The Background: Technology has transformed the way that directors receive and review information and communicate with each other and with management.
The Issues: Although many modern board practices are more secure and efficient than those of decades past, directors must recognize and protect against the risks posed by board service in the digital age.
The Outcome: We encourage companies to communicate clear policies for the use of board portals and other technology by directors, as well as the importance of following company policies relating to communications and document retention. While sometimes considered ministerial, these topics are in fact critical aspects of risk management.
For many corporate boards, the summer months provide a brief governance respite between the proxy season and the demands of the fall board meetings. Many companies use this time for director "onboarding"—providing orientation and training for newly elected directors—and updates to incumbent directors. Director orientation programs typically cover the company's history, industry, management, and other key aspects of its business and strategy.
While these topics are essential, companies should not overlook the opportunity to educate all directors, regardless of their tenure, about key policies for information management, security, and communications. These topics are sometimes treated as mere "corporate housekeeping," but their importance in the digital era—when inadvertent missteps can have highly embarrassing consequences, at the very least—cannot be overstated.
Although the pros and cons of board portals can be debated, they are here to stay. Of course, board portals are not perfect systems. The intrinsic risks of these systems cannot be eliminated completely, but their security features are ever improving, and in any event are far superior than delivery by paper envelope. Moreover, a director whose email account is hacked is easily blamed for any resulting damage, while the use of a board portal insulates individual directors from individual finger-pointing.
Some directors may be hesitant to give up their board books, but company-issued and mandated iPads or other devices may soften that loss, as long as directors have access to effective support on a real-time basis as needed.
Finally, we advise that companies not distribute any paper copies of meeting pre-reads, as a rule and without exception. Board portals reduce the risk that paper copies of sensitive board materials end up in the wrong hands.
Even when board portals are used as the sole information access point for directors, however, companies and their directors should align on clear and consistent policies for document retention. Most importantly, corporate recordkeeping is for management, not the board. The corporate secretary should, of course, keep an electronic copy of every presentation, document, or other paper sent or presented to the board or any committee in an official file.
Corporate secretaries can facilitate this document retention policy by collecting all copies of materials furnished to directors at board or committee meetings as the directors exit the boardroom.
Board portals also provide a secure and convenient email platform for director communications with management and other board members. Directors, like all other company representatives, should be reminded of good-sense guidelines for electronic communications, especially email, that may be sensitive in substance or tone or intended to be private. Email is not the proper venue for director debates with management or each other, and directors should provide substantive comments by phone, not by email.
In addition, directors should never use personal email accounts or devices for board business. Although most directors are cautioned to use only company email accounts and devices for company business, few may fully appreciate the potential consequences for failing to do so. Directors who use their personal email accounts or devices for board communications risk not only the security of confidential corporate information but also their own privacy; personal accounts and computers may be searched in the event of litigation or an investigation.
In addition, directors may have a duty to preserve electronic information that is relevant to pending or anticipated litigation. If a judge or jury finds that directors destroyed documents or deleted emails or other information, even from their personal accounts, the judge or jury may infer that the content of those deleted items would have been unfavorable to the directors or to the company.
The No's of Note-Taking
Directors must also be aware of guidelines for note-taking. Almost all information recorded during a board meeting may be subject to discovery in the event of litigation or an investigation—including directors' notes. If they wish, directors should be permitted to take notes on the board portal or by hand. They should understand, however, that notes should be taken only to facilitate the director's review of materials and remind her to ask questions—not to memorialize discussions. Further, directors should be required to deliver all notes to the corporate secretary at the end of each board or committee meeting, and the secretary should erase all electronic notes from the board portal on a regular basis.
More importantly, however, corporate minutes are part of the permanent corporate record. Minutes should demonstrate that the meeting was properly called and that a quorum was present, and they should note the directors and other individuals who participated—including lawyers, in order to establish attorney-client privilege where appropriate.
The board practices of the modern era are dramatically different from those of the pre-internet age. Directors and companies should embrace board portals and other new and more secure technologies, but they must be aware of the risks of the digital environment. These matters are not merely clerical or housekeeping issues—they are critical risk-management practices.