John Montana

The Dilemma of Democracy and Information – Double Edged Swords from out of Pandora’s Box

A number of recent stories illustrate the possibilities and perils of 21st-century information technologies. I recently discussed Hillary Clinton’s email troubles, but there are other recent stories that continue and illustrate this trend.

Read more

John Montana

Brexit and its effect on Information Governance

There’s a hoary old saying that you learn in law school: “the law is a seamless web”. What’s meant by this is that, although you study law as a series of discrete, siloed topics, it’s all really one big thing, and all interrelated.

Read more

John Montana

The EU’s General Data Protection Regulation – a Sea Change, or Old Wine in a New Bottle?

In April of this year, after many years of debate and drafting, the EU adopted its new General Data Protection Regulation (which I will call “the regulation” for the rest of this post). The regulation is an attempt to resolve a problem which is manifested itself for a very long time now – privacy regulation in Europe is done on a national basis, by highly independent national data privacy authorities, which means that any business in Europe that is implicated by privacy laws is dealing with 28 sets of laws. The national data privacy authorities have gone off in a great many different directions, resulting in very light regulation of data privacy issues in some places – e.g. the United Kingdom – and extraordinarily prescriptive and detailed regulation in other places such as France. The resulting hodgepodge has been a compliance nightmare for organizations for many years now, and the stated goal of the regulation is to harmonize this mass of law and make it easy for organizations to comply. The question is, does it actually do this?

Read more

John Montana

The Hillary Clinton Email Scandal: Two Information Governance Views (#1)

The Hillary Clinton email brouhaha has in many respects taken front and center in the political arena. But leaving aside the politics of it, there are many records management and information governance aspects of the whole affair that are important and valuable to those of us in the records and information management business, regardless of our political leanings and regardless of our desired outcome. So, let’s have a look at what we can learn from the episode, and what we might do differently in our own organizations based on that learning.

Read more

John Montana

The Hillary Clinton Email Scandal: Two Information Governance Views (#2)

In my last post I looked at the Clinton email scandal from the State Department’s point of view. It’s equally worthwhile to look at it from Clinton’s point of view. That’s what we’ll do today.

Read more

Electronic Signatures in Washington

Washington remains the only state that does not accord the same legal effect to electronic signatures as it does to their wet-ink versions for intrastate transactions involving government agencies.  Read more

China Passes New Accounting Record Keeping Regulation 2016

China has updated its record keeping requirements through the 2016 passage of a new accounting regulation, Administrative Measures on Accounting Records. Some of the new retention requirements have increased retention periods significantly. Here’s a breakdown of the new regulation: Read more

John Montana

Finding the Needle in the Haystack – Managing Big and Dark Data

We often think of Big Data or Dark Data as a thing – one big, amorphous blob of stuff, that either we can’t do anything with, or that we must deal with as one big blob of stuff.

Read more

John Montana

Records and Life in the Third World

I was in Africa recently, in the country of Sénégal in a little town called Guéoul. I wasn’t there on business, or more accurately, I wasn’t there on my normal business. I volunteer for a nongovernmental organization that tries to keep young girls from poor families in school.

Read more

Russian Data Localization Law

In September 2015 Russia passed a new data localization law (Federal Data Localization Law No. 526-FZ). The new law requires all businesses that collect personal data on Russian citizens to “record, systematize, accumulate, store, update, change, and retrieve that information” on databases within the Russian Federation.

Read more

John Montana

Kazakhstan Joins the Trend of Data Localization Laws

In November 2015, Kazakhstan passed the so-called Informatization Law, effective January 2016. This law is similar to a law recently enacted in Russia, in that both laws require that databases and record systems containing personal data about citizens of that country be maintained within the boundaries of the country.

Read more

John Montana

European Union Data Privacy Round 2

In addition to the European Court of Justice’s rejection (and invalidation) of the 16 year-old Safe Harbor mechanism between Europe and the United States (which is discussed in more detail below), the European Commission approved a reform of its own data privacy regime (on December 15, 2015). The new regime is an attempt by the Commission to rationalize the regulation of data collection and data privacy throughout the European Union.

Read more

John Montana

The MIDAS touch

A couple of weeks ago, it was revealed that the Multidimensional Insurance Data Analytics System, or MIDAS, the database used by the Obamacare system, maintains its data permanently. The data in question includes a wide variety of personal information, including insurance applications, personal financial information related to qualification for federal subsidies, and Medicare eligibility information. There’s no question, being as the database itself is used purely for the purpose of conducting insurance transactions, that the data in question is related to an insurance transaction. And the data in question doesn’t just involve current enrollees, either. If you go even partway through the application process, your data is there, apparently forever.

Read more

Privacy Matters

European Union Drafting Stringent Data Privacy Regulation

Data privacy has been in the public eye quite a lot recently (Snowden, et al) but in reality it has been on the front burner of various news feeds for quite sometime, particularly in Europe. Read more

John Montana

Records Retention and Cloud–Based Storage

I’m often asked a question that goes something like this: “We’ve moved our records to a cloud-based vendor. How do we implement our records retention schedule on the vendor’s system?”  More often than not, this question involves personnel records and other human resources records, because there’s a big industry of outsourced HR functions, but it could be other records as well.

Many times, the answer that I have to give isn’t the one they want to hear. This is particularly true when the move has already been made.

Read more

John Montana

The Dodd Frank Conflict Minerals Certification Provision

Conflicts, What Conflicts?

One of the more obscure provisions of the Dodd Frank Act that’s coming up on a lot of organizations is the conflict minerals certification provision found at section 1502.

Read more