Archives For Compliance

Who Needs Privacy, when you can have (the illusion of) Security?

September 22, 2016 — Leave a comment

PostScript:

On November 29, 2016 the UK’s Investigatory Powers Bill passed into law by Royal Assent. Many in recent days have tried via an online petition to re-open debate on this bill as a desperate last attempt to stop its progress. I ask those who signed this petition, much less all the celebs in the Tech industry as to where their voices were over the past two+ years as this bill made its way through Parliament and the House of Lords? Once again, a passiveness has been exhibited by the Press, the Electorate and all sorts of Activists as new draconian measures are put into place in the UK Surveillance State. I suggest that this will be the case again as the so-called “Digital Economy Bill” reaches its finalization in the coming weeks. It will soon be time to “reap the whirlwind” that these infringements of Human Rights will bring.

Prelude:

The notion of Personal Privacy aka “The Right to be left alone” dates back centuries in Law and its practice is enshrined in the foundations of all Democracies and Human Rights proclamations. These protections were created well before the invention of digital computing, databases, etc. and yet have been essentially undone in short order since their arrival.

Body:

In the very near future, the UK will most likely have passed into law one of the most far reaching efforts ever by any Democracy to spy (and snoop) on each of its citizens, residents & visitors at home, much less abroad; all in the name of Security. Mundanely referred to as the Investigatory Powers Bill (IP Bill) it is widely derided as “The Snooper’s Charter” (and rightfully so). It is a law with literally no purpose other than to legitimize the illegal spying that the UK Government has been engaged in for decades via its Security, Services, while increasing the scope of their activities beyond reason. Promised as necessary (and proportional) to providing Security to the country, it in essence guts everyone’s right to Privacy as far as the State is concerned. Of course, this flies in the face of established Privacy Laws that the Public, Private & Non-Profit sectors are currently held to account for, much less the EU Human Rights Charter, which Brexit will soon undermine, if not eliminate altogether.

Why is the Electorate in the UK being cowed into accepting the false equivalency that; “If you trade away your Privacy to us (the State) we will provide you with Security (and protection)”. It does seem that the average citizen cares little about their personal Privacy today as long as they are safe in their beds away from the clutches of the latest bogy man that the State can conger up. Add to this, the parallel effect observed by users of social media or online shopping where they accept the bargain of; “As long as you offer me some sort of instant gratification, I don’t care about my Privacy one iota (no matter how creepy you act with my data)”. How did the Human Right to Privacy become so easily traded away by almost the entire population? The root cause of this effect can be found in data that is all around us and you don’t’ need to be a so-called Data Scientist to figure it out.

We now live in a world that is awash in data. We create it as individuals during ever moment of our lives and consume even more of it from various sources and services that we seek out. There is so much data about us that is collected, processed, sold and exploited that we have become oblivious to the entire process. It is as if there were an invisible anesthetic in the air that numbs our senses to the fact that something a very wrong with all of this. Privacy is a right, that until recently has been fiercely protected and a line that few Governments’ have been willing to cross in respect to monitoring their citizen’s (at least publicly). Now, it is only an afterthought that arises when some egregious act or data breach is exposed by the press or on social media and everyone sounds off about how violated they feel (all the while creating more new data to be exploited by others). We now have a Perfect Storm of events where Privacy as a right (or in the US as a Civil Liberty) is lost in the conversation, while everyone focuses myopically on National Security or the pursuit of the latest game (Pokemon Go comes to mind) or app (Facebook is a constant in being the worst offender). The Individuals’ right to Privacy has become an insignificant consideration, much less an afterthought.

As the UK plans its exit from the EU, the notion of Privacy will be further eroded as the State will focus all its attention on Sources of Commerce & Trade, Border Security & Immigration. These negotiations will be another opportunity for Privacy Rights to be further traded away in return for hollow promises of gold or enhanced security. In the end it should be clear to all members of the Electorate that not only did the UK sleepwalk its way out of the EU, but it sacrificed the notion of personal privacy along the journey. There will be no way to put this Jeanie back in the bottle once this happens regardless of which party is leading Government.

This article in an edited version first appeared in the September 2016 issue of Information Age (www.information-age.com).

In #Digital, Compliance, Governance, Government, Information Governance, Law, Leadership, Privacy, Truth ,
permalink

Ethics, Data Science & Politics

June 22, 2016 — Leave a comment

Preface:

Governments cannot embrace, much less promote Big Data, Open Data, Analytics, Machine Learning & Ubiquitous Algorithms without protecting the Citizens’ whom they work for. Social Engineering must be by choice, not by default through illiterate political leaders.

