Wednesday, December 28, 2011

Hacking Happens

Information security suggests that you can actually protect your information crown jewels. I am not a security expert, but I do know one thing for certain about security. No matter how much you seek to protect information, and how much money and vigilance you throw at the problem, that still bad guys can and will get to your data nugget if they want to bad enough.

I usually determine how important some business event is to the US or world economy based upon its location in the Wall Street Journal. An imprecise science no doubt, but useful nonetheless to ascertain what matters to our economy. So, when I recently read about the US Chamber of Congress getting hacked by the Chinese, I took note that it was the first article on the front page and took up more space on page 4 of the first section. So what, hacking happen every day, all day long. But this one was special because the Chinese hackers grabbed US policy toward China and allowed the bad guys to watch the policy wonks inside the Chamber for over a year, says the FBI. The attack was sophisticated and as a result was undetected by the Chamber until the FBI told them of it recently.

Not only did the Chinese hackers have access to policy documents, email accounts, and all sorts of important information, but they also may have gotten access to Chamber members company email accounts and messages. The hackers even hacked a thermostat at a condo owned by the Chamber and a Chamber printer now inexplicably prints Chinese characters on documents.

Yikes! I was invited to China by a wonderful academic and met with several of her students a short while ago in Beijing. After communicating with the various Chinese students to work out logistics, inexplicably my computer started to change content from English to Chinese characters. If that wasn’t bad enough, the translated characters, were actually “dirty” words usually of a sexual nature. I retired the computer early to protect our reputation but wonder, why bother with my boring email. If someone cares about my stuff they must care about lots of stuff which we don’t think is important. If we don’t think it’s important, I bet we aren’t so vigilant about protecting it. If that’s true, I bet we get lots of stuff hacked that we don’t even know about. Heck even our vigilant folks get exposed.

Are you kidding me.

Thursday, December 8, 2011

A Silly Little GLITCH. . . Really???

Repeat after me-when information is in electronic form, the accuracy doesn’t matter, provided that a GLITCH caused the issue. And if there are mistakes in the data, there is no harm because it is caused by a silly little old GLITCH. Take for example, the English organ transplant organization, that had to admit to the government and all those nice people waiting for an organ transplant that it made a small boo-boo. Well, it wasn’t the people that made the mistake, it was a computer glitch. Therefore the downside is rather limited—right?

“The health organisation, which is responsible for the Organ Donation Register (ODR), was found to have recorded the preferences of 444,031 people incorrectly due to a software error which dated back to 1999.” http://www.itpro.co.uk/630274/over-400-000-organ-donation-details-stored-incorrectly

Imagine a middle aged peaked chap, (let’s call him Nigel as that seems brilliantly British) was waiting patiently on the list for a liver and his life depended on it. Because of the GLITCH the transplant list indicated that he was waiting on a butt transplant from a brilliant member of the staff at a prestigious university. And he waits and waits and the butt never shows up.

What’s the big deal about waiting. Imagine, several livers happened by that would have been a match for Nigel but he never was notified because he was looking for a smart @$$.


Are You Kidding Me.

Tuesday, September 13, 2011

Own the problem. Make it Right.

“Records are neither good nor bad. They just are. Records are neither good nor bad. They just are. Records are neither good nor bad. They just are,” muttered Hansel and Gretel as they reviewed the records of consumed children meticulously kept by the terrible Witch and contemplated their fate of swimming in the cauldron of boiling water.

I am asked all the time about building records programs and “dealing” with litigation proactively. I tell them REALLY clearly to refrain from managing information based upon what may be relevant in litigation, audit or investigation in the future. In other words, don’t architect a RIM program to proactively destroy what you think will hurt you down the road. Build a RIM program for maximizing business value. If something hurts you later on, your lawyers will need to deal with it later.

A pharmaceutical company scientist communicates in email about the efficacy of a drug compound, calling it into question based solely on her personal opinion but no science. Not the right place to question a drug compound efficacy (as drugs are always subject to lawsuits and this piece of evidence will no doubt be unearthed and serve as “proof” of substandard drug quality) but it now exists and may be relevant and discoverable down the road. Good policies, thorough training, and vigilant compliance efforts can deal with a lot of risk exposure but in the end if you hire knuckleheads, then they may hurt your organization.

I read a recent article in “Rolling Stone” magazine about the “The Catholic Church’s Secret Sex-Crime Files.” Among other things, the article is about what the church did wrong in hiding records of child molestation and covering up crimes by Church officials. What struck me about the article is that the author focused on the fact that the Church has kept meticulous files on so many molesters and how it covered up the crimes, over decades. Adding insult to injury, the Church has also kept the files in a place called the “Secret Archive”. This is example is not about faith or my beliefs on such a travesty - simply poor business practices.

You need to keep records of your business. You would want to track bad acts of your employees so you can correct behavior. You would likely keep records of claims made for harm caused by your business or its employees. But referring to the records you don’t want to expose to the world about child molestation and the cover up that ensued for years as “secret archives” makes you look like you know you have something to hide.

Whether a pharmaceutical company or the Church, good business is documented in good record keeping. Build it for transparency. Built it to support all the good business you do. And when records hurt the organization, don’t sweep it under the rug. Own the problem and make it right.

Thursday, September 8, 2011

HIPAA Violations - There Are Consequenses

“There are no consequences. There are no consequences. There are no consequences.” And soon thereafter the Wicked Witch of the West “witch slapped” the Kansas smile right off of Dorothy.

