BABS 3 Corporate Governance and Accountability Assignment Sample
Here’s the best sample of BABS 3 Corporate Governance and Accountability Assignment, written by the expert.
Introduction
The main purpose of this study is to identify, evaluate and assess the risks which are associated with the particular company that faced breach in regulation of General Data Protection Regulation (GDPR). In concern to this, the company selected for this research study is Equifax who actually faced largest cyber attack in year 2017 respectively (Cornock, 2018). This study will also provide brief description of selected company and also explain the nature of breach of regulation. At the same time, this study will also help in analyzing the risks and consequences related to breach for that selected organization. In relation to this, some justified strategies will also be provided for mitigating and controlling the risk associated with the organization. For this research study, mixed research method is used by the research which includes both qualitative and quantitative research method respectively. This research study will also help in developing more knowledge and capability to analysis the things in an efficient manner.
Discussion
Definition of corporate governance and its role & function
Corporate governance is defined as a system of processes, rules and practices through which firm is actually directed and controlled to a large extent. According to Aguilera et al. (2015), it is clearly explained that corporate governance focuses on balancing the company many stakeholder’s interest such as shareholders, customers, suppliers, management, government, financiers, and community. The basic purpose of corporate governance is to address the company shareholders & Board of Director needs so that long – term value of shareholders get maximize to large extent. However, for governing all corporations for that proper transparency, disclosure, accountability, responsibility and fair management
In addition, Andreou et al. (2016) also elaborated that the role of corporate governance in the management and control of the organization is found to be effective enough which focused on controlling the code of ethical conduct related to customers, vendors, shareholders and employees respectively. The corporate governance role also helps in ensuring the best performance or use of resources for meeting the needs of shareholders. Jensen (2017) also explained that there are 70% of executive who believes that effective and strong corporate governance have more weight in today’s competitive market instead of other attributes.
The function of corporate governance to make the role and responsibilities of every stakeholder clearly defined so that business aim and objectives re meet efficiently and effectively. On the other side, Berger et al. (2016) also stated that corporate governance also function as a strategy which help in determining the organization objectives and organization ethics and also culture of an organization. The organizational resources are also allocated in an efficient manner for which proper governance develop effective code of conduct respectively. The use of corporate governance also protects the organization from any challenges and threats as well as also set and implements the effective strategy for managing and controlling both internal and external environment.
Description of Equifax
Equifax is consumer credit service providing reporting agency which collects information of approx. 88 million businesses and 800 million individual consumers across the world. This company was founded in the year 1899 by the Cator Woolford and Guy Woolford. Equifax has operated its business primarily in B2B business sector, selling consumer credit and business insurance reports respectively (EquiFax, 2018). On the other hand, in year 1999, company started providing its services to its credit consumer sector in terms of theft of products and fraud of credit. While studying, it is identified that Equifax has faced a various challenges in terms of 57000 customer complaints to the Consumer Financial Protection Bureau from October 2012 to September 2017. The complaints are related to inaccurate, outdated, misattributed and incomplete information which is held by the company respectively. In addition, EquiFax (2018) also stated that Equifax also faced huge cyber attack in year 2017 in which 143 million consumers has compromised with personal information and additional 209000 also faced expose of credit card data which reflected a breach in July. In year 2017, the company announced a cyber security breach which occurred in mid-May and July. In addition, Marr (2018) also stated that Equifax also announced in year 2018 that additional 2.4 million customers were got affected from this breach attack.
The main business operation of the Equifax is to sell the businesses credit reports, demographic data, software and analytics. For using the detailed information, individual personal detail related to credit is used for determining that how individual is paying the bills and repaying a loan respectively. The credit grantors uses the personal information of the customers in order to decide which types of customer products and services need to be offered and on what term basis. At the same time, Equifax also provides the collected data from National Consumer Telecom and Utilities Exchange (NCTUE) in order to determine the exchange the non-credit data.
Nature of the breach of the regulations
The nature of breach of General Data Protection Regulation (GDPR) 2016/679 is found to be wider because this regulation main focus is to protect the private data of the individuals (consumers) within the EU. This regulation main aim is to protect the EU citizen from the breach of privacy and data in today’s developing digital world. In the research study of Albrecht (2016) clearly stated that GDPR is an effective regulation which controls the consumer data and impose restricted rules and regulation on hosting and processing data respectively.
