CANDIDATES
Candidate Toolkit |
THE BOARDSPAN LIBRARY
The Boardspan staff reviews and selects the most informative articles from business news sources, including:





We categorize articles to make them easier for you to find.
- Exec. evaluation & comp
- Critical information about evaluating and compensating the executive team.
Corporate Data Privacy: Time To Grow Up

Eavesdrop on company conversations anywhere from a meeting with the audit committee to front-line managers at the proverbial water cooler, and you will realize that data privacy has risen to the top of business agendas.
Given 43% of companies know they experienced a data breach in the past year, in-house lawyers and others who handle privacy dealings are under pressure to safeguard their companies from angry customers, investors, lawmakers, and suppliers.
Since breaches are hard to uncover, it’s safe to say that the other 57% of companies can’t be certain they haven’t experienced a data breach. And with 2014‘s headlines acting as a reliable guide to next year’s, in the face of a confused corporate response it’s likely those breaches (and headlines) will keep coming.
Maturity Required
One bright light among the doom and gloom, however, is that the severity and velocity of the risks will hopefully be enough to convince corporate privacy programs to mature.
This is a good thing, as there’s a lot of maturing to do. While the emerging data privacy function is hard-working, it is in need of resources, clarity, and leadership.
Most privacy programs have little structure and an ad hoc approach to allocating resources. For instance, 75% of companies that employ a dedicated head of privacy do not have a privacy budget, and tend to throw money reactively at each isolated issue that arises.
When CEB looked at who owned privacy activities across numerous companies, up to 11 different departments were listed as primary owners for each activity among the respondents. How can this be?
This is not a sign of a mature corporate function. When a company experiences established legal issues (a good proxy for the type of issues a data privacy function would handle) ownership isn’t spread out among a half-dozen or more departments. But alarmingly for privacy, every activity seems to be up for grabs.
In certain cases it can make sense for business issues to be co-owned, but this type of approach leads to zero accountability. Companies can only survive this way for so long because eventually there will be a compliance failure that forces the organization to mature once and for all.
It’s not surprising to learn that the majority (75%) of chief privacy officers (CPOs) are unsatisfied or doubtful about their programs.
One cause for optimism though is the sizeable surge of progressive companies committed to implementing privacy infrastructure: clear roles and responsibilities, pronounced budgets, established org structures, improved training, and privacy principles embedded in workflows and product design.
A Data Privacy Agenda for 2015
But there are further challenges ahead. CEB sees four issues that will make managing a firm’s data privacy program hard work in 2015 and beyond.
Growth of “business-led IT”: Decision-making and spending on technology is distributed across business units more now than ever before. This means IT systems are often hosted by vendors. Third-parties are a notorious cause of privacy breaches, but most companies have a limited understanding of the privacy implications.
Constantly evolving threats: Over two-thirds (69%) of executives surveyed believe their companies can’t keep up with the increasing pace and sophistication of cyber-attacks. The effort required to keep up with these changing threats prevents many companies from maturing their privacy programs.
Increase in the strategic value of information: The need to use customer and other sensitive data to establish and sustain any kind of competitive advantage (or market niche) grows every year, and will continue to do so.
Changing employee workflow: Employees access data, collaborate on tasks, and share information in more ways than ever before. This pushes sensitive data into places where it’s hard for even mature privacy programs to safeguard.
While these issues will persist for years to come, CEB research shows leading privacy programs find solutions. Leading privacy teams consistently take the following actions:
- Integrate privacy into product development
- Create easy to find and apply privacy policies
- Build and monitor a privacy-conscious company culture
- Clearly assign regulatory tracking and update responsibilities
- Collaborate with others to create a holistic IT strategy
- Create and rehearse a privacy breach-response protocol
- Design a third-party privacy diligence and monitoring regime
- Measure the privacy program’s effectiveness
The complete list is much longer; however the only way to get out of the current “crisis mode” is to build a system that prevents issues and handles the ones that arise effectively.
Republished with permission from CEB Global Blogs. For more, visit CEBGlobal.com.