A guy was recently charged with violating the Health Insurance Portability and Accountability Act of 1996(HIPAA), which carries a maximum penalty of 10 years in prison, and a fine of $250,000.

As the story goes, confidential medical records were found in a dumpster which apparently belonged to Avalon Centers Inc., a former eating disorder clinic. The defendant is charged with taking the confidential records. However, he claims he did not look through the records that he took and that he did not take any patient files. So for his “innocent until proven guilty” attitude, he is being charged with improperly obtaining and disclosing individually identifiable health information.

Dorothy, Are You Kidding Me!

Tuesday, July 26, 2011

Your Business Needs to Rightsize

A Dozen Really Good Reasons Why Your Business Needs to Rightsize its Information Footprint

“Rightsizing Your Information Footprint” is my made-up term for turning your Information Parking Lots into a Goldie Locks and the Three Bears amount of information — not too much, not too little, but just the right amount. There is too much digital content with more created continuously. We need to clean up the past in a defensible way. While the daisies are beautiful at the beginning of their life, they lose their appeal as they decay. The same is generally true for information. Businesses also need a better path forward so that content comes into being because the business needs it, and all records are better managed.

Too much stuff, you fail to be business efficient and you get your clock cleaned when litigation strikes.
Too little information, you can’t run your business and you fail to comply with record keeping requirements, among other things.

So here are 12 remarkably compelling reasons to Rightsize, right now:

1. Information is growing at such a rapid rate that costs related to storing, finding, using, migrating, extracting, preserving information are too high
2. Knowing what information exists and where it is parked to be able to efficiently run your business is too complex
3. Technology has failed to find a good way to manage content with little impact to employee productivity (but Kahn is working on auto-classification to help)
4. Employees get too much content to be able to properly manage it
5. Content has sat for years in old Information Parking Lots and it is a decaying asset (Working on my new book called Chucking Daisies to help companies deal with this precise issue)
6. Companies spend too much time looking through way too much irrelevant stuff to respond to litigation, audits and investigations
7. Companies have out of date records used against them in litigation, which could have been disposed earlier
8. Systems are breaking down or no longer work as efficiently as they should, due to information volume burden
9. Data parking lots are being ill-managed and that failure is causing other failures, not the least of which is failing to harness needed information to be “faster, better and cheaper.”
10. Going Green. No list is complete until it has a bit of Green. Technology is using all kinds of energy and by cutting your energy, emission and every other relevant footprint, you are greener, you look better to the outside world and maybe the marketers have something Green to say about the effort
11. Information finds itself on unsanctioned data Parking Lots, when sanctioned ones fill up, making life more challenging
12. Along with volume, growth has been the creator of many new Information Parking Lots (Smart phones, Cloud, Twitter, Blogs, etc.) which makes management that much more challenging

Rightsizing will never be as easy as it is right now as information Parking Lots grow and grow. Clean house of digital data junk. Develop a thoughtful plan for future information retention. Rightsize now because it’s good business.

Thursday, July 14, 2011

AP Guideline - Lets talk.

Real business is done with social networking tools. But that world is really complex if you apply old business rules. Policy development becomes navigating competing interests within a personal/business world that is fast and casual.

The policies set forth in these pages are central to the AP’s mission; any failure to abide by them is subject to review, and could result in disciplinary action, ranging from admonishment to dismissal, depending on the gravity of the infraction.

STANDARDS AND PRACTICES

ANONYMOUS SOURCES:

Transparency is critical to our credibility with the public and our subscribers. Whenever possible, we pursue information on the record. When a newsmaker insists on background or off-the-record ground rules, we must adhere to a strict set of guidelines, enforced by AP news managers.

Under AP's rules, material from anonymous sources may be used only if:
1. The material is information and not opinion or speculation, and is vital to the news report.

2. The information is not available except under the conditions of anonymity imposed by the source.

3. The source is reliable, and in a position to have accurate information.

Reporters who intend to use material from anonymous sources must get approval from their news manager before sending the story to the desk. The manager is responsible for vetting the material and making sure it meets AP guidelines. The manager must know the identity of the source, and is obligated, like the reporter, to keep the source's identity confidential. Only after they are assured that the source material has been vetted should editors allow it to be transmitted.

Reporters should proceed with interviews on the assumption they are on the record. If the source wants to set conditions, these should be negotiated at the start of the interview. At the end of the interview, the reporter should try once again to move some or all of the information back on the record.

Before agreeing to use anonymous source material, the reporter should ask how the source knows the information is accurate, ensuring that the source has direct knowledge. Reporters may not agree to a source's request that AP not pursue additional comment or information.

The AP routinely seeks and requires more than one source. Stories should be held while attempts are made to reach additional sources for confirmation or elaboration. In rare cases, one source will be sufficient – when material comes from an authoritative figure who provides information so detailed that there is no question of its accuracy.

We must explain in the story why the source requested anonymity. And, when it’s relevant, we must describe the source's motive for disclosing the information. If the story hinges on documents, as opposed to interviews, the reporter must describe how the documents were obtained, at least to the extent possible.

The story also must provide attribution that establishes the source's credibility; simply quoting "a source" is not allowed. We should be as descriptive as possible: "according to top White House aides" or "a senior official in the British Foreign Office." The description of a source must never be altered without consulting the reporter.

We must not say that a person declined comment when he or she is already quoted anonymously. And we should not attribute information to anonymous sources when it is obvious or well known. We should just state the information as fact.

