Delivering board papers via an iPad or other tablet device is a growing trend among companies seeking cost-effectiveness and convenience. But electronic delivery of board packs is fraught with legal, risk and security challenges.
Until recently, most companies printed and bound board papers and couriered the pack to the directors prior to the next board meeting. The board packs were cumbersome, heavy and there was always the risk of the papers being lost in transit or unable to be delivered because no-one was home to receive them. There were also security issues if the packs were left the front door unattended.
Over the past 12 months, a number of companies have launched products which deliver board papers securely via an app, and company secretaries are presenting shiny new iPads to their directors. Other directors who are already veterans of using tablets to read and annotate their board papers choose to use their private iPads for all the boards on which they serve.
Where once the board table was strewn with folders, papers, stick-it notes and pens, now the mantra is BYOD: Bring Your Own Device.
Board members believe that receiving their board papers via a tablet device is inevitable. But in the rush to embrace new technologies in the boardroom, directors must be cognisant of the potential legal ramifications of digital delivery.
In this article I illustrate this by discussing hyperlinks, annotations and passwords.
Hyperlinks
Ironically, one of the common complaints directors make about reading board papers on their tablet device is the size of the board pack. When the board pack was prepared in hard copy its thickness was obvious. The size of digitally-delivered board pack is much harder to determine and directors only learn what’s ahead for their weekend reading by the length of time it takes for the pack to download.
The download time can be related to the speed of the internet connection. But the more common reason is the size of the pack and whether the papers feature complicated graphics. One way to overcome the download time is to use hyperlinks.
For an IT expert, a hyperlink the obvious solution to complaints about the size of the board pack and the length of time it takes to download. The problem with hyperlinks from a legal perspective is that a hyperlink is easy to miss when a director is reading and annotating the papers.
Legally, if a hyperlink is part of the board pack the directors have an obligation to read its contents just as if it were a board paper. It’s a flimsy strategy in the event of a court case that a director will use the defence: "but it was in a hyperlink and I didn’t click on it".
Annotations
Another tricky legal area for director is annotations. There are a number of apps which allow directors to annotate their board papers easily and conveniently. The issue is less about how to make annotations than it is what to do with the mark-ups after the board meeting.
If the papers were to become material to a court case in years to come, would a director remember why he circled a word on page 43, wrote an exclamation mark on page 126 or doodled a smiley face at the bottom left-hard corner of page 152?
The ANZ Bank last year announced that under legal advice it had deferred introducing iPads to the boardroom, citing concerns about data security. “Under Australian law the annotation is a problem,” ANZ Bank’s chief information officer Anne Weatherston told The Australian Financial Review at the time. “While we can secure the board paper, any annotations you make sit outside of the network and we cannot capture them or store them as a corporate-owned document.”
The Board of the ANZ Bank now uses iPads with the papers contained in a secure app. “However there are legal risks regarding annotations,” Ms Weatherston told Boards and Governance. “As such we do not allow board paper annotations on the iPad.”
Boards are addressing the issue in different ways. In some cases, the board papers and the annotations are deleted manually from the iPads either by the directors or the company secretary at the end of each board meeting. In other companies, this is done remotely.
Some directors who are especially concerned about electronic annotations use a small notebook in which to write their annotations the old-fashioned way, and shred the notebook after the board meeting.
Passwords
Remembering passwords is the bane of life in the digital age. From internet banking and bill paying to the websites of professional associations, regular online shopping websites and social networking sites, remembering each and every password is very difficult and tiresome.
Board papers delivered on iPads or other tablet devices are protected to a larger or lesser degree by the level of security provided by the company and/or the app the company secretary uses. However, if the director allows the four-digit password on the iPad to be easily visible when it’s entered, the device can be easily stolen and the information extracted. Public places including airport lounges and the business class cabin of an aircraft where directors often fly are common areas of potential risk.
Two factor passwords are one way to address easily deciphered security codes. One factor is something known to the user and is a password. The other factor could be a token, a fingerprint or facial recognition.
Complicated passwords that contain a mix of numerals and letters in upper and lower case are another option to increase security - but they are much more difficult to remember.
Conclusion
When board papers were delivered in hard copy there were just as many legal, risk and security issues facing the company and its board.
The packs could be stolen, photocopied, emailed to competitors, left behind in airport lounges and taxis. The digital age has not eliminated these risks but in some ways it has made security more difficult to ensure.
As directors become more familiar with using iPads or tablets as just another business tool, downloading board papers, reading and annotating them and keeping them secure will become a matter of course.
In the meantime, creating a board protocol or policy on how papers can be kept secure is a worthwhile board agenda item for discussion.
