According to an article in the Minneapolis Star Tribune (05/29/14), a proxy advisor – Institutional Shareholder Services (ISS) – has recommended that seven of ten Target board members should not be re-elected at the retailer’s annual meeting next month on the basis that those directors failed to protect the company against a massive data breach that occurred last December. The recommendation to shareholders comes five months after Target disclosed its data breaches on December 19, 2013 that reportedly compromised nearly 40 million credit and debit card accounts between November and December 2013.
According to the Tribune, ISS alleges that Target board members who served on the company’s audit and corporate responsibility committees should be removed from their positions because risk assessment and oversight of reputational risk were within the scope of their responsibilities. The Tribune reports that ISS said the members of those committees should have been aware of and more closely monitored the risk of theft of sensitive information. Earlier this month, Target announced that Greg Steinhafel had agreed to step down as the Chairman, President, and CEO of the company as result of the data breach incident. Target is reportedly also looking for a new security officer and compliance officer.
The continuing fallout at Target is yet another reminder that businesses need to take information privacy and data security seriously, and that failure to do so can be extremely costly to companies and those that lead them.
Brian Champion, of Libby O’Brien Kingsley & Champion, LLC, will be one of two presenters at the upcoming Maine State Bar Association Summer Meeting speaking on the issues of privacy and data security facing companies and employers.