Consumers in the digital marketplace rarely think twice about allowing companies access to their personal information, and the companies that are amassing this data are enjoying the unprecedented business opportunities that such access entails. This exchange of information does, however, come with substantial liability risks; that information can easily fall into the wrong hands. This feature of the e-commerce landscape is causing both consumers and companies to ask: Is privacy dead in the Information Age? To explore this question, NACD Directorship Editor in Chief Judy Warner sat down with former White House Chief Information Officer and founder of consulting company Fortalice Theresa Payton during a Monday evening session at the 2015 NACD Global Board Leaders’ Summit.
In short, privacy isn’t dead, but our concept of privacy is undergoing a transformation. Payton said that as business leaders and consumers, we need to have serious conversations about what the new—and correct—lines of privacy are. “We own some responsibilities as business leaders and government officials,” she said. “Data is hackable and breaches are inevitable. Don’t aid and abet hackers.”
It turns out that companies are inadvertently aiding and abetting hackers. First, some organizations fall victim to their own, outdated view of building cyber defenses: Set up as big a firewall as you can around the company’s data assets; install anti-malware and antivirus software—done. This is a losing defensive strategy; it fails to take into account the mechanics of how and why these major breaches continue to happen.
According to Payton, companies with poor data hygiene are the most susceptible to cyberattacks. When companies kept analog files, they would shred records when storage space was exhausted or when data reached a certain age. In a digital environment, storage space is cheap and seemingly limitless, meaning that data could—and probably will—live on servers for years. As time goes on and a company reorganizes, data is forgotten, creating prime points of entry for hackers. Adopting a data-“shredding” strategy is imperative.
In addition, the tools needed to hack into a system have become both affordable and readily available. Now anyone can be a hacker—and those who have chosen this path grow more adept at their craft every day. Taken altogether, this is a recipe for potential disaster.
Payton outlined best practices for maintaining optimal data hygiene:
Don’t keep all of your data in one place. For data you need to retain, “segment it to save it.” In other words, divide that information among multiple digital locations so that if one location is compromised, a hacker hasn’t gained access to the entirety of the data the company holds.
Create rules around when you no longer need data and set a schedule for “shredding” it.
“Shred” any data that you don’t need. Keep only data related to the attributes of consumer behaviors and get rid of the specifics (e.g., names and social security numbers). Doing so will reduce your risk of being held accountable when a breach happens.
Furthermore, she stressed that directors should be sure to ask certain questions as they work with management to hone the company’s cybersecurity strategies:
Have we identified our top critical assets—those that if held for ransom, lost, or divulged, would destroy us as a company?
Who has access to those assets? How do we grant access?
Have we drilled for a cyber breach disaster?
Do we have a liability plan that will cover the board should critical assets be breached?
The 2015 NACD Global Board Leaders’ Summit officially opened Sunday evening with the bang of drums and the bagpipes of the St. Andrew’s Society of Washington, D.C., a local Scottish heritage association. Their performance was followed by an interactive video experience that challenged the audience to question the borders of the screen. Each of these sensory experiences underlined the theme of the year, Beyond Borders: Leadership Evolved. The opening night keynote speakers–NACD Chair Dr. Reatha Clark King, and philosopher and author, Kwame Anthony Appiah–explored how directors should weather the evolution of the boardroom.
King is a fan of challenges. A seasoned director herself who values the good businesses can do in the world, King centered her message on all the work that boards have done to better the world around us—and the work left to do. “We have been successfully adjusting the trajectory of governance systems and have made improvements, but we still have much to do,” said King. “The board’s agenda gets longer. We offer no encouragement that the agenda will get shorter. Instead we prepare ourselves for the greater demand.”
One of the demands King identified was the need for directors to hold fervently to core beliefs. One among the many she cited was accountability: “I am a student of the word ‘accountability,’ and it looms large in my mind for directors to understand and embrace it.” King asked the audience to also embrace leadership in challenging times in spite of the many chances to falter. Among the recommended ways to lead with strength through governance challenges were the concepts of embracing broader perspectives, finding the courage to do what’s right, and to be brave enough to change if needed.
King’s suggestions for leadership to the audience of more than 1,200 were strengthened by Kwame Anthony Appiah’s discussion on honor. Appiah is author of The Honor Code, a best-selling book that examines four points in history where honor outweighed other forces to catalyze social change for the greater good. Appiah distilled his observations on honor into applications for the boardroom and professional practice as a whole.
At the core of his message was that honor will trump money, regulation, and even the coercion of law to guide a person’s moral compass and that only honor holds up in the face of the greatest ethical challenges that inevitably arise.
The final session of the Diversity Symposium at NACD’s 2015 Global Board Leaders’ Summit focused on the Report of the NACD Blue Ribbon Commission on the Diverse Board and how directors can implement recommendations from that report in their own boardrooms. Kapila Kapur Anand, a partner at KPMG LLP and the firm’s national partner-in-charge of Public Policy Business Initiatives, led the discussion with panelists that included Anthony K. Anderson, retired Ernst & Young LLP vice chair, executive board member, and Midwest and Pacific Southwest managing partner; The Hon. Cari M. Dominguez, a director at ManpowerGroup, Triple-S Management, Calvert SAGE Fund, and NACD; and Karen B. Greenbaum, president and CEO of the Association of Executive Search Consultants.
As the Blue Ribbon Commission that produced this groundbreaking 2012 report observed:
[A] company’s ability to remain competitive will rely on its understanding of global markets, changing demographics, and customer expectations. Diversity is a business imperative, not just a social issue. The new business landscape will require boards to cast a wider net to find the very best talent available. As a natural corollary, the board’s mix of gender, ethnicity, and experiences will likely increase.
Dominguez noted that structural, social, and habitual barriers may prevent boards from becoming more diverse, and she offered this key advice: Don’t rely solely on the company’s CEO to lead this conversation. It’s the responsibility of every director to move the discussion forward.
So why aren’t boards as diverse as they could be? Greenbaum addressed this question by referring to data she collected via a survey of both boards and search firms. Her findings surfaced five issues:
Candidate pool. Boards contended that it was difficult to find diverse candidates. Horn countered this claim by asserting that a failure to find qualified candidates is more a function of boards not searching correctly. Boards should demand that search firms provide a diverse list of candidates. Conversely, search firms take their cue from boards and expect them to be vocal about the importance of having a diverse candidate pool.
Term limits. A lack of term limits results in a situation in which boards cannot be routinely refreshed with new directors. If term limits are restricting opportunities to bring on new talent, consider expanding the board.
Experience: Boards resist adding members who are not current CEOs or CFOs. Boards need to be open to first-timers and should develop strong mentoring programs to bring newly minted directors into the fold.
Succession planning: Build a pipeline of diverse talent in your own company so that these leaders can serve not only in your boardroom but also in those of other organizations.
Status quo. Boards can become complacent about how they operate, especially when they feel no pressure from shareholders or other stakeholders to change.
“All of us must be conscious that this is a leadership issue,” Anderson said. “If the leadership of a company doesn’t believe in diversity initiatives, the ability to make much happen is grossly inhibited.” Companies with a diversity strategy that touches on leadership, employment, and procurement are reinforcing the importance of diversity as part of company culture, Anderson added..
Creating change takes time, effort, and formal processes. Putting diversity on the agenda may require a shift in thinking and habits, but, as all of the panelists agreed, diversity is a business imperative that will only grow in importance over the coming years.