Stories that use anonymous sources must carry a reporter's byline. If a reporter other than the bylined staffer contributes anonymous material to a story, that reporter should be given credit as a contributor to the story.

And all complaints and questions about the authenticity or veracity of anonymous material – from inside or outside the AP – must be promptly brought to the news manager's attention.

Not everyone understands “off the record” or “on background” to mean the same things. Before any interview in which any degree of anonymity is expected, there should be a discussion in which the ground rules are set explicitly.

These are the AP’s definitions:
On the record. The information can be used with no caveats, quoting the source by name.

Off the record. The information cannot be used for publication.

Background. The information can be published but only under conditions negotiated with the source. Generally, the sources do not want their names published but will agree to a description of their position. AP reporters should object vigorously when a source wants to brief a group of reporters on background and try to persuade the source to put the briefing on the record. These background briefings have become routine in many venues, especially with government officials.

Deep background. The information can be used but without attribution. The source does not want to be identified in any way, even on condition of anonymity.

In general, information obtained under any of these circumstances can be pursued with other sources to be placed on the record.

ANONYMOUS SOURCES IN MATERIAL FROM OTHER NEWS SOURCES:

Reports from other news organizations based on anonymous sources require the most careful scrutiny when we consider them for our report.

AP's basic rules for anonymous-source material apply to pickups as they do in our own reporting: The material must be factual and obtainable no other way. The story must be truly significant and newsworthy. Use of sourced material must be authorized by a manager. The story must be balanced, and comment must be sought.

Further, before picking up such a story we must make a bona fide effort to get it on the record, or, at a minimum, confirm it through our own sources. We shouldn't hesitate to hold the story if we have any doubts. If the source material is ultimately used, it must be attributed to the originating member and note their description of their sources.

AUDIO:

AP’s audio actualities must always tell the truth. We do not alter or manipulate the content of a newsmaker actuality in any way. Voice reports by AP correspondents. may be edited to remove pauses or stumbles.

With the permission of a manager, overly-long pauses by news subjects may be shortened.

The AP does permit the use of the subtle, standard audio processing methods of normalization of levels, general volume adjustments, equalization to make the sound clearer, noise reduction to reduce extraneous sounds such as telephone line noise, and fading in and out of the start and end of sound bites _ provided the use of these methods does not conceal, obscure, remove or otherwise alter the content, or any portion of the content, of the audio. When an employee has questions about the use of such methods or the AP’s requirements and limitations on audio editing, he or she should contact the desk supervisor prior to the transmission of any audio.

BYLINES:

Bylines may be used only if the journalist was in the datelined location to gather the information reported. If a reporter in the field provides information to a staffer who writes the story, the reporter in the field gets the byline, unless the editor in charge determines that the byline should more properly go to the writer.

We give bylines to photographers, broadcast reporters and TV crew members who provide information without which there would be no story.

If multiple staffers report the story, the byline is the editor's judgment call. In general, the byline should go to the staffer who reported the key facts. Or, one staffer can take the byline for one cycle, and another for the following cycle.

A double byline or editor's note also can be used when more than one staffer makes a substantial contribution to the reporting or writing of a story. Credit lines recognize reporting contributions that are notable but don't call for a double byline.

If either of the staffers with a double byline was not in the datelined location, we should say who was where in a note at the story's end.

For roundups, the byline goes to the writer, with credit in an editor's note to the reporters who contributed substantial information.

Regarding credits for staffers who do voice or on-camera work: We do not use pseudonyms or "air names." Any exceptions – for instance, if a staffer has been known professionally by an air name for some time – must be approved by a manager.

CORRECTIONS/CORRECTIVES:

Staffers must notify supervisory editors as soon as possible of errors or potential errors, whether in their work or that of a colleague. Every effort should be made to contact the staffer and his or her supervisor before a correction is moved.

When we're wrong, we must say so as soon as possible. When we make a correction in the current cycle, we point out the error and its fix in the editor's note. A correction must always be labeled a correction in the editor's note. We do not use euphemisms such as "recasts," "fixes," "clarifies" or "changes" when correcting a factual error.

A corrective corrects a mistake from a previous cycle. The AP asks papers or broadcasters that used the erroneous information to use the corrective, too.

For corrections on live, online stories, we overwrite the previous version. We send separate corrective stories online as warranted.

For graphics, we clearly label a correction with a FIX logo or bug, and clearly identify the material that has been corrected.

For photos, we move a caption correction and retransmit the photo with a corrected caption, clearly labeled as a retransmission to correct an error.

For video, corrections in scripts and/or shotlists are sent to clients as an advisory and are labeled as such.

For live broadcasts, we correct errors in the same newscast if at all possible. If not, we make sure the corrected information is used in the next appropriate live segment. Audio correspondent reports that contain factual errors are eliminated and, when possible, replaced with corrected reports.

DATELINES:

A dateline tells the reader where we obtained the basic information for a story. In contrast, a byline tells the reader that a reporter was at the site of the dateline.

When a datelined story contains supplementary information obtained in another location – say, when an official in Washington comments on a disaster elsewhere – we should note it in the story.

The dateline for video or audio must be the location where the events depicted actually occurred. For voice work, the dateline must be the location from which the reporter is speaking; if that is not possible, the reporter should not use a dateline. If a reporter covers a story in one location but does a live report from a filing point in another location, the dateline is the filing point.

