It’s been a challenging 2020, as each of us adapts to our new pandemic reality. In the United States as of today, Covid-19 has infected more than 2.4 million and taken the lives of over 124,000, with southern and western states surging ahead of the northeastern states as Covid hot-spots. Meanwhile, in the wake of
To truly appreciate just how we are served by the digital economy, we must revisit Damon Knight’s award-winning 1950 short story To Serve Man. Popularized by a beloved 1962 TV episode of The Twilight Zone, Knight’s tale tells of aliens coming to Earth to bring humans “peace and plenty.” Courtesy of the aliens’ advanced technologies, we soon enjoy the global benefits of unlimited electrical power, inexhaustible food, and the end of warfare. And better yet, humans are invited to visit the aliens’ home planet, a galactic paradise.
Meanwhile, a skeptical person toils to decipher the aliens’ cryptic language, in order to read a purloined alien book and come to understand their motives for such astounding beneficence toward humankind. The book’s translated title is reassuring – “To Serve Man.” Only later is our intrepid translator able to decipher the book’s first paragraph, revealing that it is not a treatise on helping humanity. It’s a cookbook.
The digital revolution has indeed brought us benefits on a global scale, unimaginable just a few decades ago. The Internet informs us, social media connect us, and our apps and devices support us. All problems solved, right?
But something is wrong in our advanced-technology-paradise. The digital economy traffics in something of great value – our information – and we remain largely oblivious to the basis of our “bargain.” The signs are right there, in front of us, like a book waiting to be read. For example, consider this from The Atlantic:…
Continue Reading How the digital economy serves us
They say that the right time to plant a tree is yesterday. In a world of data dangers and opportunities, the time to elevate how your business governs its information is now. That’s easy to say, but with all of the conflicting priorities facing companies today, for many it’s hard to get started, or to…
As you toss and turn in bed, you picture yourself on a strange playing field with other athletes swirling around you. You have absolutely no idea what sport you are playing, nor a clue what the rules are. It all feels beyond embarrassing, and downright dangerous.
This is not just a bad dream – it’s the reality for companies possessing third-party data without clarity on what rules and responsibilities apply.
Most companies possess some data that they do not truly and solely own. Perhaps your company signs a nondisclosure agreement and obtains others’ information while evaluating a business opportunity. Or maybe your company is a service provider that receives or generates data on behalf of customers or clients. Your company has possession of the data, but it remains responsible to the third-parties if there’s a problem.
What kinds of problems? Well, what if the third party’s data is lost, corrupted, misappropriated, hacked, or held for ransom? What if the cost of maintaining the information, after the work concludes or need passes, becomes onerous? What if the information becomes relevant in future litigation? Who is authorized to make decisions about the information when the unexpected happens, and who is responsible for the expenses and exposures?
Information Governance – your organization’s strategic approach to managing information compliance, cost, and risk while maximizing information value – is tailor-made for this commonplace scenario. Here’s how it works:…
Continue Reading Why govern our information? Reason #3: “Your” data may actually belong to others … and you’re responsible to take care of it.
In today’s landmark ruling, the Illinois Supreme Court held that private lawsuits seeking statutory damages and injunctions for violation of the Illinois Biometric Information Privacy Act (BIPA) may be pursued by “aggrieved” persons without alleging any actual injury or adverse effect.
BIPA, enacted in Illinois back in 2008, was the seminal state statutory privacy…
I keep getting asked about Cambridge Analytica and Facebook. And no one seems to like my response – I’m frankly amazed that this all took so long to blow up. How long? How about since 1973. That’s when the U.S. Department of Health, Education, and Welfare first articulated the Fair Information Practice Principles (FIPPs or FIPs) in its report Records, Computers, and the Rights of Citizens: Report of the Secretary’s Advisory Committee on Automated Personal Data Systems. The FIPPs went on to become bedrock global privacy principles, and central to them are the principles of notice and consent.
As the FTC later explained in Privacy Online: A Report to Congress:
The most fundamental principle is notice. Consumers should be given notice of an entity’s
information practices before any personal information is collected from them….
