Horses in Pens
https://www.kickstarter.com/projects/wildhorses/wild-horses-0

As a horsewoman, I have followed the plight of the American Mustang in recent years, and I am once again struck by parallels with the management—or lack thereof—of information.   Good intentions, poor execution.  Hopes that the problem would disappear.  Management by crisis.  Inattention leading to untenable yet continuing costs.   Fighting factions with competing agendas and differing views of the facts, with no resolution.

A little background:

Continue Reading Roundups and records—it’s still the Wild West in 2016

A metal cattle brand with the word brand as the marking areaThe “business case” for information governance often focuses solely on quantifying specific costs for data management and exposures for data security and ediscovery.  Number crunching is of course important, but it misses something bigger, more strategic, and ultimately more crucial to the organization – its brand.  Companies, regardless of industry, are fundamentally in the information business.  It follows that how an organization manages its information assets reveals how the organization manages itself.  And that matters, a lot, because companies that align themselves with their brand, achieving brand discipline, are more successful.

Continue Reading Why govern your information? Reason #8: It can build – or bust – your brand

Hiker choosing between to directions at the mountainRetention schedules are essential in bringing order to a company’s complicated, chaotic information environment.  Whether they succeed in doing so depends largely on whether they are structured properly.  So, the age-old question is, what’s the best way to go – organizing the schedule by department/group, or by information content types?

The answer is both, plus an absolutely crucial element that’s missing from the question – the information’s context.

Continue Reading Keeping data in context

One Bullet in Gun Barrel Having too much data causes problems beyond needless storage costs, workplace inefficiencies, and uncontrolled litigation expenses.  Keeping data without a legal or business reason also exacerbates data security exposures.  To put it bluntly, businesses that tolerate troves of unnecessary data are playing cybersecurity roulette … with even larger caliber ammunition.

Continue Reading Why govern your information? Reason #9: Unnecessary business data multiplies data security exposures

Feeling sick and tired. Frustrated young man keeping eyes closed while sitting at his working place in officeMost enterprise information governance initiatives are event-driven: an expensive lawsuit, a system migration, a board or regulatory inquiry, a corporate move, and so on. Though there’s nothing wrong with being opportunistic in making IG progress, it can sometimes be too little, too late when a cybersecurity breach or some catastrophic event shines the light on decades of inattention.  How then do we become more proactive in improving how we manage information—arguably any company’s most valuable asset?

Inertia is a powerful thing. It keeps us from exercising regularly, from cleaning the garage, and myriad other “honey do’s.”  Not to mention the personal distractions of football, basketball, kids’ soccer, social media, Internet surfing, and just plain hanging out.  When we translate this combination of inertia and distraction to the workplace, however, our “home” selves get in the way of our “business” selves and organizational best interest.  It’s just too easy to put off examination of what is an increasingly consequential business need: ensuring compliance, managing risk, and extracting value from our information.  Effort is required.

Continue Reading The crystallization of discontent: Finding the uber-ROI for information governance

Phishing emailReports indicate that in mid-March of this year, John Podesta and various Clinton campaign staff members received individual notifications from Google like this one, telling them to change their Google passwords, pronto.  Just one problem – the security alerts weren’t from Google.  Months later, a barrage of Mr. Podesta’s hacked emails were published by WikiLeaks, serving up yet more artillery shells in this war zone of a presidential election.

Let’s look at this through a different lens. What if there was a bank, Podesta Savings & Loan, and the bad guys scammed their way in, emptied the vault, and then scattered the currency all over Main Street.  You’re a bystander, and you see the bank’s cash being strewn on the street in front of the bank – is it OK for you to pocket the money?

Continue Reading Our complicity in the Clinton campaign email hacks