FABRICATIONS:

Nothing in our news report – words, photos, graphics, sound or video – may be fabricated. We don't use pseudonyms, composite characters or fictional names, ages, places or dates. We don't stage or re-enact events for the camera or microphone, and we don't use sound effects or substitute video or audio from one event to another. We do not “cheat” sound by adding audio to embellish or fabricate an event. A senior editor must be consulted prior to the introduction of any neutral sound (ambient sound that does not affect the editorial meaning but corrects a technical fault).

We do not ask people to pose for photos unless we are making a portrait and then we clearly state that in the caption. We explain in the caption the circumstances under which photographs are made. If someone is asked to pose for photographs by third parties and that is reflected in AP-produced images, we say so in the caption. Such wording would be: ``XXX poses for photos.’’

GRAPHICS:

We use only authoritative sources. We do not project, surmise or estimate in a graphic. We create work only from what we know.

We post or move a locator map only when we can confirm the location ourselves.

We create charts at visually proper perspectives to give an accurate representation of data. The information must be clear and concise. We do not skew or alter data to fit a visual need.

We credit our sources on every graphic, including graphics for which AP journalists have created the data set or database.

IMAGES:

AP pictures must always tell the truth. We do not alter or digitally manipulate the content of a photograph in any way.

The content of a photograph must not be altered in Photoshop or by any other means. No element should be digitally added to or subtracted from any photograph. The faces or identities of individuals must not be obscured by Photoshop or any other editing tool. Only retouching or the use of the cloning tool to eliminate dust on camera sensors and scratches on scanned negatives or scanned prints are acceptable.

Minor adjustments in Photoshop are acceptable. These include cropping, dodging and burning, conversion into grayscale, and normal toning and color adjustments that should be limited to those minimally necessary for clear and accurate reproduction (analogous to the burning and dodging previously used in darkroom processing of images) and that restore the authentic nature of the photograph. Changes in density, contrast, color and saturation levels that substantially alter the original scene are not acceptable. Backgrounds should not be digitally blurred or eliminated by burning down or by aggressive toning. The removal of “red eye” from photographs is not permissible.

When an employee has questions about the use of such methods or the AP's requirements and limitations on photo editing, he or she should contact a senior photo editor prior to the transmission of any image.

On those occasions when we transmit images that have been provided and altered by a source – the faces obscured, for example – the caption must clearly explain it. Transmitting such images must be approved by a senior photo editor.

Except as described herein, we do not stage, pose or re-enact events. When we shoot video, environmental portraits, or photograph subjects in a studio care should be taken to avoid, misleading viewers to believe that the moment was spontaneously captured in the course of gathering the news. In the cases of portraits, fashion or home design illustrations, any intervention should be revealed in the caption and special instructions box so it can’t be mistaken as an attempt to deceive.

For video, the AP permits the use of subtle, standard methods of improving technical quality, such as adjusting video and audio levels, color correcting due to white balance, eliminating buzzing, hums, clicks, pops, or overly long pauses or other technical faults, and equalization of audio to make the sound clearer _ provided the use of these methods does not conceal, obscure, remove or otherwise alter the content, or any portion of the content, of the image. The AP also allows digitally obscuring faces to protect a subject's identity under certain circumstances. Such video must not be distributed without approval of the Editor of the Day or senior manager. In addition, video for online use and for domestic broadcast stations can be fonted with titles and logos.

Graphics, including those for television, often involve combining various photographic elements, which necessarily means altering portions of each photograph. The background of a photograph, for example, may be removed to leave the headshot of the newsmaker. This may then be combined with a logo representing the person's company or industry, and the two elements may be layered over a neutral background.

Such compositions must not misrepresent the facts and must not result in an image that looks like a photograph – it must clearly be a graphic.

Similarly, when we alter photos to use as graphics online, we retain the integrity of the image, limiting the changes to cropping, masking and adding elements like logos. Videos for use online can be altered to add graphical information such as titles and logos, to tone the image and to improve audio quality. It is permissible to display photos online using techniques such as 360-degree panoramas or dissolves as long as they do not alter the original images.

OBSCENITIES, PROFANITIES, VULGARITIES:

We do not use obscenities, racial epithets or other offensive slurs in stories unless they are part of direct quotations and there is a compelling reason for them.

If a story cannot be told without reference to them, we must first try to find a way to give the reader a sense of what was said without using the specific word or phrase. If a profanity, obscenity or vulgarity is used, the story must be flagged at the top, advising editors to note the contents.

A photo containing something that could be deemed offensive must carry an editor's note flagging it.

When a piece of video or audio contains something that might be deemed offensive, we flag it in the written description (rundown, billboard and/or script) so clients know what they are getting. Recognizing that standards differ around the world, we tailor our advisories and selection of video and audio according to customer needs.

We take great care not to refer readers to Web sites that are obscene, racist or otherwise offensive, and we must not directly link our stories to such sites.

In our online service, we link the least offensive image necessary to tell the story. For photo galleries and interactive presentations we alert readers to the nature of the material in the link and on the opening page of the gallery or interactive. If an obscene image is necessary to tell the story, we blur the portion of the image considered offensive after approval of the department manager, and flag the video.

PRIVACY:

We do not generally identify those who say they have been sexually assaulted or pre-teenage children who are accused of crimes or who are witnesses to them, except in unusual circumstances. Nor do we transmit photos or video that identify such persons. An exception would occur when an adult victim publicly identifies him/herself.

