What practices can companies implement to quickly and efficiently respond to discovery requests that extend to Board information?
Board member data is potentially discoverable, particularly in cases where Board member conduct is at issue or Board members are key players. Hopefully, your company will never encounter a situation where Board member data is the subject of a discovery demand, but advance planning and preparation will help minimize burdens, business disruption and potential privacy concerns in the event Board member data is in the crosshairs.
Some issues to consider as you explore information governance, litigation readiness and the Board:
- Information governance policies. What types of Board related information might be subject to corporate information governance polices? How are these policies and any requirements communicated to the Board?
- BYOD (Bring Your Own Device)- in specific. Do Board members use their own personal devices to receive Board-related information and communicate in connection with that information? If yes, consider whether user guidelines and device registration requirements may be appropriate.
- Commingled information. Have Board members been informed about possible risks of commingling Board information with other business or personal information? Do they understand that if they save or download Board information to personal devices, systems or email accounts, such information or communications might come under scrutiny and be discoverable?
- E-books, Board portals. Does your Board us these? If yes, consider: encryption and security requirements.
- Avoid storing unique information on personal devices or systems. Consider implementing practices to centralize Board information, and to design e-Board books and Board portals so that there is nothing unique on an e-Board book or device that is not on a centralized server.
- Communicate, train, acknowledge and improve. Train Board members on information governance expectations, risks and requirements.