Director FAQ - The Board's Role In Data Privacy Oversight

As companies collect more data from employees and customers, they have a corresponding increase in responsibility for protecting that body of data from unauthorized use. This memo reviews key issues and regulatory developments surrounding data privacy in the digital age, board oversight of company data privacy policies and programs, and additional resources on these topics.

The Board’s Role in Data Privacy Oversight

Q:How can directors effectively oversee the increasingly complex area of data privacy risk?

A:This memo covers board oversight of data privacy risk in the following sections:

1. Data privacy in the digital age: key challenges and regulatory developments

2. Board oversight of data privacy

3. Guidance and resources for data privacy oversight

1. Data privacy in the digital age: key challenges and regulatory developments

Defining “Data Privacy”

The digitalization of the global economy has created both opportunities and risks for businesses when it comes to proper use of data. Technology advances enable companies to instantaneously collect and analyze massive amounts of data about customers and employees, which has both benefits and drawbacks. On the one hand, the effective collection, storage, and analysis of personal data improves companies’ ability to develop and deliver targeted products and services to customers, while also recruiting, retaining, and rewarding the right employees. However, this use of sensitive personal data can undermine the privacy of the individuals involved. Given this potential for real friction between the business use of big data and the resulting privacy concerns from collecting that data, boards must ensure that management maintains the appropriate balance in this domain.