Senior editors/managers must be consulted about exceptions.

PROVIDING ATTRIBUTION:

We should give the full name of a source and as much information as needed to identify the source and explain why he or she is credible. Where appropriate, include a source's age; title; name of company, organization or government department; and hometown.

If we quote someone from a written document – a report, e-mail or news release -- we should say so. Information taken from the Internet must be vetted according to our standards of accuracy and attributed to the original source. File, library or archive photos, audio or videos must be identified as such.

For lengthy stories, attribution can be contained in an extended editor's note, usually at the end, detailing interviews, research and methodology. The goal is to provide a reader with enough information to have full confidence in the story's veracity.

QUOTATIONS:

The same care that is used to ensure that quotes are accurate should also be used to ensure that quotes are not taken out of context.

We do not alter quotations, even to correct grammatical errors or word usage. If a quotation is flawed because of grammar or lack of clarity, the writer must be able to paraphrase in a way that is completely true to the original quote. If a quote's meaning is too murky to be paraphrased accurately, it should not be used.

Ellipses should be used rarely.

When relevant, stories should provide information about the setting in which a quotation was obtained – for example, a press conference, phone interview or hallway conversation with the reporter. The source's affect and body language – perhaps a smile or deprecatory gesture – is sometimes as important as the quotation itself.

Use of regional dialects with nonstandard spellings should generally be limited to a writer's effort to convey a special tone or sense of place. In this case, as in any interview with a person not speaking his or her native language, it is especially important that their ideas be accurately conveyed. Always, we must be careful not to mock the people we quote.

Quotes from one language to another must be translated faithfully. If appropriate, we should note the language spoken.

The video or audio editing of quotations or soundbites must not alter the speaker's meaning. Internal editing of audio soundbites of newsmakers is not permitted. Shortened soundbites by cutaway or other video transition are permitted as long as the speaker's meaning is not altered or misconstrued. Sound edits on videotape are permitted under certain circumstances, such as a technical failure. They must be done only after approval by a senior editorial manager.

RESPONSES:

We must make significant efforts to reach anyone who may be portrayed in a negative way in our stories, and we must give them a reasonable amount of time to get back to us before we move the story. What is “reasonable” may depend on the urgency and competitiveness of the story. If we don’t reach the parties involved, we must explain in the story what efforts were made to do so.

USE OF OTHERS' MATERIAL:

An AP staffer who reports and writes a story must use original content, language and phrasing. We do not plagiarize, meaning that we do not take the work of others and pass it off as our own.

But in some respects, AP staffers must deal with gray areas.

It is common for an AP staffer to include in his or her work passages from a previous AP story by another writer – generally background, or boilerplate. This is acceptable if the passages are short. Regardless, the reporter writing the story is responsible for the factual and contextual accuracy of the material.

Also, the AP often has the right to use material from its members and subscribers; we sometimes take the work of newspapers, broadcasters and other outlets, rewrite it and transmit it without credit.

There are rules, however. When the material is exclusive, controversial or sensitive, we always credit it. And we do not transmit the stories in their original form; we rewrite them, so that the approach, content, structure and length meet our requirements and reflect the broader audience we serve.

Similar rules apply when we use material from news releases. Under no circumstances can releases reach the wire in their original form; we can use information and quotes from releases, but we must check the material, augment it with information from other sources, and then write our own stories.

We apply the same judgment in picking up material from members or from news releases that we use when considering information we receive from other sources. We must satisfy ourselves, by our own reporting, that the material is credible. If it does not meet AP standards, we don't use it.

For video, if another broadcaster's material is required and distributed, the name of that broadcaster shall be advised on the accompanying shotlist.

Pickups of audio and of television graphics are credited in billboards/captions when the member requests it.

(Read the Sept. 1, 2010 guidelines for credit and attribution)

CONFLICTS OF INTEREST

The AP respects and encourages the rights of its employees to participate actively in civic, charitable, religious, public, social or residential organizations.

However, AP employees must avoid behavior or activities - political, social or financial - that create a conflict of interest or compromise our ability to report the news fairly and accurately, uninfluenced by any person or action. Nothing in this policy is intended to abridge any rights provided by the National Labor Relations Act.

Here is a sampler of AP practices on questions involving possible conflict of interest. It is not all-inclusive; if you are unsure whether an activity may constitute a conflict or the appearance of a conflict, consult your manager at the onset.

EXPRESSIONS OF OPINION:

Anyone who works for the AP must be mindful that opinions they express may damage the AP's reputation as an unbiased source of news. They must refrain from declaring their views on contentious public issues in any public forum, whether in Web logs, chat rooms, letters to the editor, petitions, bumper stickers or lapel buttons, and must not take part in demonstrations in support of causes or movements.

FAVORS:

Employees should not ask news sources or others they meet in a professional capacity to extend jobs or other benefits to anyone. They also should not offer jobs, internships or any benefits of being an AP employee to news sources.

FINANCIAL INTERESTS:

Associated Press employees who regularly write or edit business or financial news must always avoid any conflict of interest or the appearance of any conflict of interest in connection with the performance of these duties. For these reasons, these employees must abide by the following rules and guidelines when making personal investment and financial decisions.

These employees must not own stock, equities or have any personal financial investment or involvement with any company, enterprise or industry that they regularly cover for the AP. A technology writer, for example, must not own any technology equities; a retail industry writer must not own the stock of any department store or corporate enterprise that includes department stores. Staff members who are temporarily assigned to such coverage or editorial duties must immediately notify a manager of possible conflicts to determine whether the assignment is appropriate. If necessary, employees might be asked either to divest or to suspend any activity involving their holdings.

