Director FAQ - The Board's Role In Data Privacy Oversight

As companies collect more data from employees and customers, they have a corresponding increase in responsibility for protecting that body of data from unauthorized use. This memo reviews key issues and regulatory developments surrounding data privacy in the digital age, board oversight of company data privacy policies and programs, and additional resources on these topics.

The Board’s Role in Data Privacy Oversight

Q:How can directors effectively oversee the increasingly complex area of data privacy risk?

A:This memo covers board oversight of data privacy risk in the following sections:

1. Data privacy in the digital age: key challenges and regulatory developments

2. Board oversight of data privacy

3. Guidance and resources for data privacy oversight

1. Data privacy in the digital age: key challenges and regulatory developments

Defining “Data Privacy”

The digitalization of the global economy has created both opportunities and risks for businesses when it comes to proper use of data. Technology advances enable companies to instantaneously collect and analyze massive amounts of data about customers and employees, which has both benefits and drawbacks. On the one hand, the effective collection, storage, and analysis of personal data improves companies’ ability to develop and deliver targeted products and services to customers, while also recruiting, retaining, and rewarding the right employees. However, this use of sensitive personal data can undermine the privacy of the individuals involved. Given this potential for real friction between the business use of big data and the resulting privacy concerns from collecting that data, boards must ensure that management maintains the appropriate balance in this domain.

The focus on the board’s compensation committee has never been sharper. The components of compensation plans and the link between compensation and company performance are under intense scrutiny from shareholders, employees, policymakers, the media, and other stakeholders. The Report of the NACD Blue Ribbon Commission on the Compensation Committee revisits NACD’s 2003 Report of the NACD Blue Ribbon Commission on Executive Compensation to highlight the new environment in which compensation committees—and, more broadly, boards—are now operating. It recommends that the compensation committee and board work together to establish an executive compensation philosophy that supports the company in creating long-term, sustainable value.

The report includes ten specific recommendations for compensation committees to consider when evaluating their compensation philosophies. It also provides practical tools, such as sample compensation committee charters, a compensation committee assessment, and guidance on executive employment contracts.