25 Sep 2010
Government agencies and those working with them (including regulated entities and contractors) routinely generate, use, store, and share information that, while not meeting the standards for classified national security information, is sufficiently sensitive to warrant some level of protection. Such sensitive information since 2008 has been re-categorized as Controlled Unclassified Information or CUI.
categories: Information Integrity
21 Mar 2009
This is the first in a series of posts about the many new compliance obligations contained within the recently signed, recovery Act, formally called the American Recovery and Reinvestment Act. The initial posts will not focus on the expected reforms related to new rules for executive compensation at companies taking government bailout money but instead will highlight lesser known new policy reforms on data protection and privacy, healthcare, taxes, and corporate whistleblowers. Part One looks at how the law expand's HIPAA scope and the the compliance risks associated with breaches of Protected Health Information or PHI. To enhance enforcement, the Act also makes HHS audits of HIPAA-covered companies mandatory and requires investigation of privacy and security rule related complaints. Although we can describe the rough contours of the changes based upon statutory language the HIPAA provisions also will be subject to rulemaking that will determine more exactly how challenging managing the new reforms may be.
28 Jan 2009
This is the first in a series of "Thinking About Risk" posts directed at improving business processes among the growing number of government contractors facing the new federal compliance requirements which include mandatory disclosure regulations.
Non-Disclosure Agreements (NDAs) have become a ubiquitous part of doing business with the government and with other government contractors. Yet the proliferation of NDAs may have actually increased the risk of failure to protect and safeguard truly sensitive information such as trade secrets. While the use of NDAs provides evidence of an intent to comply with non-disclosure requirements, we must ask whether their overuse--often driven by an abundance of caution and the desire to assure the availability of a legal defense should it become necessary-- actually increases risk by undercuttting the true value of such instruments.
Non-Disclosure Agreements (NDAs) have become a ubiquitous part of doing business with the government and with other government contractors. Yet the proliferation of NDAs may have actually increased the risk of failure to protect and safeguard truly sensitive information such as trade secrets. While the use of NDAs provides evidence of an intent to comply with non-disclosure requirements, we must ask whether their overuse--often driven by an abundance of caution and the desire to assure the availability of a legal defense should it become necessary-- actually increases risk by undercuttting the true value of such instruments.
categories: Ethics and Compliance Offices, Information Integrity
7 Jul 2008
The Past is a Foreign Country:Old Rules+New Technologies = Surprising Risks
L.P. Hartley, the English author, once memorably wrote that “The past is a foreign country; they do things differently there.”
I am not yet old enough to collect Social Security retirement benefits. When I attended law school and entered into the practice of law, people appearing to talk to themselves as they walked down the street were considered deranged; Bluetooth was a temporary dental problem resulting from eating fruit; Blackberries were a fruit; Google was the misspelling of a very high number; cells were places in jails where criminal clients were detained; Shepardizing a case involved red paperback books; and Spam was a canned pink gelatinous substance that pretended to be meat.
L.P. Hartley, the English author, once memorably wrote that “The past is a foreign country; they do things differently there.”
I am not yet old enough to collect Social Security retirement benefits. When I attended law school and entered into the practice of law, people appearing to talk to themselves as they walked down the street were considered deranged; Bluetooth was a temporary dental problem resulting from eating fruit; Blackberries were a fruit; Google was the misspelling of a very high number; cells were places in jails where criminal clients were detained; Shepardizing a case involved red paperback books; and Spam was a canned pink gelatinous substance that pretended to be meat.
categories: Information Integrity, Legal Perspective
25 Feb 2008
The Ethisphere Institute (http://ethisphere.com/influential/ ) recently compiled a list of the 100 Most Influential People in Business Ethics ranking executives' “influence” based upon their involvement in government rulemaking, company practices, corporate responsibility and sustainability efforts and many other things. The final list, released last month, is notable primarily because it includes a number of privacy protection advocates including Ethisphere’s top honoree, Neelie Kroes, the European Commissioner For Competition
categories: Corporate Culture, Information Integrity
20 Feb 2008
Speaking at a recent National Association of Corporate Directors (NACD) chapter meeting, I was stunned to hear CEOs and directors alike question why they should care about data quality—after all, isn’t that just the CIO's problem?
To my even greater surprise, among the least concerned in attendance were those who, like myself, were lawyers by training. Executives, Directors and ethics or compliance officers all need to recall the computer science teaching mantra “Garbage In, Garbage Out” or GIGO coined in the early days of computing to remind students that computers, unlike humans will unquestioningly process the most nonsensical input data and produce equally nonsensical output.
To my even greater surprise, among the least concerned in attendance were those who, like myself, were lawyers by training. Executives, Directors and ethics or compliance officers all need to recall the computer science teaching mantra “Garbage In, Garbage Out” or GIGO coined in the early days of computing to remind students that computers, unlike humans will unquestioningly process the most nonsensical input data and produce equally nonsensical output.
categories: Ethics and Compliance Offices, Information Integrity
14 Feb 2008
This week, IBM released a study on Businesses Seeking Growth through Social Responsibility available at: www.ibm.com/gbs/csrstudy.
IBM surveyed more than 250 business leaders globally to gauge how deeply Corporate Social Responsibility (CSR) has penetrated the core of corporate strategies and operations to discover that two-thirds of them are focusing on CSR activities to create new revenue streams. However, IBM found fewer than one-quarter of those surveyed believe they understand their customers' and other stakeholders CSR expectations well. This should be an alarming finding in today’s economic environment when customer expectations - and clout - are an increasingly important business dynamic.
IBM surveyed more than 250 business leaders globally to gauge how deeply Corporate Social Responsibility (CSR) has penetrated the core of corporate strategies and operations to discover that two-thirds of them are focusing on CSR activities to create new revenue streams. However, IBM found fewer than one-quarter of those surveyed believe they understand their customers' and other stakeholders CSR expectations well. This should be an alarming finding in today’s economic environment when customer expectations - and clout - are an increasingly important business dynamic.
