The findings of a recent Thomson Reuters Accelus survey entitled Better Board Governance: Communications, Security and Technology in a Global Landscape of Change raises questions about the level of security some corporations are taking (or failing to take) to protect sensitive and confidential corporate information transmitted between the corporate entity and its board members.
The survey finds that, “corporate policies and practices for managing board documents and communications may not be keeping pace with requirements for security and compliance.” Some of the problems that the survey identified include:
- Board Papers – 61% of all boards disseminate important board materials in paper format instead of using secure online methods like board portal tools.
- Board Communications – board members communicate via methods that lack any encryption. Many use public email services such Yahoo!, Gmail, and Hotmail to conduct important board business. A significant number of board members print out their materials and carry them with them, exposing the materials to loss or theft and no ability to destroy them remotely.
- Document Retention & Discovery – board members are storing corporate documents on their private home computers and private mobile devices, so the documents may not be captured in response to a discovery request.
- Secure Communications – board members are not provided secure computing/communication devices.
- Security – board documents are accessible via unsecured wifi networks, exposing them to theft or hacking. A significant number of board members have reported that their laptops, mobile devices, or sensitive docs were lost, stolen, or left in public places.
- Increased International Role – two-thirds of board members are managing global issues for their company and 83% of companies have board members who travel internationally extensively. This raises the issues of how board members are communicating and accessing their materials overseas and what measures are in place to ensure that the international communications and transmission of materials are secure.
The survey’s findings raise several questions. For example, with board members increasingly traveling overseas and managing international issues, are data security measures only as good as the protection available in the countries where board members are traveling? What is the right balance between security and business needs? To many board members, the convenience of access to all of their business information on one device may outweigh the security risk and the expense of implementing certain security measures. What policies and procedures are in place to ensure that “sufficient” data security measures are being taken?
Perhaps the best “takeaway” from this study is that there may be a gaping hole in the protection of corporate board communications and materials. Corporate in house counsel should be aware of the risks and perhaps work with the company’s IT department to evaluate the most cost-effective options to secure corporate board information.
DISCLAIMER: The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP or its clients. Similarly, the opinions expressed by those providing comments are theirs alone, and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients. All of the data and information provided on this site is for informational purposes only. It is not legal advice nor should it be relied on as legal advice.