In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board members best address this? Boards will need to understand what their organizations are doing to address and respond to privacy and data security risks, threats, and incidents. They will need to be regularly informed of such efforts, and should monitor compliance. Simply assuming the Company’s IT/IS department has it handled will no longer suffice. For our prior post on this topic, click here.
Putting it into practice: Companies should take steps to make sure that their boards are appropriately informed of the privacy and data security efforts of the company, as well as risks and threats facing the organization. This education can be accomplished in several ways. A few examples include holding privacy or data security-specific roundtables for your Board or taking time regularly during Board meetings to present specifically on the subjects of privacy and data security.