Judy Selby Consulting

  • Home
  • About
  • Case Studies
  • Events
    • Big Data Videos
    • Data Breach Videos
  • Blog
  • In the News
  • Contact
  • Cyber Insurance
  • Privacy Compliance
  • Cybersecurity
  • Insurance Coverage
  • Board of Directors
You are here: Home / Board of Directors / Getting Privacy Right: A Board Level Concern

Getting Privacy Right: A Board Level Concern

October 25, 2019 by Judy Selby

The range of issues confronting today’s business leaders is expanding at breakneck speed. Emerging concerns, such as geopolitical, governance, and climate risks, can have significant impacts on strategic planning, business operations, and revenue. Increased interconnectivity and disruptive technologies create opportunities but frequently have unforeseen consequences. In addition to adverse financial and operational impacts, a single misstep in managing these complex areas can damage corporate reputations almost overnight.

Against this complicated and varied backdrop, however, one emerging risk has been identified as the key issue keeping business leaders up at night. According to a recent survey by the Gartner research firm, accelerating privacy regulation is the top concern of executives across all industries.

Challenges created by the evolving privacy regulatory landscape

Privacy was once thought of as an obscure concern impacting only certain specialized organizations, perhaps in foreign countries. No more. From the EU’s General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA), new privacy requirements are cropping up around the globe. The reach of today’s privacy laws and regulations is long, capturing companies in every industry vertical and across borders. Privacy mandates now apply to broad categories of previously unregulated information that modern businesses routinely collect and store.

Simply keeping pace with new privacy mandates and understanding their impact on business operations and budgets is challenging. Non-compliance, however, is not an option. Recent laws can provide for hefty regulatory fines, injunctions, and statutory damages, even in the absence of a data breach. And as plaintiffs’ class action lawyers can attest, some laws expressly permit consumer lawsuits for privacy violations.

The stakes associated with getting privacy right now clearly extend to the boardroom. Privacy-driven lawsuits against directors and officers are on the rise. Plaintiffs have accused boards of failing to exercise their duty to oversee privacy and cyber risks in connection with costly data breach events. Boards also have been sued for failure to appropriately consider the impact of privacy compliance on business operations and for failing to accurately disclose the cost of compliance in their public filings. Directors and corporate officers have been removed from their jobs. Some have been grilled before Congress. Regulators, in addition to imposing massive fines, have required companies to create board-level privacy committees, create privacy programs, designate privacy compliance officers, improve board reporting, obtain regular third-party privacy assessments, and more.

As with every material risk a company faces, corporate boards, have a duty to oversee compliance and monitor privacy exposures. This requires the establishment of appropriate reporting systems and procedures that enable the board to discharge its oversight responsibilities. Undertaking good faith efforts to do so minimizes the risk of noncompliance in the first instance and provides protection for the company and the board if something does go wrong.

Related Posts

  • 3 Tips to Improve Cyber and Privacy Board Reporting3 Tips to Improve Cyber and Privacy Board Reporting
  • Directors and Officers Rank Cyber and Privacy as Top Global Boardroom RisksDirectors and Officers Rank Cyber and Privacy as Top Global Boardroom Risks
  • Compliance Deadline Looms on State Cybersecurity RegulationCompliance Deadline Looms on State Cybersecurity Regulation
  • Four Cyber Security Exposures Every Corporate Director Must KnowFour Cyber Security Exposures Every Corporate Director Must Know

Filed Under: Board of Directors Tagged With: business leaders, corporate boards, privacy concerns

About Me

Judy Selby Lawyer, Speaker, Writer Read More.

Judy Selby speaks at the WSJ Cybersecurity Small Business Academy conference in California

Contact Me

Fields marked with an * are required

Follow Me Online

  • Google+
  • LinkedIn
  • RSS
  • Twitter

Latest Tweets

Tweets by @judy_selby
Copyright 2017-2019 Judy Selby | Site by Good2bSocial