14 September 20232 minute read

Putting governance and risk in context and reducing personal liability for the cyber and privacy professional

A white paper

Privacy is an important issue on any number of fronts, including for companies, and may be an issue for board oversight. This white paper explores the core problem facing cyber and privacy professionals, as well as boards: cybersecurity, data/privacy, artificial intelligence (AI), and other technology issues are now material issues for many companies. The application of non-privacy and security-based laws to privacy and security professionals changes how these professionals do their jobs, as well as their own personal liability.

In this white paper, we explore the ever-changing laws and regulations that keep shifting the compliance landscape for privacy and security professionals – looking at factors ranging from the new SEC cybersecurity rules to the requirements of Delaware law. Privacy and cyber professionals will need to learn the language of the board, the SEC, and Delaware law because gaps in language can lead to gaps in communication and understanding.

These pressures also require that we try and align our language to that of a company’s board and senior leadership, meaning it is essential to do more than just focus on “compliance.” This white paper identifies why we need to make these and other changes to what we currently do. In other words, controls are part of a governance program, but merely having controls is not governance, at least under Delaware law, and likely also under the SEC’s expectations for governance disclosures. 

And not making these changes and ignoring the requirements of the SEC and Delaware corporate law can come at a heavy price.

Download the white paper

To find out more about the topics covered in this report, please contact any of us:

Era Anagnosti
Ronald N. Brown
Hayley R. Curry
Eric Forni
Larry W. Nishnick
Chelsea Rissmiller
Andrew Serwin
Danny Tobey
Jon Venick
John Gevertz

Print