EY released its latest Viewpoints publications that capture the perspectives of a group of leading audit committee chairs (Audit Committee Leadership Network or ACLN) on board data privacy and compliance oversight from a March 2019 meeting.
- Data Privacy & Security Management and Oversight - "Board oversight of privacy" provides insights on how companies and boards are responding to the increasing regulatory, reputational, and ethical challenges and expectations associated with data security and privacy.
Organizationally, company practices vary as to which member of management is in charge of data privacy - ranging from standalone Chief Privacy Officers to charging other executives like the CFO, CLO or CCO with that responsibility. However led, meeting participants identified cross-functional and divisional involvement and coordination among business units (which could take the form of a data council, for example) as critical to supporting the company's efforts. Board oversight commonly involves the full board as well as multiple committees, e.g., Audit, Compliance & Risk, Public Policy, with the frequency and scope of discussions about privacy issues varying widely among boards/committees.
The report includes a list of questions for boards to ask management about privacy, and discussion questions for audit committees.
- Compliance Function Management & Board Oversight - Among the key takeaways from "Board Oversight of Compliance" is that the Board's compliance oversight should encompass an understanding of the Compliance function's organization, operations, and practices - not just the specific matters periodically reported by management to the Board/Board committee. Also thoughtworthy are the different views expressed by ACLN members on the upsides/downsides of a standalone board Compliance Committee.
The report includes discussion questions audit committee members may use to probe their level and scope of awareness of how the company's Compliance function operates, as well as a number of insights for Compliance function management.
Access additional information & resources on our Cybersecurity/Data Privacy, Compliance & Ethics and Audit Committees pages. This post first appeared in the weekly Society Alert!