Body:

The UK Government as part of its “Digital Economy” initiative has just released with great fanfare the “Data Science Ethical Framework”. Its ministerial champion has characterized it as “harnessing the Progressive power of Data Science while protecting the Public”. It does neither, but clearly illuminates the lengths to which the UK Government (along with others) will go in trying to influence/dictate behavior in areas where they have no literacy at all in respect to understanding the underlying capabilities (Data, Analytics & Algorithms), nor the consequences of the harm (or actual good) that can come if left to their own devices. Not to be left to a footnote however, is the fact that these attempts at behavioral influence do not apply to the Intelligence community or Police services, both of whom want unlimited powers to surveil, gather data on everyone’s daily lives (and perhaps thoughts) and to then use these to ultimately predict behaviors i.e. The Snoopers Charter.

Ever since the notion of Big Data has come onto the scene, many have extolled its virtues in changing the world as we know and understand it. They have hyped with a zeal not previously seen the notions of Data Science, Data Scientists, Algorithms & Machine Learning, etc. Virtually all of them have advocated for its wide-scale use to analyze and predict citizens’ behavior in order to gain deeper insights, without any controls as to “just how creepy” this activity could get in terms of interacting with the public at large. Any attempt to limit the “how and where” Big Data & Analytics should be applied was met by the fury of these same advocates who characterized it as “stifling economic growth and wealth creation”. Not surprisingly, most advocates have been highly influential in getting Governments to go along with their thinking and to take a “hands off” approach. This has not worked out well for consumers who now see their daily lives dissected, analyzed and ultimately manipulated by the algorithms & machine learning associated with the deep behavioral insights now available to almost every organization who invests in Data & Analytics capabilities.

The backlash that now arisen from this lack of control is significant enough that many Governments have created Ethics Councils and other bodies who have gone on to generate reports & recommendations on the issue of  “Ethics in the age of the Algorithm”. Additionally, these same governments (US, UK, EU, etc.) are also major advocates of Digital and have undertaken major Digital Strategy & Transformation efforts within their countries[1]. These efforts have served to further exacerbate the Ethics Problem that we are now experiencing. A common thread found amongst all of this is the seemingly cluelessness that Government Leaders, Ministers & Civil Servants exhibit each and every time they make an address or pronouncement on the topic of Privacy, Ethics, Governance, etc. associated with Big Data, Analytics, Algorithms, Digital, etc.  Clearly, they don’t understand the underpinnings of the issues, nor the reasons why this topic has become so paramount in the public’s mind and their stated demands that it be resolved to their satisfaction.

Data (Big or Small), Analytics (Creepy or Helpful) & Algorithms (Evil or Good) are major influences in how the Digital World around us evolves, much less serves us. Beyond the well-rehearsed platitudes, there needs to be a fundamental mastery of the details associated with these domains by Leaders & Policy Makers who are ultimately accountable for making Citizen’s lives better, much less protecting them from threats. Without strong & competent Leadership, and controls (governance) , these same citizens will be victimized rather than benefited by Data, Analytics, Algorithms & Digital. The requirement for competent leadership is not a political platform for campaigning on, but a focal point for Government action in order to uphold basic human rights, no matter what pace of transformational change the country is experiencing.

An Ethics Framework that relies on self-governance, best efforts and serendipity to insure that consumer Privacy is protected and that Citizens are not victimized by their own data is a recipe for disaster. Government Leaders must commit themselves to leading at all levels and across all domains. They must be literate and competent in the areas that they promote as catalysts for change and not leave Citizens to the vagaries of Data Science, and all that portends to be.

[1] The UK Government has gone so far as to make the “Digital Economy” a centerpiece of the Queens’ Speech in spite of not being able to come up with a companion “Digital Strategy” that was promised quite some time ago.

  • An edited version of this posting appeared in the June 2016 issue of Information Age (UK) (www.information-age.com)
In #Digital, Big Data, Business Analytics, Compliance, Data Leader, Data Leadership Nexus, Data-Driven, Digital Revolution, Fourth Industrial Revolution, Governance, Government, Information Governance, Law, Leadership, Regulations , , , ,
permalink

“Five Key Takeaways from the MIT CDO-IQ Summit

July 25, 2013 — Leave a comment

MIT PhotoLast Weeks’ MIT Chief Data Officer and Information Quality Summit was a social media bonanza given the wide rage of coverage and groundswell of advocacy coming from all the camps who have a vested interest in seeing the concept of the “Data Czar” come to fruition. It was no less feverish of an event than those focused on Big Data or the role of the Data Scientist. It was truly an interesting spectacle to observe. I look forward to attending the next one of these “data fests” in the coming months.