For all companies those gather or collect the personal data of the EU citizens regardless to the location where company is situated. The nature of breach is determined on the basis of fines or penalties which are imposed by the government when GDPR requirements are breach or not meet by the companies. The penalties related to breach is very serious for both processor and controller. The companies which are managing the personal data need to obtain clear authorization from an individual to use their data. Moreover, Boban (2016) also depicted that nature of breach occurs when there is delay in the notification of the requirements.
The nature of breach is determined when the company doesn’t notify the companies regarding the potential compromised within 72 hours after realizing the mistake of data breach. In addition, Voss (2017) stated that the GDPR regulation is main focusing on controlling the individual to share their personal data as well as to simplify the regulatory environment for a business in order to unify the regulation in European Union. The breach of this regulation is types of big issues for the firm when they are holding or managing a large amount of personal and private data or information of customer respectively.
For example, when company is gathering or collecting the information of the individuals by proper authorization from them without focusing on meeting all requirements which are associated with the GDPR. This type of situation may resultant into the breach of the regulation of GDPR which affects the customers and business relation in an adverse manner (Hoel and Chen, 2016). The use of customer personal data for wrong purpose or breach for that customer need to be notify “without undue delay respectively. This nature of breach of regulations is concern to substantial penalties and fines i.e., in form of two tiers fines:
- 2% of annual global turnover (revenue) or up to 10 million pounds in previous year, whichever is high
- 4% of annual turnover or 20 million pounds whichever is higher
On the above substantial penalties, it is determined that Equifax has been penalized with the higher level of fine which is reporting $3.1 billion in revenue for the previous year 2016. In context to it, it is also expected that data breach rights will always resultant into higher level of fine and the fine is determined on the basis of the factors like gravity and duration of the infringement and different type of personal data which get affected. In the research study of Tikkinen-Piri et al. (2018) also illustrated that organization behavior and level of cooperation play a significant role in influencing the nature of breach fines.
Analysis the risks and consequences of that breach for Equifax
The risks and consequences of that breach for Equifax were found high because the breach of GDPR regulation actually affected directly or indirectly on the business reputation and goodwill respectively. The risk which is identified from that breach to an organization was the financial risk and non-financial risk which affect in a negative manner on the company image and goodwill (Marelli and Testa, 2018). The non-financial risks which are associated with this breach of the regulation is customer dissatisfaction or decrease in the level of trust among the customer which affects directly on the business growth as well as internal environment too.
In relation to this, Wachter et al. (2017) also determined that when the company announced or exposed related to breach at that time, it is identified that company actually failed in meeting the 72 hour notification requirement of the GDPR and that was announced publicly in September 2017. This failure of company caused huge risks in terms of development of business, goodwill and reputation and organization image to a large extent. Moreover, Obar and Oeldorf-Hirsch (2018) also stated that when there is case of personal data breach in that proper notification is provided to supervisory authority before 72 hours in order to avoid the delay in accordance to the Article 55. The major risk for the company who faced the breach is decrease in the customer image and reputation in a negative manner which affect directly on the company.
On the other side, Chaudhuri (2016) also stated when any regulation is breach then a company has to face various consequences which affect directly or indirectly on the organization environment. In a similar manner, Equifax also faced some consequences because of breach of regulation i.e., penalties or fines, restriction in operating a business and much more. When General Data Protection Regulation 2016/679 came into existence on 25th May 2018 but then it faced breach because of which company has to face the large fines which is made mandatory by the GDPR regulation.
Additionally, Kurtz et al. (2018) also explained that GDPR actually means a lot for the companies because this regulation focuses on controlling the management actions as well as protecting the data of the customers from the hackers. The large GDPR fines restrict the companies to adopt the GDPR regulation in these business operations in order to avoid such breach which affect indirectly to customers adversely (Schiffner et al., 2018). Further, the breach of regulation then GDPR also strict the companies to operate its business in the EU by following the proper GDPR requirements which somewhere restricts the growth of the business to some extent.