MORE ARTICLES
Refreshing Your Board of Directors
Patrick R. Dailey, Ph.D. and Joel M. KoblentzMore Female Board Directors Add Up to Improved Sustainability Performance
U.C. Berkeley, Haas School StaffBoard Governance Depends On Where You Sit
William GeorgeBattle For the Boardroom
Ludo Van der Heyden and Chris HowellsNight of the Living Board
Matt PalmquistThe "Third Team" Approach to Board Effectiveness
Denis Mowbray and Coral Ingley (both from Auckland University of Technology)Tapping The Strategic Potential of Boards
Chinta Bhagat, Martin Hirt, and Conor KehoeLean Strategy Not Just For Start-Ups
Carmen NobelInvolving the Board in Strategic Planning
Jean-Daniel BrissonBest Practices: Non Profit Governance
McDermott Will & EmeryValue-Focused Corporate Governance
Christian Orglmeister, Marcos Aguiar, and Daniel AzevedoTen Key Dimensions of Effective CEO Succession
Thomas J. SaporitoThe Trouble With Too Much Board Oversight
Olubunmi Faleye, Rani Hoitash and Udi HoitashPurpose, Vision, Mission, Values
Graham KennyRunning More Effective Board Meetings
Mark SusterA More Effective Board of Directors
Ana DutraCulture & Business Performance: What’s the relationship?
Method Frameworks StaffCorporate Culture, Not Lip Service, Counts
Luigi Guiso, Paola Sapienza and Luigi ZingalesBuilding a Forward-looking Board
Christian Casal and Christian CasparWhen Best Practice Isn't Enough
Simon C. Y. WongCollaborate Better
Leigh ThompsonThree Critical Talent Conversations For Every Board of Directors
Jean Martin and Michael GriffinOutgoing CEOs Shouldn't Pick Their Replacements
David F. Larcker, Stephen A. Miles, and Brian TayanFive Things Every CEO Must Do in the Next Era of Globalization
Hans-Paul Bürkner, Arindam Bhattacharya, and Jorge BecerraWhy Directors Should Thank Dodd & Frank
Eleanor BloxhamD&O Liability Insurance: An Overview
Priya Cherian HuskinsBest Practices in Compliance
Stefanie MoscaWhy Every Company Needs a Board of Directors
Brian HamiltonWhy Leadership Isn't Just For Leaders
Sally Helgesen10 Principles of Leading Change Management
DeAnne Aguire and Micah AlpernThe Double-Edged Sword of CEO Activism
David F. Larcker, Stephen A. Miles, Brian Tayan, and Kim Wright-ViolichDecoding Leadership: What Really Matters
Claudio Feser, Fernanda Mayol, and Ramesh SrinivasanThe Buck Stops and Starts at the Top
Cathy L. Reese, John Michael Farrell & Jose SierraBeware Financial Mishaps at Nonprofits
Kate Barr4 Ideas for Improving Effectiveness & Reducing Risk
Stuart M. AltmanHow to Talk to Your Board About Risk
Mary DriscollThe Economic Case for Soaring CEO Pay
Anup SrivastavaSurviving the Sophomore Slump: Moves That Matter The Most
Roselinde Torres, Judy Johnson, James M. Citrin, and Susan S. HartLeapfrog Succession: Trend in Appointing CEOs
Roselinde Torres, Gerry Hansell, Kaye Foster, and David BaronCan Cutting CEO Pay Help a Faltering Company Rebound?
Emily AyshfordWhy Clawback Provisions Are a Must: Present and Future Risks in Financial Services
Brian Jebb and Sarah HenchozWhy Senior Leaders Are On The Front Line Against Cyberattacks
Tucker Bailey, James Kaplan, and Chris RezekCorporate Data Privacy: Time To Grow Up
Dan CurrellAre You In the Dark about Shadow IT?
Ryan Shadle and Brian TurleyCorporate Governance in the Age of Cyber Risks
In collaboration with RANE (Risk Assistance Network and Exchange)Planning Ahead – The Board’s Role in Crisis Management
M. Hill Jeffries, Kyle G. Healy, Marshall M. ChalmersHiring For Cultural Fit At The Top
Eric J. McNultyAgitators and Reformers: How to Respond to Activist Investors
Josh Hinkel, Henrik Poppe, Martin Toner and Chuck WhittenAudit: Radical Change on the Horizon?
Stephen DavisYour library is currently empty. Browse the Boardspan Library to get started.