Poor data 'governance' underlies security lapses

NEW YORK'A common thread runs through adverse events ranging from theft of a data-laden laptop to granting disaster housing money to prison inmates.

The thread is poor data governance, according to Steve Adler, program director for an IBM-led initiative known as the Data Governance Council. Speaking to corporate auditors and data security types at the C3 Expo IT trade show in New York yesterday, Adler cited the now-infamous recent lapses at the Veterans Affairs Department and the Federal Emergency Management Agency.

IBM has identified 11 data governance-related subjects, such as an organization's awareness of good data practices or whether it has done a proper risk analysis for its data.

The council consists mostly of financial and insurance companies, although it includes the government of Nassau County, N.Y.

Adler said good governance doesn't mean total lockdown of an organization, both because it is unworkable and because few companies or agencies carefully assess the true effect of governance lapses.

For example, although in the past year some 106 personal data losses were reported by companies and governments totaling some 108 million identities, only 645,000 Americans were reported by the Federal Trade Commission as having been victimized by identity theft, with relatively small losses.

'Good governance doesn't require a cop in every kitchen,' Adler said. 'Good governance is getting an organization to police itself effectively.' He cited a hypothetical pizza parlor, worried about the remote chance of having someone poison its pizzas, installing surveillance cameras and RFID tracking at every stage of pizza-making from dough to delivery.

'Would you want to live in that world?' Adler said.

He said the council is developing a data governance capability maturity model, similar to the CMM for software development operated by Carnegie Mellon University.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected