“Officers, boards maintain roles in protecting companies — Part 2”
Safe and Sound 02/09/15 By Margaret Utterback
On Jan. 28, we celebrated Data Privacy Day (DPD)—an international effort centered on “Respecting Privacy, Safeguarding Date and Enabling Trust.” And it’s in the spirit of DPD that we continue the discussion around executives and boards of director alike prioritizing cyber-security within their companies.
During our recent event, “Counseling Your Board of Directors and Officers on Cyber Security and Data Breach Risks,” we offered advice for legal department leaders who are challenged with ensuring their companies’ officers and boards stay up to date on their obligations with regard to data privacy. In last week’s post, we explored the five steps officers and board members must take to understand the core functions for privacy and security governance.
In gaining that understanding, officers and board members must consider these important data governance questions:
- What information does the company own that may be valuable to hackers?
- What company information and systems should be most highly safeguarded?
- Are the company’s existing safeguards in line with emerging best practices in data security?
- Do critical risks receive appropriate attention and oversight from management and directors?
- Does the company have an effective response plan and response team who has clear responsibilities and authority?
- Is there a current data breach communication plan in place?
- Do the company’s past public statements accurately reflect its past experiences and its anticipated risks, safeguards and controls?
- Does it limit its data privacy and security promises only to the best practices it can satisfy?
- Is the company monitoring and coordinating with third-party vendors about their own data privacy best practices?
- Does the company have appropriate resources in place to protect it from potential future breaches?
While there is undoubtedly much more to consider, these questions should rise to the top of any officer or board members’ list in their efforts to safeguard their companies from data breaches.
Check back next week when we discuss the financial implications companies experience as a result of a data breach.