The Paperless Board and the Law

By Lawrence White    //    Volume 21,  Number 5   //    September/October 2013

Computers have revolutionized the way work is performed on campus. We communicate with one another by electronic mail, schedule meetings using shared electronic calendars, do our research on the Web, fill out forms online, and make telephone calls from anywhere using smart phones.

But at some institutions, agendas and supporting materials are produced the old-fashioned, paper-intensive way and mailed to board members before meetings. If a board member wants to look at the minutes of an old meeting or the text of a pertinent institutional policy, a staff member must scurry to the secretary’s office, copy it, and carry it back to the meeting.

That is changing. At AGB’s National Conference on Trusteeship earlier this year, trustees and board professionals attended sessions with titles like “How Is Technology (Finally) Changing Everything?” and “The Paperless Board Office.” Today many boards use password-protected web sites—“portals,” to use the geek term—that function as a communications medium for board members, an easily accessible archive of board materials, and a facilitation tool for the conduct of board business.

A thoughtfully designed, user-friendly board portal offers tremendous efficiencies. With the tap of an icon or click of a mouse, a board member has instant access to decades’ worth of archived board materials. Board members can use e-mail, listservs, and other e-communication tools to share thoughts and questions instantly with their colleagues. Board committees can post various reports and minutes online. Postage and photoduplicating costs disappear along with the time lag associated with delivery of paper copies.

At the same time, purchasing and deploying a board portal can generate important legal concerns. At the outset, it is no small matter to negotiate the vendor’s software licensing agreement. If the license lacks carefully drafted performance standards, warranties, and risk-shifting provisions, the institution can end up with a product worth less than the purchase price.

Once the portal is up and running, we know from experience that communication volume will increase, along with the effort required to respond to a subpoena or a discovery request for board documents. For public institutions subject to state open-record and open-meeting laws, provocative questions might arise as to whether communications among board members must be shared with the public.

Knotty legal issues also surround the heightened risk of cybersecurity breaches, which can occur with board portals. The frequency with which college and university computer systems are attacked is nothing short of staggering: According to a story that appeared earlier this year in the New York Times, computing systems on American campuses are attacked millions of times every week, with one large American university—the University of Wisconsin—reporting that 90,000 to 100,000 hacking attempts are detected and deflected on that campus every day.

If a college or university’s electronic systems are breached, the institution is required by law to send notices to all persons whose sensitive identifying information—name, address, Social Security number, and the like—has been accessed. In a typical case, the victims of a cyber attack—students, staff members, alumni, hospital patients—live in many different states.

When it comes to board portals, board members may also be spread out across the country. Subtle state-by-state variations in state notification laws make the task of sending required notices particularly difficult, which has prompted some institutions to outsource the task to security firms with special expertise in dealing with data breaches. Typically, state notification laws require notices to be sent within “the most expedient time possible” after detection of the breach—a frighteningly subjective standard that can raise legal uncertainty if the forensic work needed to determine the extent of the breach takes weeks to complete.

To paraphrase the old adage, it’s hard to live with technology but harder to live without it. In many other contexts, higher education has learned that the decided drawbacks of digital communication are outweighed by gains in efficiency and cost savings. As the digital revolution approaches your board secretary’s office, alert your lawyer and embrace the future.