The second widely-accepted core principle of fair information practice is consumer choice
or consent. At its simplest, choice means giving consumers options as to how any personal
information collected from them may be used….
These mechanisms – notice and consent – are what make a self-governing privacy system work. If someone (such as Facebook) is going to obtain and use our personal data, they should first give us notice of how they will use it (such as provide or sell it to others), and then we make a choice – we either consent and provide our data, or we don’t. The government may enforce these representations and choices under fair trade practices laws, such as FTC Act Section 5, but the rules themselves are made in the marketplace.
There has to be some source of governance. The alternative to self-governance through notice and consent is governance by government, with legislators and regulators making the rules for how our data is handled. There’s quite a bit of that in the EU and elsewhere, but in the United States, outside of specific sectors such as healthcare (HIPAA), education (FERPA), and financial services (GLBA & FCRA), there’s little such regulation here. In the U.S. we’ve made a policy decision to largely self-govern the privacy of personal data.
2017 was rife with data dangers. Nary a day passed without headlines of massive data breaches and ransomware attacks; Russian election-meddling through WikiLeaks and social media; fake news; and presidential tweet-storms. Disruptive information-driven technologies continued to emerge, from block-chain to biometrics, IoT, AI, and robotics. Meanwhile, the sheer volume of our personal and business data inexorably grew.
What better way to start 2018 than with a renewed commitment to Information Governance? So, here are a dozen reasons why your organization should govern its information, in 2018 and beyond: …
Continue Reading 12 reasons to govern your information in 2018
Our firm’s elephant icon is a nod to The Blind Men and the Elephant, the familiar, age-old parable for how we often do not see the big picture, but instead only the parts we directly encounter. And so it goes for organizations’ data. Individual company functions and departments often have their own, limited perspectives on information, seeing only the risks and opportunities with which they are directly familiar. Limited perspective yields limited perception – not a good thing for identifying, understanding, and controlling organizational risk.
I actually prefer a slightly different version, The Blind Elephants and the Man:
One day, six blind elephants were in a heated argument about what Man was like. To resolve their dispute, they sought out and found a man. The first elephant “felt” the man and then proclaimed “Man is flat.” Each of the other elephants, in turn, felt the man, and they all agreed.
The moral? Limited perspective not only yields limited perception – it can also lead to very bad results.
“Information Governance” has become an overused buzz-phrase, often trotted out as marketing mumbo-jumbo for selling technology tools. In all the hype one can easily lose track of what it really means. At its heart, Information Governance is no more – and no less – than making sure the organization sees the big picture of information compliance, cost, risk, and opportunity when making strategic decisions.…
Continue Reading Why govern your information? Reason #2: Your information risks and opportunities arise from a single source – your data. Your response strategies should be synchronized too.
It’s a common nightmare. As you toss and turn in bed, you picture yourself on a strange playing field with other athletes swirling around you. You have absolutely no idea what sport you are playing, nor a clue what the rules are. it’s not only embarrassing – it’s downright dangerous.
This is not just a bad dream – it’s reality for companies possessing third-party data without clarity on what rules and responsibilities apply.…
Continue Reading Why govern your information? Reason #3: “Your” information may belong to others … and you’re responsible to take care of it.
WiFi provider Purple recently added a “Community Service Clause” to its usual terms and conditions for wireless service:
The user may be required, at Purple’s discretion, to carry out 1,000 hours of community service. This may include the following:
- Cleansing local parks of animal waste
- Providing hugs to stray cats and dogs
- Manually relieving sewer blockages
- Cleaning portable lavatories at local festivals and events
- Painting snail shells to brighten up their existence
- Scraping chewing gum off the streets
More than 22,000 people accepted these terms during Purple’s two-week-long T&C gambit, with only one attentive person claiming the prize Purple offered to anyone who noticed this silliness. Purple conducted this experiment “to highlight the lack of consumer awareness when signing up to use free WiFi.” Winners include snails, local parks, sewer lines, and stray dogs and cats, now the potential beneficiaries of up to 22 million community service hours. The clear loser? Those. Who. Don’t. Read. Notices. …
Continue Reading Reading privacy policies to avoid surrendering your firstborn child