Privacy and the Board – Responsibilities and Liabilities

It is more important than ever for organizations to have appropriate privacy compliance programs in place to mitigate significant privacy related risks.

Given their statutory and fiduciary duties, the directors of an organization’s board have a unique responsibility and legal duty to ensure their organization has appropriate privacy compliance programs in place to mitigate these risks. In particular, an organization’s board of directors is responsible for managing the business affairs of the organization and directors are required to act honestly and in good faith with a view to the best interests of the organization and to exercise the care, diligence and skill of a reasonable person in comparable circumstances.

When it comes to privacy, this means that directors are responsible for ensuring that the organization is compliant with privacy laws and takes appropriate steps to mitigate privacy and related risks (including cybersecurity).

An organization’s failure to have appropriate privacy compliance programs in place can result in significant financial and reputational consequences. Directors may also be held personally liable in cases where they do not provide appropriate oversight to mitigate the risks of these consequences.

The following are some recent examples that illustrate the significant potential consequences for organizations and requirements for directors relating to privacy:

Directors can manage their responsibilities and mitigate their liabilities by taking certain key steps and ensuring that appropriate privacy compliance programs are in place. It is thus critical for directors to be properly trained and informed on the requirements of privacy laws. We regularly provide privacy compliance training for directors and offer a number of fixed-price solutions for organizations with respect to their privacy compliance programs. Please contact us for more information.

Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.