The arrival of the iPad at board meetings is welcomed by many. Its ability to quickly distribute documents, make annotations and generally support meetings in paperless format (usually via a secure board portal) represents undeniable savings in time, money and environmental costs, not to mention the convenience of being able to quickly distribute those last minute additions to the agenda. The iPad even has its own special board meeting application. So why has ANZ banned iPads in board meetings?
ANZ’s recent decision to ban the use of iPads at board meetings highlights an increasing concern about wireless network security, and maintaining appropriate record keeping practices. These issues are important for boards to consider, as accessing and storing information on electronic devices blurs the line between personal and company owned records.
Is it on the Record?
Keeping track of board paper annotations was a significant factor in ANZ’s decision to ban iPads at board meetings. The convenience of the iPad’s annotation functions, which allow for marking up of board papers in their electronic form, is accompanied by a responsibility of the board to carefully consider how it will sufficiently back up such electronic documents. The absence of paper records, which traditionally might have been handed up and safely filed after the board meeting, means that records management policies should be established to ensure that all information, including data files, is captured for the company’s records. This is not only important for complying with statutory record keeping requirements; it is also important for preventing legal risks, e.g., as director’s annotations and notes may be of evidentiary value in future legal proceedings.
The use of electronic devices such as iPads, Android tablets, Smart Phones, etc, (Electronic Devices) for both personal and company purposes gives rise to significant security risks. This is partially due to the vast amount of company owned records that can be stored on such devices. Such records may include commercially sensitive documents, which may be vulnerable to unauthorised access via unsecured wireless networks.
Electronic Devices are also vulnerable to theft, loss or accidental deletion of data. These security risks call for development of Information Technology (IT) and records management policies to:
(a) ensure network security;
(b) govern the allowed use of Electronic Devices; and
(c) comply with legal obligations for records retention.
Have You Got a Policy?
When developing IT and records management policies, some useful questions to consider might include:
Is the company subject to statutory or other record keeping requirements?
Are there appropriate data backup mechanisms in place to ensure that company records are not lost, or unlawfully deleted?
If the company does not own the electronic device which is used to store company information, (e.g., the director’s personal iPad), how will it ensure that files are backed up and protected?
How will the company prevent unauthorised access to information via wireless networks?
Will Electronic Devices be banned in meetings, or have conditions on their authorised use?
Which Documents Must Be Retained?
The legal definition of a document has extended beyond its traditional paper form to include things such as emails, text messages, recordings, images, web pages, transaction records and digital data files (in their various forms). Companies are allowed to manage their documents as they see fit, provided that they comply with relevant obligations to retain records for prescribed periods. For example:
Statutory obligations to retain documents:
Income Tax Assessment Act 1936 (Cth): section 262A requires entities to keep records that record and explain all transactions and other acts relevant to the Act for a period of 5 years; and
Corporations Act 2001 (Cth): section 286 requires companies to retain documents which disclose the company’s transactions, financial position and performance for a period of 7 years after the transactions covered by the records are completed (i.e., the 7 years is not measured from when the document was created).
Common law obligations to retain documents, which may be required for current or reasonably, anticipated future litigation.
Statutory obligations not to destroy documents required for legal proceedings.
Any compulsory obligations contained in applicable industry-specific requirements.
Boards must be aware that all recoverable electronic data, from complex Meta forms to basic spreadsheets, is discoverable at law. Documents kept by the company will be discoverable in legal proceedings, and even an annotated board paper stored on a director’s personal iPad may still be discoverable, as a company document.
McCabe v British American Tobacco  VSC 73 (the BAT Case)
The BAT case sent a clear message about legal risks associated with improper record retention practices, and the importance of retaining records in case such documents are called upon in future legal proceedings. In this case, it was found that BAT’s alleged destruction of records (prior to commencement of litigation), had subverted the discovery process, resulting in the plaintiff being unable to prove her case. On this basis, BAT’s defence was struck out and judgement was entered in favour of the plaintiff, without her having to prove her claim. In effect, an adverse inference was drawn against BAT [by virtue of s 183(b) of the Evidence Act (VIC)], for its failure to produce documents, which were relevant to the litigation.
While the BAT Case became the subject of subsequent appeals, and eventual settlement in 2011, it has had significant implications in highlighting the importance of adopting appropriate document retention policies, to ensure legal compliance and prevent litigation risks.
While new technology is changing the way we run our board meetings, annotations by board members on their board papers will continue to count as official records, be it in paper, data, or other forms. Boards are free to decide how they will use technology to support their purposes, but they should carefully consider their positions, to ensure that the advantages of new technology are not outweighed by its legal risks. Such risks can be prevented by establishing policies to maintain control of company records, and govern the use of Electronic Devices in the boardroom and beyond. The content of IT and records management policies will depend on the needs, resources and legal obligations of the relevant organisation. However, they will invariably send a clear message to employees, members and directors regarding appropriate practices.