was successfully added to your cart.


All Posts By

Bob Embleton

What is data?

By | CCPA, Cloud, CMMC, Data as Property, Legal, Privacy

Long before the internet, computer processors, ram, or hard drives much of the world’s data was composed of physically tangible and recognizable components.   Whether you were an artist that painted a celebrated canvas or a poet whose words filled the reader’s emotions or the engineer that drafted a suspension bridge, your data was composed and easily referenced as tangible items such as paper, ink, graphite, or paint. 

We protected our data in a number of ways limiting exposure of the content, registering content with agencies or groups with the intention to demonstrate ownership.  Often the data was physically protected under lock-and-key technologies whether in a building, a vault, or a case.  Beyond the registration of data with agencies or groups, controlling physical access to the data was critical and ensured the concepts and content was protected as property.

Yes, there were many individuals and groups that wanted to extract the value of your data but there was much more effort required to sequester, copy, manipulate, and extract value from the data of old.  Registration of your data with agencies and groups expanded to international partnerships with the ability to identify, prosecute, and protect the value of your data.  Beyond monetary value, the protection of government intellectual property and technology secrets held a top priority for countries around the world.  The flow of people in and out of the country was strictly monitored and employees received rigorous scrutiny before they were permitted within the ranks of the company.  With such physical barriers in place, significant and coordinated efforts were required to extract your data where nefarious state-actors exposed themselves to significant peril in order to locate, access, and photograph or outright steal the targeted data.  

The evolution of property rights gave way to clear ownership of your data in these tangible forms as the argument is traceable through time and physical parameters back to the owner.   Exposure of data in these tangible forms was limited to defined individuals where access tracking was easily understood, controlled, and connected to people, places, and things.

Think about it, everyone has experienced misplacing or worse the theft of your personal property at some point in time through your life.   Consider how you felt at that very moment when you could not find your keys, left the door of your home unlocked, walked into your office recently burglarized, or had your mobile phone taken when you were not watching?   How did you feel?

It is important to understand how our human condition drives our actions where that real fear, anger, and distrust motivates you to watch and protect those items.  Physical property, it’s value, and the related feelings drive us to guard the value our property implies.   In this case the protection of our data was in a perspective of physical property where the tangible nature invokes a direct emotional response.

Fast forward into the digital age.

I’ll ask you to think about the number of times over the past couple decades when you downloaded software applications, digital books, digital music, or anything of this nature from a site you found or a torrent reposit.  Did you have any sense that you were taking the value created by others?  Did you notice any emotional response at all? 

Now consider the form your data takes on today.  What is your data?  There is no paper, ink, graphite, or paint to identify and claim ownership. 

So, what is your data?  Most people think of their data as the form they entered it, such as, a phone number, employee name, or perhaps medical records where this is only the interpreted output of the primary components of your data.  Have you ever wondered how your words, pictures, drawings, or music actually end up in a form that can be captured, moved, modified, restored, or displayed?  More importantly do you ever wonder how you can clearly claim ownership over your data when you cannot see it or touch it? Do you think there is any legal recognition available that defines how you clearly own these artifacts you cannot see or touch?

How does the human condition respond to something that is so intangible as modern digital data?

The fact is we don’t respond, we don’t understand, and we have not yet been able to connect the protective emotional response triggered by physical property to intangible assets such as magnetic fields, electromagnetic waves, or packets of stored electrons.

This is your modern data.

  • Magnetic fields
  • Electromagnetic waves
  • Packets of electrons

No wonder it does not illicit an emotional response, when was the last time you worried about checking in on your ‘packets of electrons’?  You can’t see them or touch them and you need stuff made by other companies just to view or measure them.  What?  What is my data?

Consider a common experience of writing a document.  Your words, your copyright, your ideas are transferred from a keyboard into an application temporally holding your words, usually encoded as packets of electrons, until you save your writing for access at a later time.  If your computer stores information on a hard drive then your document will be saved in a sequence of magnetic fields.  How do you own a magnetic field?   If you send your document using a WIFI connection then your data is modulating electromagnetic waves, who owns the broadcast rights or more importantly what laws protect my ownership in transmission?  If you copy your document to your third-party cloud service it may be stored on a number solid-state drives as millions of packets of electrons, how do you recognize those electrons as your property on someone else’s system?

How does that work?  I just saved my documents onto a third-party cloud service!  Let me see, so the corporation that is the service, who is recognized as an individual under the law just collected all my data as packets of electrons into the hardware that they own.  This hardware is stored on their real estate and housed inside a company building.  So where in our legislative construct does it outline that packets of electrons can be defined as my property with all the protection afforded my stuff under property law?

