I.T. Governance: What if CIOs Had To Sign Off on Data?By John McCormick | Posted 2006-04-04 Email Print
How a government demand for current, accurate data could affect information chiefs.
Over the last couple of months, the Department of Justice and Google have been wrangling over access to the Internet service's Web search records. The Justice Department, which is out to protect minors from online pornography, wants the search records to gauge the effectiveness of content filters. Google, on the other hand, is fighting to protect its intellectual property and its customers' privacy.
On the surface, it's a fascinating case. But beyond the fight over who's right—the people trying to thwart pornographers or the company trying to protect customer privacy—there are deeper questions involved. For instance, when should companies hand over customer records to the feds? And what, if any, responsibility do companies have to make sure their records are current and accurate?
How those questions are eventually answered will affect the way chief information officers do their jobs.
This, of course, isn't the first time customer files have been requested. The feds have asked for passenger information from the airlines to fight hijackings, e-mails from companies to prosecute dirty executives, and Web histories from Internet service providers to investigate hackers. The government, according to MSNBC, even asked the Professional Association of Diving Instructors for student records as part of its counterterrorism program.
In the Google case, the government also wanted search records from AOL, Microsoft and Yahoo, which, to certain degrees, gave up their records. Google, however, has been putting up a fight.
So, the question arises: When should companies surrender their records? For most, says Accenture CIO Frank B. Modruson, the policy is simple: You hand over data, he says, "when the lawyers tell you to."
But with lawyers telling AOL and Google different things, how does this make customers feel? Shouldn't companies have some sort of public policy, if for no other reason than to boost customer confidence? Modruson, for one, thinks so. He says companies should start working on some best practices to guide them through these issues.
Which brings us to another interesting question: When a company does turn over a record to the government, what guarantees can it offer that its information is current or even accurate?
Consider Gartner said not too long ago that about 25% of the critical data—such as inventory reports, product codes and employee records—in Fortune 1,000 databases is inaccurate or incomplete.
So, to make sure the government is getting good data, Paul Strassmann, a former tech executive at the Defense Department, NASA and Xerox, and a Baseline contributor, believes companies and their CIOs will soon be required to sign off that any data they release is accurate and current.
"CIO certification? Yeah, the government is headed that way," says John Stevenson, Sharp Electronics' former CIO and a board member of the Society for Information Management, the national CIO organization.
But what does this mean for CIOs?
Just think about the work companies had to do for Sarbanes-Oxley, Stevenson says.
Now, think about all the records kept in corporate data repositories, from supplier invoices, to trade secrets, to customer bills.
Some say there's no way to guarantee that every data bit in an electronic file is accurate, but then the government is probably going to be selective.
So, information chiefs will need to be educated on the laws and regulations that affect both their industries and the specific information they keep, according to Larry Downes, associate dean of the University of California at Berkeley's School of Information Management and Systems. CIOs will also have to decide what to do with the information buried in legacy systems, he says. Do they go back and audit those files? And if so, how do they dig back through all that code? And don't forget about the information stored in vendor systems. It won't be easy.