Cyberspace Data Protection and Privacy Laws
In general, corporate directors and officers have a fiduciary duty (a legal obligation to act in the best interest of the corporation) to their organization. In light of expanding cyber networks, and the added security issues that come from such broad access to information through the Internet, corporate officers and directors now have a responsibility to protect corporate data. However, efforts to protect a corporation and its data, may also lead to potential problems concerning privacy laws. Are you a corporate officer or director? If so, you may be liable under data protection standards and privacy laws. Therefore, we recommend that you speak with an experienced attorney who can explain the recent laws and guidelines in cybersecurity and how these developments may affect you and your organization.
Under California Corporations Code § 309(a), a corporate director must perform his or her duties "in good faith," so that it is in the best interest of the corporation. Additionally, the corporate officer must exercise "reasonable inquiry" in any decision making procedures. In Baca v. Crown, the Arizona District Court held that corporations have a duty to implement some "reporting or information system or control" to ensure that directors are informed of "risks or problems requiring their attention." This standard extended a duty to be informed outside of a corporation's IT department to the corporation's directors and officers. Federal legislation, such as the Sarbanes-Oxley Act, coupled with activist shareholders and the "Say-On-Pay" standard have shifted the burden of responsibility to corporate management. As such, corporate officers have a duty to secure corporate data, and a duty to protect that data from external intrusion and infringement.
In fact, California has over 60 state laws, which address data privacy and data protection. This phenomenon can cause a substantial burden on business administration. These laws apply to various industries such as the automobile, financial, and insurance industries. They also include privacy and data protection standards for all companies. These added restrictions may lead to productivity loss as corporations struggle to abide by the applicable standards. Accordingly, these added standards will increase the cost of doing business. In the event that a corporation loses stored data as a result of hacking or infrastructure corruption, the corporation may have to spend significant funds to restore its infrastructure, notify its customers, and restore its reputation.
At our law firm, we guide our clients by using extensive knowledge and skills in business litigation, business transactions, and the latest cybersecurity laws to create innovative solutions. You may contact us at your earliest convenience for a consultation.