Cyber security is a topic that should be discussed at board level. Board members have to actively ask strategic questions, such as: Do we have an incident response and crisis management plan? Do we encourage the bring-your-own-device trend? Do we forbid the access to personal webmail or web storage sites on office computers? Are we using cloud computing service providers, and if so, what did we do to determine that they are reliable and well-respected in the market? If board members don’t ask thoughtful questions and stay actively involved on this critical issue, they run the risk of becoming personally liable. 

To handle data in a globalized world is challenging, and we highly recommend that companies are proactive, have a strategy and take reasonable steps to protect themselves, by inter alia conducting a risk assessment of your business. This includes reviewing your technical infrastructure and familiarize yourself with your legal risks. Navigating data is an issue that needs board attention. everything from IP protections to your obligations under data privacy and employment law. Directors may be personally liable. So you want to be prepared.