“Today, management has no stake in the company! All together, these men sitting up here own less than three percent of the company. And where does Mr. Cromwell put his million-dollar salary? Not in Teldar stock; he owns less than one percent. You own the company. That's right, you, the stockholder. And you are all being royally screwed over by these, these bureaucrats, with their luncheons, their hunting and fishing trips, their corporate jets and golden parachutes.” – Gordon Gekko
Why does a company’s Board of Directors need to worry about data privacy? The cliché goes, “A company’s most important asset is information.” The Information Age describes a time when information was considered a limited commodity and provided a distinctive competitive advantage. Today, information is everywhere. The Information Age quietly evolved into the Knowledge Economy. The Knowledge Economy focuses on the production, management and use of information. It’s this use of information, specifically the use of an individual’s non-public personally identifiable information, which brings this new wave of legislation.
Data management and data privacy are no longer confined to the windowless basement of a company’s headquarters. Identity Theft is the crime du décinne. Every four seconds in America, another person falls victim to identity theft. This week, Fidelity National Information Services announced that an employee, one employee, sold 2.3 million consumer records containing credit card, bank account and other personal information to a data broker. The data broker, in turn, sold this information to several direct marketing firms. What was once Fidelity’s most important asset is now its most significant liability. Fidelity will not only have to answer to its consumers, but also its shareholders and the Federal Government.
According to its Web Site:
Fidelity National Information Services, Inc. (NYSE:FIS) is a leading provider of core financial institution processing, card issuer and transaction processing services, mortgage loan processing and related information products and outsourcing services to financial institutions, retailers, mortgage lenders and real estate professionals. FIS has processing and technology relationships with 31 of the top 50 global banks, including nine of the top ten. Nearly 50 percent of all U.S. residential mortgages are processed using FIS software. Headquartered in Jacksonville, Florida, FIS maintains a strong global presence, serving over 7,800 financial institutions. FIS is part of the S&P 500. FIS has also been named the #1 banking technology provider and the #2 overall technology provider in the world by American Banker and Financial Insights (FinTech 100).
It’s doubtful American Banker and Financial Insights will rank Fidelity #1 and #2 this year. Similarly, Fidelity may lose several of its 31 of 50 global banks as clients. The European Union enforces strict privacy laws and often criticizes America’s lax privacy and data breach laws. The misconduct of just one employee will likely cost Fidelity millions. Fidelity will spend real dollars investigating, managing and litigating this data breach.
A company’s Board of Directors owes a fiduciary duty, a duty of care and loyalty. This week’s data breach will require the attention of Fidelity’s Board of Directors. The Federal Government and the shareholders will likely demand a response from Fidelity’s Board of Directors. Fidelity’s Board of Directors will be asked whether a company that boasts “a strong global presence, serving over 7,800 financial institutions” implemented best practices to protect its consumers’ non-public personally identifiable information. Is your company implementing best practices? The business technology attorneys at Scott & Scott LLP are recognized thought leaders in regulatory compliance, enterprise network risk, data breach and security, and imminent litigation. For more information contact Adam W. Vanek, Scott & Scott LLP, avanek@scottandscottllp.com.