As promised in my earlier postings on the Summit here is my Summary in the form of “Five Key Takeaways”

1.- There is no agreement as to “What is a Chief Data Officer?” It is an amorphous role description and has been designed to invoke thought rather than to define just what this executive should be Accountable and Responsible for in the grand scheme of things.

“Data is not stuff. It is the lifeblood of your enterprise and the Business is fully accountable for its Management and Leadership”

2.- A cross-sectional view of the CDO’s in attendance at the event (and a sampling of those not) indicates to me that this is (unfortunately) an IT role in most enterprises who have adopted it so far. This is disappointing, but not a surprise, given the lack of accountability for Information Management that most business leaders have failed to assume.

“IT is neither a seat of power nor influence in today’s enterprise. It is a cost center responsible for Service Delivery”

3.- Regulatory Compliance continues to be the dominant focus for all CDO Discussions and Activities. Keeping their CEO from being broadcast live during their “perp walk in his/her orange jumpsuit” for failure to accurately report on SARBOX, Dodd-Frank, Basel III, etc. is the major motivation for most CDO’s in Financial Services today.

“Risk and Compliance activities can be sources of Competitive Advantage for many enterprises if addressed as “strategic and core” rather than “necessary and evil” by the Organization and its Data/Information strategists and practitioners”

4.- MIT at large is studying (and experimenting with) the Chief Data Officer phenomena very closely. Using “Big Data” sources such as Interviews, Surveys and Social Media they are building a very detailed view (and analysis) of “The What and the Why” around the CDO and Data Scientist frenzies. Their “Cube” model (see my last posting) is a very interesting endeavor in respect to behavioral analysis and the tenants of good organizational design.

“To design a future state Organization focused on creating and embedding a culture of Information Management, Exploitation and Stewardship within it requires a deep understanding of the psyche of the current organization and its ability to change and adapt”

5.- The MIT CDO and Information Quality Summit has its roots in the study and analysis of Data Quality. It has been around for many years now and has only recently added the context of “Chief Data Officer” to its remit. However, the need to radically improve Data Quality has never been more paramount across all enterprises. We have yet to take this matter seriously and continue to treat it as a downstream activity or more cynically as “A hazard of doing business”. The more that we focus on the bright shiny objects of Big Data, Data Scientists, Chief Data Officers, etc. the less that we want to sustain the need to be ever-vigilant on improving Data Quality over the entire lifecycle for Information. We seem to have relegated ourselves to creating more of the same low quality data to attempt to analyze and make decisions from.

“Fundamentally, most data used by Organizations for Decision Making, Reporting and Insights/Analysis is suspect at best. We don’t understand its Provenance and resist all forms of Governance in terms of acceptable usage and behavior”.

As a final note, I will be writing a series of articles on the Chief Data Officer role for Information Age ( http://www.information-age.com/ ) over the coming months as well as speaking on it at upcoming industry events in the US & UK.

Stay Tuned!

In Big Data, Business Analytics, Compliance, Governance, Information Governance, Regulations, Uncategorized , , , , ,
permalink

Data Governance & Information Quality Conference 2013 (DAY 1)

June 17, 2013 — Leave a comment

Today is the first day of the annual DGIQ Conference on beautiful Mission Beach in the San Diego area. It represents the Pilgrimage to Mecca for all of the Data and Information Governance mavens in the world (although we still can’t seem to decide if it is Data or Information that we are Governing). It brings together Newbies, Veterans, Consultants and Vendors under one roof to discuss the Governance, Stewardship and Quality of our data/information. This year the fixation is on Big Data and the role of the Chief Data Office (CDO). These are fashion statements in my view and will be replaced next year no doubt by Privacy (our current fixation).

I am here with my Client, Salt River Project (Phoenix, AZ). They are a publicly-owned Utility (Power and Water) and live in a highly regulated world (NERC/CIP) but operate as a Commercial provider in a very competitive world around them. We are going to discuss their real-world experiences in establishing and maturing Information Governance in a mature bureaucracy. The Central Theme of the presentation focuses on “How to (successfully) Operationalize Information Governance within your Enterprise” (Hint: The message is to “ignore the Consultants and so-called Experts and leverage “what works” within your organization’s culture). It should prove to be an interesting story to tell to such an audience. Can’t wait to hear their reactions.

In addition, I am also here in my capacity of an IBM Information Management Champion. IBM is a Premium Sponsor of the event and will be giving 3x very good presentations on Information Governance. I am looking for some good inputs from these myself.

