Are Electronically-Delivered Board Packs a Good Idea?
Among the obvious advantages of this development to directors are:
- portability and ease of storing, accessing and searching numerous sets of board papers;
- rapid and timely delivery of board papers and revisions/substitutions for existing papers; and
- reading convenience, for example on planes or in transit, where bulky papers can be awkward.
With benefits like these, the proliferation of electronic board packs seems both desirable and inevitable. Electronically-delivered board packs may assist boards in managing the volume and structure of the information that they receive. As highlighted in the Centro judgment (ASIC v Healey & Ors [2011] FCA 717 at [298]), 'it is the board's responsibility to determine the information that it requires or does not require'.
The Centro judgment also held that directors are required to take into account all the information they receive in performing their duties. Directors should not allow electronic communication to increase the volume of information they must digest – they should be particularly wary of papers containing links to other information. And it may be that certain types of material, such as large spreadsheets and A3 documents, cannot be conveniently read on an iPad.
There is a specific legal hurdle for board e-communications in section 248D of the Corporations Act 2001 (Cth), but it is easily overcome. Section 248D says that a directors' meeting may be called using any technology consented to by all directors. Therefore, it is important for all directors to give their standing consent, duly minuted, to receiving e-communicated notices of board meetings.
Directors also need to consider a few other issues:
Return of papers
Many boards have a practice of returning board papers at the end of the meeting, so that only the company keeps historical board papers. This may not be possible with electronic board packs – even if a director deletes them from their iPad, they may still be stored on the director’s desktop or laptop computer or on other backup or remote media (for example, within the director’s email folders).
Normally that would not present a problem, provided there is no discrepancy between what is electronically stored by the director and what the company has retained in hard copy. Discrepancies may raise doubts as to exactly what material was placed before, and considered by, the directors. It is also important to note that in the event of litigation, e-discovery may need to encompass these records.
Deeds of access, indemnity and insurance may also require review to ensure that they adequately address electronic retention of board papers.
Directors' notes
Many directors make notes on their printed board papers. If the papers are returned at the end of the meeting, all notes are usually shredded with the papers themselves. This kind of destruction is not possible for electronic notes made in an electronic board pack, because the notes stored may persist electronically even if they were deleted from the director's iPad. They can therefore be recovered for the purposes of regulatory investigations or e-discovery in legal proceedings.
If the notes are an accurate reflection of the director's thoughtful consideration of the issues at hand, they may be helpful in indicating what issues were considered by the director, and how. But if they identify fledgling ideas that have not been followed through, or unwise or ill-considered observations, they may create an impression (possibly a misleading impression) of a lack of due care by the director, or worse.
The remedy is to make notes carefully, knowing they can be recovered, rather than rejecting the new technology.
Security
The security of board papers must be reconsidered when e-communications are employed, particularly if directors want to access their papers while travelling. Email is inherently insecure. Sound IT practices should be the same for board packs as for any other sensitive company information. Some companies (particularly in the US) use portals to give directors access to e-board papers and other materials. Careful consideration of these portals should be undertaken, particularly in relation to security and capability to annotate board papers, and the location of servers where the electronic information is stored. No system is foolproof. Apple provides security-related information in relation to iPads on its website.
Non-executive directors
Non-executive directors receive board material at a company email address, a personal email address or a business email address at another company. Where materials are directed to an external email address, while the director may prefer this approach for its obvious convenience, it creates some risks to the security and confidentiality of the board papers. A personal email address may have little or no security. An email system of another company is owned by that company, and is subject to its IT, email retention and compliance procedures. At a minimum, discrepancies between the policies of the two companies are likely. At worst, confidential or privileged information sent to an external business address could be accessed by others who own and have access to that system, but have nothing to do with the matters addressed.
These risks can be mitigated through the use of in-house company email addresses, where board packs and board-related material can be sent, with a notifier email sent to the director's personal or other business address to alert them. Access can be governed by secure ID.
Routine updates on matters that are otherwise public knowledge can still be sent to the director's primary work or personal email address.
Purpose-built software solutions for the distribution of electronic board packs are also commercially available. They may have attractive features such as:
- a 'self-destruct' mechanism that enables the date of deletion to be embedded within a document so deletion is not dependent on web access;
- an application that saves annotations on to the device instead of a central database, and allows them to be readily deleted;
- strong two-step security; and
- the ability to read papers without web access once they are downloaded.
However, if the system involves external (even offshore) data hosting, boards should consider potential risks (including privacy and other regulatory compliance risks) and whether the services agreement with an external provider is able to adequately address some or all of those risks.
This article is from our September 2011 edition of Corporate HQ Advisory.