This week we are focusing on how to talk to boards about privacy and data security issues. Typically a starting point for lawyers is convincing those in a corporation why a board should care about privacy and data security. Or a board member about why she should care about privacy and data security. There are several reasons, but a few that have resonated the most when we talk to board members are the following. Namely, that regulators require or expect Board oversight, and board members can face potential liability for oversight failures. Board members generally have a fiduciary duty of care, which requires them to be informed by asking the right questions and requesting the right information. How can board members best manage these responsibilities? They can consult with counsel and other experts, when needed, and take sufficient time during meetings to discuss and understand the company’s approach to data privacy and security and consider alternative courses of action, if necessary.
Putting it Into practice: Companies should keep in mind that board members are getting a lot of advice about privacy and data security, and will often ask many questions to ensure that they are living up to their duty of care. Are you ready to respond to and address those questions?