“One of our NEDs is also chairman of another PLC and has requested that all emails sent to him at the email address for our company are automatically forwarded to his email account at the other PLC. We are concerned about this on the basis that we have no knowledge or control over the security of that other email system, although we see the administrative benefits to the NED involved.
Do any other companies have experience of this and, if so, what processes have been put in place to overcome security concerns?”
It is of no concern of yours or your company’s what arrangements the director makes for his emails. If he has told you to forward emails to another email address then that is what you should do. Your role is limted to ensuring that anything forwarded has a confidentilaity warning on it and/or (if it comes from your company) is password protected
I haven’t come across your particular problem, but if I did there is trust element here.
For our NEDs who are directors of other companies we communicate by email to their company email address as requested and trust them and their systems.
Email security remains a concern however and my challenge is to consider how best to set up NEDs so that we can be entirely confident as to the security of confidential emails sent out.
Private email addresses to my mind are more likely to give rise to risk of interception/confidentialty concern than another company email address.
If you are concerned about confidentiality surrounding the other company’s e-mail where your non-exec is Chairman and you don’t trust your non-exec’s considered request then it may be time either to look for a replacement non-exec or a replacement company secretary. Failing that password protect any confidential information.
The information contained in the emails is the confidential information of the company from whom it is being sent. No doubt the company who owns the email/server of the email address to whom the emails are being sent would have an email policy allowing monitoring of emails to take place. So confidentiality would be breached. I don’t think it is appropriate for the information to be sent to anything other than the non-execs private email account. It should be up to him to fulfil his duties as NED by making proper arrangements to review that account.
I don’t think an automatic forwarding system is appropriate but I do think it is reasonable to communicate by email with a director at another commercial organisation. In my previous role I regularly sent things to the Chairman at another organisation. However, we did not email things which were particularly confidential.
Don’t do it!
We have recently had the same concern, where an non-exec has joined because he was previously CEO of a similar company in the same sector. He kept an office there and all his confidential e-mail was being sent there. I was looking to stop this, but he has since given up his office there and we send everything to his private email address now. I consider it unprofessional for a non-exec to request this arrangement and they should simply set up a private email address. Even a Hotmail address would be better than another commercial organisation.