Editors and writers who regularly cover the financial markets may not own stock in any company. They may invest in equity index-related products and publicly available diversified mutual funds or commodity pools.

Financial news employees must also avoid investment activities that are speculative or driven by day-trading or short-term profit goals because such activities may create the impression that the employee is seeking to drive market factors or is acting upon information that is not available to the public.

Instead, the personal financial activities and investments of these employees must be based upon the longer term and retirement savings. For these reasons, an employee covered by this policy should not buy and sell the same financial product within 60 days, unless he/she gains the permission of the department manager and is able to demonstrate financial need that is unrelated to information discussed or gained in the course of his/her employment. This trading limitation does not apply to equity-index funds, broadly diversified and publicly available mutual funds and commodity pools.

All employees must comply with federal and local laws concerning securities and financial transactions, including statutes, regulations and guidelines prohibiting actions based upon "inside information." All employees are reminded that they may not act upon, or inform any other person of, information gained in the course of AP employment, unless and until that information becomes known to the general public.

Employees should avoid any conflict of interest or the appearance of a conflict of interest in the investments and business interests of their spouses or other members of their household with whom they share finances. They are expected to make every effort to assure that no spouse or other member of their household has investment or business interests that could pose such a conflict.

Employees should be aware that the investment activities and/or financial interests of their spouses or other individuals with whom they share financial interests may make it inappropriate for them to accept certain assignments. Employees must consult with their managers before accepting any such assignment.

Employees who are asked to divest holdings will be given one year from the date of the request to do so, in order to give them the opportunity to avoid market fluctuations.

When this document requires the sale of stock holdings, an employee can satisfy this requirement by putting the shares into a blind trust (or into an equivalent financial arrangement) that meets the same goal: preventing an individual from knowing, at any given time, the specific holdings in the account and blocking an individual from controlling the timing of transactions in such holdings. If AP assigns a staff member to a new job where mandatory divestiture would impose a financial hardship even after the one-year grace period, AP will reimburse the staff member up to a maximum of $500 for the reasonable costs of setting up a blind trust.)

FREELANCE WORK:

Individuals who seek to engage in non-AP work are subject to the following restrictions:
Freelance work must not represent a conflict of interest for either the employee or the AP.

Such activities may not interfere with the employees' job responsibilities, including availability for newsgathering.

Such activities may not exploit the name of The Associated Press or the employee's position with the AP without permission of the AP.

Inevitably, some employees will use material they accumulated in their AP work - notes, stories (either written or broadcast), images, videotape, graphics - for other-than-AP uses. The resulting product must be presented to the AP for its approval prior to submission to any outside publisher, purchaser or broadcaster. And under no circumstances should the AP incur expenses for research material that is not used for AP purposes.

FREE TICKETS:

We do not accept free tickets to sports, entertainment or other events for anything other than coverage purposes. If we obtain tickets for a member or subscriber as a courtesy, they must be paid for, and the member should reimburse the AP.

GIFTS:

Associated Press offices and staffers are often sent or offered gifts or other items -- some of them substantial, some of them modest, some of them perishable -- by sources, public relations agencies, corporations and others. Sometimes these are designed to encourage or influence AP news coverage or business, sometimes they are just "perks" for journalists covering a particular event. Whatever the intent, we cannot accept such items; an exception is made for trinkets like caps or mugs that have nominal value, approximately $25 or less. Otherwise, gifts should be politely refused and returned, or if that is impracticable, they should be given to charity.

Books, CDs, DVDs, and other items received for review may be kept for staffers’ professional reference or donated to charities, but may not be sold for personal gain. In cases where restrictions forbid transfer to third parties, these items, usually CDs and DVDs should be recycled. Items of more than nominal value that are provided for testing, such as computer gear, must be returned.

AP and its employees may accept discounts from companies only if those discounts are standard and offered to other customers.

We do not accept unsolicited contest awards from any organization that has a partisan or financial interest in our coverage; nor do we enter such contests.

The aim in all dealings should be to underscore the AP's reputation for objectivity.

OFFICIAL SCORERS:

Employees may not serve as official scorers at sports events.

OUTSIDE APPEARANCES:

Employees frequently appear on radio and TV news programs as panelists asking questions of newsmakers; such appearances are encouraged.

However, there is potential for conflict if staffers are asked to give their opinions on issues or personalities of the day. Advance discussion and clearance from a staffer's supervisor are required.

Employees must inform a news manager before accepting honoraria and/or reimbursement of expenses for giving speeches or participating in seminars at colleges and universities or at other educational events if such appearance makes use of AP's name or the employee represents himself or herself as an AP employee. No fees should be accepted from governmental bodies; trade, lobbying or special interest groups; businesses, or labor groups; or any group that would pose a conflict of interest. All appearances must receive prior approval from a staffer's supervisor.

POLITICAL ACTIVITIES:

Editorial employees are expected to be scrupulous in avoiding any political activity, whether they cover politics regularly or not. They may not run for political office or accept political appointment; nor may they perform public relations work for politicians or their groups. Under no circumstances should they donate money to political organizations or political campaigns. They should use great discretion in joining or making contributions to other organizations that may take political stands.

Non-editorial employees must refrain from political activity unless they obtain approval from a manager.

