Poor data 'governance' underlies security lapses

NEW YORK'A common thread runs through adverse events ranging from theft of a data-laden laptop to granting disaster housing money to prison inmates.

The thread is poor data governance, according to Steve Adler, program director for an IBM-led initiative known as the Data Governance Council. Speaking to corporate auditors and data security types at the C3 Expo IT trade show in New York yesterday, Adler cited the now-infamous recent lapses at the Veterans Affairs Department and the Federal Emergency Management Agency.

IBM has identified 11 data governance-related subjects, such as an organization's awareness of good data practices or whether it has done a proper risk analysis for its data.

The council consists mostly of financial and insurance companies, although it includes the government of Nassau County, N.Y.

Adler said good governance doesn't mean total lockdown of an organization, both because it is unworkable and because few companies or agencies carefully assess the true effect of governance lapses.

For example, although in the past year some 106 personal data losses were reported by companies and governments totaling some 108 million identities, only 645,000 Americans were reported by the Federal Trade Commission as having been victimized by identity theft, with relatively small losses.

'Good governance doesn't require a cop in every kitchen,' Adler said. 'Good governance is getting an organization to police itself effectively.' He cited a hypothetical pizza parlor, worried about the remote chance of having someone poison its pizzas, installing surveillance cameras and RFID tracking at every stage of pizza-making from dough to delivery.

'Would you want to live in that world?' Adler said.

He said the council is developing a data governance capability maturity model, similar to the CMM for software development operated by Carnegie Mellon University.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.