The reality is we are decades away from a level of recognized ownership of these intangible components, as supported by codified or precedent law.  You are living in the wild-wild-west right now where this data has significant value to capture, sell, or hold for ransom while business leaders and our judiciary are yet to become fully cognizant of the immediate negative impact to our nation, economy, and privacy.

You are not alone.  In business the majority of business owners and c-suite executives view this intangible data management as a cost-center and lack the emotional triggers that would normally drive a detailed review in the delivery of systems.   They often push towards lower cost solutions and third-party service providers in an effort to further reduce expenditures.  How many leaders do you think actually completed a detailed review to interpret how the current legislative systems, codified law and precedent law describes and protects the ownership of the magnetic fields, electromagnetic waves, and packets-of-electrons?   Given the insanity around us with data theft, ransomware, and international espionage I would say very few.

If your data is no longer in a tangible form how do you claim ownership? How do the Terms and Conditions of third-party services describe your data?  How do third-party services describe their liability, accountability, and indemnification responsibility when your data is impacted?  You may have enough trouble just protecting data across your local networks let alone considering the vast number of employees and potentially, foreign nationals, working at these third-party sites.

Business owners, c-suite executives, and CEO’s must take this seriously and acquire the essential basic education within this discipline in order to properly interrogate corporate decisions that involve your most valuable asset, your corporate data.

My Cloud Data Is Never Deleted

By | Cloud, CMMC, Data as Property, Legal

Over the past decade, as a result of millions of dollars of marketing effort,  business decisions were made and the push to the cloud began.  It took business owners a while to follow the herd as individuals flocked to free 3rd party cloud services but eventually the desire to reduce corporate expenses won and data exchange, storage, and cybersecurity was handed over to cloud companies.

Let’s face it, most people do not have the training or domain knowledge to understand exactly what is happening once they click the Save button on their document or spreadsheet application.   Most people understand the value of what they can see or touch or hold behind locked doors but few understand or perceive the value of the One’s and Zero’s that make up the data that is their document.

That data in its state as a file does not bear the tangible components of the physical world so we don’t apply any emotional value and subsequently don’t have the alarm bells ringing when it disappears from our control.

Tell me the last time you checked for your keys to your apartment, condo, home, or car.  How often in a day do we look for or think about where those keys reside?   These tangible physical objects have a value meaning in our lives so we guard and control them to the best of our ability.

What about my data?  In a business all of your data is your intellectual property which has unmistakable value yet we copy, save, hold, and forget this data inside other companies!  To compound the issue, these companies refuse to take any responsibility for the loss or theft of this information.  We don’t give it a second thought and how can we when this invisible intangible information is transacted and managed in ways most people do not understand.

Currently there are no codified laws or precedent established cases to guide legislation in defining that an intangible magnetic field is property of its creator.  This action and subsequent laws will take decades to argue in the courts all the while you are subjected to data theft, exposure, and loss due to a legacy internet architecture that was never designed for this level of commercialization.

It is more important today then ever before that you consider how you control and protect your Data, your Research, your HR records, your C-SUITE conversations, your Clients right to privacy, when you consider just following the herd.  Remember your company will end up being the accountable party providing restitution for breaches that impact your clients when your cloud provider fails, and they will.

I was prompted to write this article as I read through a ZNet article “New Windows 10 tool: This free Microsoft app helps you recover deleted or corrupted data…For photos, documents, videos and more, Windows File Recovery supports many file types to help ensure that your data is not permanently lost.”

So tell me your Cloud provider can’t already do the same thing?  8 years ago I was able to recover data on a dead hard-drive which included documents, spreadsheets and photos.

So tell me your Cloud provider, their employees, and hackers can’t access your data even after you hit delete.  What happens to those hard-drives that fail, do you think your Cloud provider cares?  Even it they do there are tools to extract your data.

Let’s pause for a moment and consider just the top 20% of your corporate data you need to protect from 3rd party exposure.

  • Law firms cannot protect your Client – Solicitor Privilege through the use of 3rd party services such as Email or Cloud or Chat tools
  • HR departments hold precious personally identifiable information if exposed may result in identity theft or fraud
  • C-SUITE consider conversations that involve M&A, HR, Litigation between board members and leadership, if you are publicly traded this could spell disaster
  • Financial Services cannot protect your privacy and guard your social security, banking, and tax return data through Cloud services

Now let’s pause and take a breath.  It’s not the end of the world, although today it may seem like it, there are simple, easy, and cost effective ways you can protect your data, remove third party exposure and treat your digital data just like physical property.

Connect with me on linked in or subscribe to our blog posts to learn more.  The more we talk and share details about this issue the less scary it is to come up with an actionable plan that does not require years of technical knowledge or tens of thousands of dollars.