When in doubt, staffers are encouraged to discuss any such concerns with their supervisors.

And a supervisor must be informed when a spouse -- or other members of an employee's household -- has any ongoing involvement in political causes, either professionally or personally.

TRIPS:

If a trip is organized, and we think the trip is newsworthy, we go and pay our way. If we have a chance to interview a newsmaker on a charter or private jet, we reimburse the news source for the reasonable rate of the costs incurred - for example, standard airfare. There may be exceptional circumstances, such as a military trip, where it is difficult to make other travel arrangements or calculate the costs. Consult a manager for exceptions.


Need help. Let’s talk.

Thought you might find the AP guidance interesting. Are You kidding Me.

Friday, June 24, 2011

It will never be enough.

A recent Wall Street Journal article began, “think of it as a mansion with a high-tech security system - but the front door wasn’t locked tight." Wrong. Not fair. Not true. Curious.

I would hate to be a info security professional right now.
However, it’s a great time to be info security because there is endless work.

Imagine making your best efforts and that not being sufficient. Imagine that every day someone with serious motivation and increasing sophistication tries to crack the security perimeter around your info treasure trove. Imagine you have loads of personal information or company trade secrets which you spend millions protecting. Imagine hiring the best info security employees, using all the best practices to lock down data and that is still not enough. Imagine for all your efforts the laws don’t care about trying or effort, but penalize you if your info is exposed.

I believe there are many great companies in precisely that situation - loads of data that they have gone to great pains to protect and it is simply insufficient. Many laws now require that anyone impacted by their info being exposed, even when such action is done by a criminal, get notice and sometimes “compensation” for the harm caused.

In the legal world, what this begins to sound like is that there is “strict liability” for data breaches, even when the harm was perpetrated by a criminal. Best efforts may not be protection. Doing the right thing is not enough. Being prudent is not good enough. Only thing that matters is keeping data protected.

Recent attacks include Citibank, ADP, and the US government. All with great incentive to get it right. No one is immune. I know they care and seek to do their best and still desire to get it right. But, technology imperfections and criminal creativity wins.

You can’t spend enough to protect the place.
You can’t be vigilant enough.
No matter what you do, it won’t be enough. A stronger hammer can always find the small window to the front door of the otherwise high tech protected mansion and smash the window and no law can change that.

Thursday, June 9, 2011

A guy takes a picture . . .

A guy takes a picture of his package. A guy takes a picture of his package and seeks to send it to a girl. A guy takes a picture of his package and seeks to send it to a girl via Twitter. A guy takes a picture of his package and seeks to send it to a girl via Twitter but, she is in high school. A guy takes a picture of his package and seeks to send it to a girl via Twitter but she is in high school and he is married. A guy takes a picture of his package and seeks to send it to a girl via Twitter but she is in high school and he is married and he is a US Congressman. A guy takes a picture of his package and seeks to send it to a girl via Twitter but she is in high school and he is married and he is a US Congressman and he mis-transmits, sending the image to tens of thousands of Twitter followers. A guy takes a picture of his package and seeks to send it to a girl via Twitter but she is in high school and he is married and he is a US Congressman and he mis-transmits, sending the image to ten of thousands of Twitter followers and he lies about it and says his device was hijacked or something like that.

Nearly a decade ago I wrote “eMail Rules” (which is still relevant and still being sold) that would have provided Weiner guidance to help save his job and everything else he has lost in the last two weeks. If money would have been an issue, it could have been bought on eBay for just a few dollars. Seems a small price to save your job.

Are you kidding me.

Thursday, April 14, 2011

Repeat after me. . .

Close your eyes. You’re getting sleepy. Sleepy. Sleeeeepy. Can you see Ms. Haversham’s house? Good. Now, repeat after me. Corporate competitiveness does not depend on access to information. And governance is not about information either. And records management is stooopid. And evidence does not need to be made available for audits or lawsuits. Good. Now can you envision every major news story in the past many months that has been covered ad nauseam in the media. Repeat after me - BP, Massey mine disaster, Fall of Egypt, Toyota car lurching lawsuits, Cobell Indian Rights class action. You will wake up when I snap my fingers, and you will be rested. And if you are still under this dream like delusion that you can run your business without better access to information we will need to put you back in the trance. GET ON THE CLUE BUS SLEEPY HEAD. Are You kidding me.

Tuesday, March 15, 2011

Harness your information

Often clients ask how do I sell information management without FUD (Fear, uncertainty, doubt)? When we help sell Records Management or any information management initiative we always lead with “faster, better, cheaper” or the business value. Stop it - RIM doesn’t make us a better business. If you think that's true, one client who built a RIM program from the ground up received the Business Process Improvement award for the entire company for their efforts.

Another example of the utility of harnessing information. On March 10, it was reported that after 50 years of looking for a new drug for Lupus, being able to better mine data from the human genome has allowed new therapies to come to light. You might say that is BI - business intelligence. We are now using the same machine learning algorithmic tools to do retention as these folks use to do BI. Get with the program. The world keeps changing and you need to get on the clue bus.

Thursday, March 3, 2011

Information today Evidence tomorrow

Information today Evidence tomorrow. If it exists, it may need to be produced. Blah, Blah, Blah. I got it already. Really?

A federal judge in Virginia recently agreed to consider compelling Twitter to hand over account information for Wikileaks to see if they communicated with the US military guy who is alleged to have turned that stuff over to Wikileak. Twitter is fighting the effort so far. The government wants to show that Wikileaks and the military guy communicated BEFORE he gave them hundreds of thousands of classified documents.

