Information Malpractice: Coming Soon To A Cloud Near You?Information Malpractice: Coming Soon To A Cloud Near You?

Who says selling insurance is dull work? Riveting an Interop audience with his prediction of "information malpractice" and declaring that "data is the new oil" because it offers both tremendous value and tremendous liability, The Hartford's VP of cyber risk and new media markets said that cloud computing has the potential to increase enterprises' exposure on governance, security, and control.Yes indeed, Drew Bartkiewicz earned his money for The Hartford today, and in so doing he performed a great service for CIOs evaluating long-term cloud strategies. By bringing into sharp focus not so much the technical sides of cloud computing's security challenges, nor the overdramatized hand-wringing of Google being down for a few hours, but rather the huge legal exposure that exists and the glaring lack of awareness about those laws, Bartkiewicz reinforced the notion that CIOs have to work more closely than ever before with their corporate legal teams in this age of rapidly increasing compliance and regulatory burdens.

Then again, it would have been pretty strange for insurance exec Bartkiewicz - who was a mid-level manager for Salesforce.com before taking that industry knowledge and applying it within the insurance industry - to sit in front of a room full of IT folks eager to learn more about cloud potential and applications and success stories to say something like, "Risk, schmisk! Cloud computing's as risk-free as cash under your mattress. HIPAA, FDA, privacy policies - fuhgeddaboudit!"

So while no one in the room was surprised that the guy tasked with selling liability coverage to cloud-computing vendors and cloud-computing consumers was telling some scary stories, his combination of insightful anecdotes and engaging style pushed the topic of exposure and risk to the top of what had already become a lively discussion. Here are some examples of Drew's pithier comments:

--"What we're talking about here is something that I've come up with a new term to describe: 'information malpractice.' I was speaking to a group of medical professionals - MDs, surgeons, [insurance] brokers who sell med-mal [medical-malpractice insurance], and we started talking about the situation in hospitals, where they're starting to accumulate very large volumes of very sensitive, very personal, and potentially very actionable data. And I thought the perfect term for all of this that comes under this rubric is 'information malpractice.' " --Because many companies have such glaring holes in what they know about the large and growing body of law and regulations around privacy and information-retention and archiving and FRCP at all levels of government and across more and more industries, "We often hear clients who are being sued say things like, 'I had no idea there was a rogue employee working in the cloud' or 'I had no idea we had to inform people in 48 states every time we do this or that' or 'I didn't know you couldn't do contextual advertising in Germany' - right, and that's because over there they call it 'surveillance.' " --"It's only a matter of time before legislators and lawyers catch up with these new developments like cloud computing and write them into the laws - and that will happen even though 90% of the errors are completely nonmalicious. But that intent doesn't matter." --"Cloud computing is an emerging market because it offers potential windfall gains for those who do it well, and windfall losses for those who don't do it well and instead just dabble in it and misrepresent what they can and can't do." --"I think you'll see different clouds for different industries" because the business models vary wildly in how data and content are used and deployed in the cloud, Bartkiewicz said. "Someone steals your credit-card number online, it's a nuisance but it's really no big deal. But someone exposes your electronic medical records and suddenly the world knows you've been getting gonorrhea treatment for four years and you're the CEO of a public company, well, that's very different."