fbpx
(709) 753-9935 [email protected]

Electronic data: Board versus Management Responsibilities

Dec 22, 2011 | Executive Leadership and Board Governance

Introduction

Privacy is an issue which is addressed in different ways in various jurisdictions. Freedom of information and protection of privacy concerns influence the actions of boards and organizations.

Fear can cripple a board and the actions of managers. Thus, it is essential for boards to know that they have taken the actions needed, and that the CEO is accepting his responsibilities by implementing sound management policies and ensuring employees are practicing within the stated limits.

 

Policy Development - GDP Consulting - Brenda Kelleher-FlightAre Policies Required

Yes, policies are required.

Usually, the board will assign the responsibility for electronic data to CEO and only develop governance policies which apply to the board itself. There are cases, however, where a board is mandated, in legislation, to set the parameters around topics such as timelines for record retention.

Board responsibilities

The board

  1. Implements measurable policies which influence board member activity (request to access records/reports, use of social media such as Facebook, Twitter, or Linkedin to gather information, or to communicate with stakeholders, other board members, or employees)
  2. Ensures the CEO has effective management policies and procedures which specify what it means to be in compliance with its policies
  3. Has a mechanism to ensure the board is notified of major risks immediately
  4. Approves the budget to ensure the CEO can purchase and maintain the tools necessary to maintain, share and protect information
  5. Has a regular schedule for the CEO to submit reports which indicate whether management took all the necessary steps to ensure compliance with the governance policies.

 

CEO responsibilities

Areas which are considered by the CEO when writing management policies regarding electronic data include:

  1. Accessing organizational services using personal devices
  2. Client/ Customer/Patient /Student/ Data
  3. Electronic Records (access, retention, destruction)
  4. E-Mail (ownership, access, retention, destruction)
  5. Employee Records (personal and personnel)
  6. Incident Reports and Response
  7. Intellectual Property (ownership, use of, protection of)
  8. Mobile Devices (use of, ownership, return of, limitations)
  9. Paper Records Retention and Destruction (who, what, where, when and methods to transfer paper data to electronic sources)
  10. Password Control/Changing
  11. Physical Security
  12. Portable Storage Devices
  13. Remote Access
  14. Respect for Human Rights and all relevant Laws
  15. Social Media (use of, monitoring of, posting to, use to communicate important information or gather data)
  16. Use of third party providers to gather data or glean information
  17. Use of personal devices for professional business

This list is designed to assist board members as they discuss the issue of data at the board table and support the role of the CEO,

Facebooktwitterlinkedin