Do business in Twitter, Facebook, Myspace, Linkedin, Youtube or park info in “The Cloud”, and when the next lawsuit is filed against your organization, don’t be surprised if you are hanging out in discovery hell. Are You kidding me.

Friday, February 11, 2011

Hackers in the headlines

I had a dream. It was beautiful. In it the world was a safe and secure place. No one bothered anyone else. In fact even data theft and computer hacking had been eradicated.

As I rolled out of bed and grabbed my Wall Street Journal, the first thing that caught my eye was this headline “Hackers Gained Access to Nasdaq Systems, but Not Trades.” Geez. Thank goodness they didn’t get to make fallacious trades:) So much for my dream state.

Are you kidding me?

Monday, February 7, 2011

Lock it down

Companies get your policy ears on again. I have talked my head off making this point over an over. If information is an asset, make sure you protect it. Another example of it not happening as it should – Wall Street Journal reported in an article entitled “Spying Probe Centers on Electric Car” that 3 employees ALLEGEDLY stole e-car secrets and gave them away or sold them. Hello — Lock your stuff down!

R U kidding me

Monday, January 31, 2011

Proper information tracking is crucial

I have written about a data base snafu that may have contributed to the death of 29 miners in a Massey mine last year. As you may recall, the mine safety folks tracked safety infractions by mine, not by the owner of the mine. As it turns out certain companies may not be as good as others on safety. So, tracking and penalizing them by mine owner is likely more effective than by mine. Recently the Mine Safety Agency was trying to change a law by prohibiting a mine with many infractions to change their name to avoid penalties. Well, go back to the intent of the law — it's to protect miners. Track needed information about safety infractions by owner and penalize them when they fail. Information should travel with the owner of a mine not with the current named entity. Use some common sense here fellas. R U kidding me.

Friday, January 28, 2011

It's about evidence

In 1998, Muslim terrorists exploded two trucks outside US embassies in Tanzania and Kenya, killing 224 and maiming thousands more. One of the terrorists was recently tried for these heinous crimes in a “regular” court instead of a military court. This really bad guy was at Guantanamo Bay (with other "ALLEGED" terrorists)and at some point was subjected to “naughty” interrogation methods. As a result, the prosecution in our “regular” court didn’t use important evidence against our bad guy so he was only convicted of “conspiracy” and not 280 other more serious counts. But at least he was brought to justice 12 years after the slaughter and after spending millions of our tax dollars to give the bad guy a fair trial in a regular court. Did I tell you he was not a citizen?

I KNOW I AM NOT SUPPOSED TO GRACE MY BLOGS WITH POLITICS BUT THE STORY IS ABOUT EVIDENCE SO ITS OK. Besides, I was true to form by being sarcastic. Why does this not sit well with me?

Are you kidding me

Thursday, January 27, 2011

Time to take it more seriously.

Information Kills. Seems sort of dramatic, I know. Over the weekend I was reading a New York Times article entitled, “Information Law Empowers Indians, but Some Pay Terrible Price.” It is about a new law in India that allows citizens to get government information. Sort of like our Freedom Of Information Act. Seems like a good thing for governance and oversight. However, as you read the story, what is clear is that when folks ask for information and get close to the old way business is done, which may not be totally clean, the old power brokers start to care. So as folks garner information that exposes some of the questionable business dealings, the requesters are getting killed. You hear similar stories in Russia where journalists are being offed when they expose business power brokers. Another example, was the story of the imprisonment of the Chinese person who had a website to share information about melamine-tainted milk in China. That person is doing hard time for making information available.

That got me thinking Massey mines and dead miners and how information management failures played a role. I wrote about that many times in the past. Then I started thinking about Wiki leaks exposing information about the identity of Afghan intelligence “friends” of the US. And, that got me thinking about how important information is today. We don’t think about it as “life or death” stuff. But if information is the life blood of today’s business than perhaps you need to take it more seriously.

RU kidding me

Tuesday, January 25, 2011

The First Dialoginar Now Available

Dialoginars are a great new way to learn about a variety of enterprise content management topics. The first of ten Dialoginars that I will conduct with IBM is now available on IBM’s website at www.ibm.com/software/ilg/dialoginars. In this Dialoginar you will learn how you can use information as an asset in your organization. Check back with us on a regular basis to see future Dialoginars that will feature a new topic each month.

Monday, January 10, 2011

Are you a corporate hoarder?

I was driving the other day and got to a stop light and noticed the guy next to me in an older car. His car was filled to the brim with old newspapers except where he was sitting. I was driving with my kids and they were dumbstruck as they had never seen a hoarder before. I said the guy had “packratitis” and perhaps some other maladies. I have thought of that guy and his papers many times since then. Putting aside any issues he may have, even though the papers are in a confined area does he expect to find something in the pile? Could he find an article quickly if he needed to? What is the behavior around hoarders that makes them more comforted with all this stuff around them?

That got me thinking about where we are in the business lifecycle now. Lawyers and maybe some technology folks are compounding the corporate hoarder mentality that already confounds us. So much stuff, and no desire to get rid of it even if it makes us less efficient, creates a liability or overwhelms the systems. My resolution for you this year. Get over it.

Hoarders-you are hereby put on notice. Enough. Stop the madness. End the chaos. Clean house Now.

R U kidding me.