The seemingly simple obligation to keep confidential information from becoming public is a growing concern for businesses and their customers. Businesses collect and store ever-increasing amounts of data regarding customers, suppliers, employees and products. The collection of this information is quiet, but security failures are announced loudly, with news headlines and lawsuits.
Because of the potentially devastating consequences that security failures can have for a business, the entire enterprise must make a commitment towards effective data protection and must make itself knowledgeable about the risks and values in its information resources. Data protection has strategic importance to the modern enterprise and cannot be left for the information technology professionals alone. A board of directors must have the knowledge and structure necessary to ask the right questions, provide appropriate guidance, and establish effective oversight.
At Foley’s sixth annual National Directors Institute on March 8, 2007 in Chicago, “Board Oversight of Data Privacy and Security” was a featured breakout session. The panel was moderated by Mark Foley, partner, Foley & Lardner LLP, and included Patrick Donnelly, managing director, Aon Corporation’s Financial Services Group; Joe Boucher, partner and founding shareholder, Neider & Boucher, S.C.; and Rick Siebenaler, principal, Deloitte & Touche LLP and former Chief Scientist for the National Computer Security Center.