A couple of weeks ago, it was revealed that the Multidimensional Insurance Data Analytics System, or MIDAS, the database used by the Obamacare system, maintains its data permanently. The data in question includes a wide variety of personal information, including insurance applications, personal financial information related to qualification for federal subsidies, and Medicare eligibility information. There’s no question, being as the database itself is used purely for the purpose of conducting insurance transactions, that the data in question is related to an insurance transaction. And the data in question doesn’t just involve current enrollees, either. If you go even partway through the application process, your data is there, apparently forever.
Read more
The Dilemma of Democracy and Information – Double Edged Swords from out of Pandora’s Box
/0 Comments/in Future Trends and Prognostications /by John MontanaA number of recent stories illustrate the possibilities and perils of 21st-century information technologies. I recently discussed Hillary Clinton’s email troubles, but there are other recent stories that continue and illustrate this trend.
Read more
Brexit and its effect on Information Governance
/0 Comments/in Future Trends and Prognostications /by John MontanaThere’s a hoary old saying that you learn in law school: “the law is a seamless web”. What’s meant by this is that, although you study law as a series of discrete, siloed topics, it’s all really one big thing, and all interrelated.
Read more
The EU’s General Data Protection Regulation – a Sea Change, or Old Wine in a New Bottle?
/0 Comments/in Legal / Regulatory Matters /by John MontanaIn April of this year, after many years of debate and drafting, the EU adopted its new General Data Protection Regulation (which I will call “the regulation” for the rest of this post). The regulation is an attempt to resolve a problem which is manifested itself for a very long time now – privacy regulation in Europe is done on a national basis, by highly independent national data privacy authorities, which means that any business in Europe that is implicated by privacy laws is dealing with 28 sets of laws. The national data privacy authorities have gone off in a great many different directions, resulting in very light regulation of data privacy issues in some places – e.g. the United Kingdom – and extraordinarily prescriptive and detailed regulation in other places such as France. The resulting hodgepodge has been a compliance nightmare for organizations for many years now, and the stated goal of the regulation is to harmonize this mass of law and make it easy for organizations to comply. The question is, does it actually do this?
Read more
The Hillary Clinton Email Scandal: Two Information Governance Views (#1)
/0 Comments/in General Records and Information Management /by John MontanaThe Hillary Clinton email brouhaha has in many respects taken front and center in the political arena. But leaving aside the politics of it, there are many records management and information governance aspects of the whole affair that are important and valuable to those of us in the records and information management business, regardless of our political leanings and regardless of our desired outcome. So, let’s have a look at what we can learn from the episode, and what we might do differently in our own organizations based on that learning.
Read more
The Hillary Clinton Email Scandal: Two Information Governance Views (#2)
/0 Comments/in General Records and Information Management /by John MontanaIn my last post I looked at the Clinton email scandal from the State Department’s point of view. It’s equally worthwhile to look at it from Clinton’s point of view. That’s what we’ll do today.
Read more
Electronic Signatures in Washington
/0 Comments/in Legal / Regulatory Matters /by Hana HispaWashington remains the only state that does not accord the same legal effect to electronic signatures as it does to their wet-ink versions for intrastate transactions involving government agencies. Read more
China Passes New Accounting Record Keeping Regulation 2016
/0 Comments/in Records Retention /by John KainChina has updated its record keeping requirements through the 2016 passage of a new accounting regulation, Administrative Measures on Accounting Records. Some of the new retention requirements have increased retention periods significantly. Here’s a breakdown of the new regulation: Read more
Finding the Needle in the Haystack – Managing Big and Dark Data
/0 Comments/in Big Data /by John MontanaWe often think of Big Data or Dark Data as a thing – one big, amorphous blob of stuff, that either we can’t do anything with, or that we must deal with as one big blob of stuff.
Read more
Records and Life in the Third World
/0 Comments/in General Records and Information Management /by John MontanaI was in Africa recently, in the country of Sénégal in a little town called Guéoul. I wasn’t there on business, or more accurately, I wasn’t there on my normal business. I volunteer for a nongovernmental organization that tries to keep young girls from poor families in school.
Read more
Russian Data Localization Law
/0 Comments/in Privacy /by John KainIn September 2015 Russia passed a new data localization law (Federal Data Localization Law No. 526-FZ). The new law requires all businesses that collect personal data on Russian citizens to “record, systematize, accumulate, store, update, change, and retrieve that information” on databases within the Russian Federation.
Read more
Kazakhstan Joins the Trend of Data Localization Laws
/2 Comments/in Privacy /by John MontanaIn November 2015, Kazakhstan passed the so-called Informatization Law, effective January 2016. This law is similar to a law recently enacted in Russia, in that both laws require that databases and record systems containing personal data about citizens of that country be maintained within the boundaries of the country.
Read more
European Union Data Privacy Round 2
/2 Comments/in Privacy /by John MontanaIn addition to the European Court of Justice’s rejection (and invalidation) of the 16 year-old Safe Harbor mechanism between Europe and the United States (which is discussed in more detail below), the European Commission approved a reform of its own data privacy regime (on December 15, 2015). The new regime is an attempt by the Commission to rationalize the regulation of data collection and data privacy throughout the European Union.
Read more
The MIDAS touch
/0 Comments/in Future Trends and Prognostications /by John MontanaA couple of weeks ago, it was revealed that the Multidimensional Insurance Data Analytics System, or MIDAS, the database used by the Obamacare system, maintains its data permanently. The data in question includes a wide variety of personal information, including insurance applications, personal financial information related to qualification for federal subsidies, and Medicare eligibility information. There’s no question, being as the database itself is used purely for the purpose of conducting insurance transactions, that the data in question is related to an insurance transaction. And the data in question doesn’t just involve current enrollees, either. If you go even partway through the application process, your data is there, apparently forever.
Read more
Privacy Matters
/0 Comments/in Privacy /by John KainEuropean Union Drafting Stringent Data Privacy Regulation
Data privacy has been in the public eye quite a lot recently (Snowden, et al) but in reality it has been on the front burner of various news feeds for quite sometime, particularly in Europe. Read more
Records Retention and Cloud–Based Storage
/1 Comment/in Cloud Computing, Records Retention /by John MontanaI’m often asked a question that goes something like this: “We’ve moved our records to a cloud-based vendor. How do we implement our records retention schedule on the vendor’s system?” More often than not, this question involves personnel records and other human resources records, because there’s a big industry of outsourced HR functions, but it could be other records as well.
Many times, the answer that I have to give isn’t the one they want to hear. This is particularly true when the move has already been made.
Read more
The Dodd Frank Conflict Minerals Certification Provision
/0 Comments/in Future Trends and Prognostications, Legal / Regulatory Matters /by John MontanaConflicts, What Conflicts?
One of the more obscure provisions of the Dodd Frank Act that’s coming up on a lot of organizations is the conflict minerals certification provision found at section 1502.
Read more