On April 28, 2021, Federal Trade Commission (“FTC”) staff published a blog post entitled “Corporate boards: don’t underestimate your role in data security oversight.” While data security threats are not new, the FTC states that it is “essential for corporate boards to do what they can to ensure that consumer and employee data is protected.” The FTC’s post also notes that in the first half of 2020, over 36 billion online records were exposed.
The FTC further provides five “common-sense recommendations” for boards:
1. Ensure that data security is a priority. “[D]ata security begins with the Board of Directors, not the IT Department.” As such, the FTC recommends that directors prioritize data security through board-level oversight and regular security briefings.
2. Recognize the specific cybersecurity risks and challenges faced by your company. Although the day-to-day management of a company’s cybersecurity operations may not lie with the board, directors should understand the challenges faced by their company and “set priorities and allocate the resources necessary to ensure effective security.”
3. Legal compliance does not equal security. According to the FTC, “compliance doesn’t necessarily translate into good security.” A company’s data security program should not be geared towards simply meeting compliance obligations.
4. Prevention should not be the only goal. Directors must realize that “no data security program is perfect and no program can guarantee that a company will be protected from attack or a data breach.” As such, company directors should implement policies that not only seek to prevent data security incidents, but also provide effective response in the event of a security incident.
5. Address and learn from mistakes. Should a data security incident occur, directors should use the event to learn and improve the company’s data security program. Also, “learning from other companies’ mistakes can be just as valuable.”
Data security should be a top concern of directors. As threats continue to evolve, directors must be prepared to respond and recognize that their board serves an essential role in data security.
About Faruqi & Faruqi, LLP
Faruqi & Faruqi, LLP focuses on complex civil litigation, including securities, antitrust, wage and hour, personal injury and consumer class actions as well as shareholder derivative and merger and transactional litigation. The firm is headquartered in New York, and maintains offices in California, Delaware, Georgia and Pennsylvania.
Since its founding in 1995, Faruqi & Faruqi, LLP has served as lead or co-lead counsel in numerous high-profile cases which ultimately provided significant recoveries to investors, direct purchasers, consumers and employees.
To schedule a free consultation with our attorneys and to learn more about your legal rights, call our offices today at (877) 247-4292 or (212) 983-9330.
About Christopher M. Lash
Christopher M. Lash's practice is focused on shareholder derivative and securities litigation. Chris is an Associate in the firm's Pennsylvania office.
Christopher M. Lash
Associate at Faruqi & Faruqi, LLP
Tel: (215) 277-5770
Fax: (215) 277-5771