News & Resources

Publications & Media

“Officers and boards have key roles in protecting companies — Part 1”

Safe and Sound By Margaret Utterback

To say that data privacy and concern over cyber breaches is important for any company functioning within the global economy is an understatement.

For years IT departments have been working hard to keep their companies’ data safe, and, until recently, that responsibility was primarily theirs and theirs alone. But in this new world of “big data” and the increasing threats of cyber attacks, companies’ C-suite—including the CEO, general counsel, compliance officers and audit executives—have begun making data privacy a part of their everyday work. And just as company executives must prioritize cyber-security, so must their boards of directors as they consider the strategy for protecting their companies.

Quarles & Brady recently hosted an event in our Chicago office to discuss the responsibilities associated with cyber-security that fall on officers and the board. During “Counseling Your Board of Directors and Officers on Cyber Security and Data Breach Risks,” Drew Olson, Consulting Director at BDO, and Quarles & Brady offered advice for GCs tasked with ensuring their companies’ officers and boards are well-informed of their responsibilities in this growing concern.

Over the next few Safe & Sound blog posts, we will discuss some of the event’s highlights and share insights for keeping your officers and boards informed of their responsibilities.

First, board members must understand core functions for privacy and security governance—and that involves five important steps:

  1. The board must identify key assets and information, as well as risks and responsibilities.
  2. It also must oversee control procedures and safeguards that limit or contain adverse events.
  3. The board must implement appropriate controls to detect data breaches and other anomalies or events.
  4. It also must deploy a robust response plan for privacy and security breaches—one which should take into consideration both the regulatory and public relations side.
  5. Finally, the board must also ensure the company will not only recover from adverse events, but also build resilience to these types of threats.

Officers and boards must truly understand their role in protecting their companies from cyber threats and attacks. That understanding is the first, and often most critical, step in safeguarding data.

Check back next week when we discuss the top 10 data governance questions boards must consider.