Apple Shareholders Request Information From Board on Privacy/Security Risk

Advertisement

The National Law Review recently published an article, Apple Shareholders Request Information From Board on Privacy/Security Risk, by Amy Malone of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.:

Advertisement

 

This week, Apple shareholders requested that its Board of Directors publish a report explaining how the board oversees privacy and data security risks.  The proposal, which is available here, was prompted by concern that recent issues such as the unauthorized access to iPhone users’ address books and the release of one million Unique Device IDs could place the company’s growth opportunities at risk.

The shareholder proposal references a recent study conducted by Carnegie Mellon University’s Cylab that made various recommendations to boards including, annual reviews of privacy and security programs to gage effectiveness and identify gaps and requiring regular privacy and security reports from management.   The interest in privacy and security as risk management issues at both the shareholder and board level is increasing. A recent study conducted by Corporate Board Member & FTI Consulting, Inc. surveyed 11,340 corporate directors and 1,957 general counsel regarding legal risks on their radar.  For the first time in the 12 years since the study has been conducted, data security was noted as the most prevalent concern among both directors (48 percent) and general counsel (55 percent). This level of concern has almost doubled in the last four years. For instance, in 2008, only 25 percent of directors and 23 percent of general counsel identified data security as an area of great concern.  Moreover, 33 percent of general counsel surveyed believe their board is not effective at managing cyber risk. This is one of the lowest ratings among the 13 risk management areas surveyed.

Advertisement

When asked whether their company had a plan in place to manage a data breach should one occur, only 42 percent of directors said their company had a formal Incident Response Plan. Twenty-seven percent responded that their company had no such plan and 31 percent were uncertain.  Despite acknowledging such unpreparedness, 77 percent of directors and general counsel still believe their company is prepared to handle a data breach. There is a serious concern, however, given the disconnect between having written response plans and the perception of preparedness.   Apple shareholders are recognizing that disconnect and apparently want to ensure that its Board has adequately addressed it.  The proposal will be voted on at Apple’s 2013 Annual Meeting.

Advertisement

©1994-2012 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

Published by

National Law Forum

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.