Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

ISS Recommends Ouster of Seven Target Directors for Data Breach Failures

Bruce Carton | May 29, 2014

If negative press, customer losses, legal fees, and massive lawsuits weren't already enough to get corporate boards of directors to pay attention to the risk of data breaches, perhaps this will get their attention: Institutional Shareholder Services, a leading proxy advisory firm, is now urging shareholders of Target Corp. to oust seven of the company's 10 directors for "not doing enough to ensure Target's systems were fortified against security threats."

In November 2013, Target was the victim of an attack by hackers that ultimately resulted in the theft of 40 million credit card numbers, and 70 million addresses, phone numbers, and other pieces of personal information. Since then, Target has suffered numerous consequences from the breach, including being named as a defendant in more than 90 lawsuits. Bloomberg reports that through February 1, 2014, Target has already spent $61 million responding to the breach, and saw significant declines in both its holiday profits and its number of transactions.

ISS' blamed the directors serving on Target's audit and corporate-responsibility committees for the issue, saying that "it appears that failure of the committees to ensure appropriate management of these risks set the stage for the data breach, which has resulted in significant losses to the company and its shareholders."

In response, Target stated yesterday that its security measures were "among the best-in-class" in the retail world and that it had made additional significant investments in data security following the data breach.