Finally, I will also be participating in activities associated with the Data Governance Professionals Organization (DGPO), DAMA and the EDM Council. All in all, it should prove to be a valuable investment of time and effort.

Check out the Agenda at:

http://www.debtechint.com/dgiq2013/agenda.html

Stay tuned for more details as the Conference progresses.

In Big Data, Compliance, DGIQ, Governance, Information Governance, Privacy, Regulations , , , ,
permalink

Information on Demand_Wednesday 10/24/2012

October 25, 2012 — 1 Comment

Wednesday at  IOD provide another opportunity to drink from firehose of “Thinking Big”. The day was kicked off with two very lively presentations/talks  featuring Jeff Jonas, IBM’s Unstructured Analytics “Guru in Chief”,  followed by Nate Silver (“The Signal and the Noise”), who is a real Data Scientist by anyone’s definition. This was the red meat that the  assembled masses needed to get themselves amped up for Day 3.

 

Day 3

The 3rd day of IOD provided me with a wealth of opportunities to deep dive into some particular areas of interest/focus i.e. Business Glossary, Metadata, Industry Models, Information Governance, Customer Case Studies, etc. I found plenty of opportunities for this and was continuously juggling my schedule throughout the day to sit in on the richest of these discussions. One o

f the most compelling sets of presos were on the newly branded “Business Information Exchange (BIE). BIE is the V9.1 bundling of Business Glossary, Metadata Workbench and several other components in the InfoSphere Information Server stack into a “business friendly” suite for managing the enterprise’s Controlled Vocabulary, Business (and Technical) Metadata. The platform allows for Business Stewards and Information Governance professionals to manage Compliance, Impact Analysis and Lineage across their enterprise landscapes.

The BIE discussions continued into the domain of the Industry Models where I saw the long-term roadmap for the models from several years ago playing itself out in real-time. Th

e Industry Models are now moving into the domain of Information Architecture (IA) where unstructured information is organized using constructs as Controlled Vocabulary, Taxonomy and Metadata Tagging. This has been a critical requirement for some time now given the growth of unstructured and the rise of “Big Data: (yes, you heard me use the term in positive vain.

It is clear to me now that IBM has delivered on promises made several years back regarding “Putting the Business in the Drivers Seat” in respect to both Information Governance and Information Management. The entire Information Management Ecosystem is fully aligned with this ideal (Data Warehouses, Business Analytics, BI, etc.). As a result they are no

w without the exception the end-to-end leader in Business Informatics and Advanced Analytics. The portfolio they have created is not only Best in Class, but fully integrated from the Top Down and Bottom Up. Additionally, they have created the most flexibility along the way to integrate these capabilities into any type of enterprise landscape, not matter how heterogenous.

Captains’ of Industry take note. “IBM has positioned themselves as the Strategic Partner of Choice to support your organizations’ “Analytics Vision” no matter how large or small it might be. You owe it to your organization to engage with them in a conversation about  this journey at a time in the near future. Planning is critical to success so don’t hesitate.

Today is the final day of the IOD Death March and it is a full one as always. I will provide my review of the final day in my Friday (10/26) posting.

 

In Big Data, Business Analytics, Compliance, Governance, Information Governance, Information Management , ,
permalink

What is Governance? (and why is it so hard to understand, much less achieve?)

April 28, 2012 — Leave a comment

I have spent a great deal of my career working in the domain of Governance and continue to be surprised, much less amazed by the general lack of understanding of the term and how it applies to Corporations, Government Entities and Not-for-Profits. The term is bandied around by all and layered like an icing on everything that is done (or contemplated), but few outside of the Legal & Compliance domains actually know what its intent is, much less how to properly apply it.

I see this phenomena every day in my Executive Consulting endeavors in the Information Governance (IG) domain. Information Governance is fraught with many perils of its own (the notion of “Information is an Asset”, cultural change and adoption, lack of good tools and practices, etc.), but seems to suffer most from this lack of “What is Governance”.

Over the next several months I am going to post a series of blogs on the subject of “What is Governance?”. I hope that as a result of this, many of you will have a much better understanding of its value & power, as well as how to apply it successfully in your organization given its culture, challenges & opportunities and long-range strategic goals.

In closing, I will leave you with one thing to consider; “What is Governance to begin with?’

Governance relates to the consistent management, cohesive policies, guidance, processes and decision-rights for a particular area of responsibility.
  • It comes from the Greeks (kubemáo) “to steer”
  • It can be organized in many forms (suited to its purpose)
  • It is designed to create “a collective good” for the organization
Stay tuned for the next installment in this series; “Why do we need Governance?”
In Compliance, Governance, Information Governance, Information Management, Law, Regulations
permalink