However, such type of consequences affects the company strengths and develops weaknesses and threats to some extent.
Conclusion
From the above study, it can be concluded easily that GDPR (General Data Protection Regulation) 2016/679 is an effective regulation which impose restriction on the management and controlling of personal data or information respectively. In concern to it, Equifax Company is selected for this research as this company faced largest cyber attack so far across the world. Equifax actually failed in dealing and managing this regulation because of which this breach situation occurred. This paper also critically evaluated the nature of breach in GDPR regulations in order to understand and determine that how such breach cases of regulations affects both the business and economy. Further, this study also helped in identifying that there were some risks which found to be associated with the company breach of regulation such as decline in the company market share, decrease in culture trust level and much more.
References
Aguilera, R.V., Desender, K., Bednar, M.K. and Lee, J.H., 2015. Connecting the dots: Bringing external corporate governance into the corporate governance puzzle. The Academy of Management Annals, 9(1), pp.483-573.
Albrecht, J. P. (2016). How the GDPR will change the world. Eur. Data Prot. L. Rev., 2, 287.
Andreou, P.C., Antoniou, C., Horton, J. and Louca, C., 2016. Corporate governance and firm‐specific stock price crashes. European Financial Management, 22(5), pp.916-956.
Berger, A.N., Imbierowicz, B. and Rauch, C., 2016. The roles of corporate governance in bank failures during the recent financial crisis. Journal of Money, Credit and Banking, 48(4), pp.729-770.
Boban, M., 2016. Digital single market and EU data protection reform with regard to the processing of personal data as the challenge of the modern world. Economic and social development: book of proceedings, p.191.
Chaudhuri, A., 2016. Internet of things data protection and privacy in the era of the General Data Protection Regulation. Journal of Data Protection & Privacy, 1(1), pp.64-75.
Cornock, M., 2018. General Data Protection Regulation (GDPR) and implications for research.
EquiFax. 2018. Actionable insights throughout the customer lifecycle. [Online] Available at: https://www.equifax.co.in/(Accessed: 12th November, 2018)
Hoel, T. and Chen, W., 2016. Implications of the European data protection regulations for learning analytics design. Proceedings of CollabTech, pp.14-16.
Jensen, M.C., 2017. Value maximisation, stakeholder theory and the corporate objective function. In Unfolding stakeholder thinking (pp. 65-84). UK: Routledge.
Kurtz, C., Semmann, M. and Schulz, W., 2018. Towards a Framework for Information Privacy in Complex Service Ecosystems. Towards a Framework for information privacy. [Online] Availaable at: https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1034&context=icis2018 (Accessed: 12th November, 2018).
Marelli, L. and Testa, G., 2018. Scrutinizing the EU General Data Protection Regulation. Science, 360(6388), pp.496-498.
Marr, B. 2018. GDPR: The Biggest Data Breaches And The Shocking Fines (That Would Have Been). Forbes. [Online] Available at: https://www.forbes.com/sites/bernardmarr/2018/06/11/gdpr-the-biggest-data-breaches-and-the-shocking-fines-that-would-have-been/#57c3c5286c10 (Accessed: 12th November, 2018).
Obar, J.A. and Oeldorf-Hirsch, A., 2018. The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society, pp.1-20.
Policy, G.D.P.R.G., 2018. Data Protection & General Data Protection Regulation (GDPR) Policy May 2018. Policy.
Schiffner, S., Berendt, B., Siil, T., Degeling, M., Riemann, R., Schaub, F., Wuyts, K., Attoresi, M., Gürses, S., Klabunde, A. and Polonetsky, J., 2018. Towards a Roadmap for Privacy Technologies and the General Data Protection Regulation: A transatlantic initiative. In proceedings of the Annual Privacy Forum 2018.
Tikkinen-Piri, C., Rohunen, A. and Markkula, J., 2018. EU General Data Protection Regulation: Changes and implications for personal data collecting companies. Computer Law & Security Review, 34(1), pp.134-153.
Voss, W.G., 2017. European union data privacy law reform: General data protection regulation, privacy shield, and the right to delisting.
Wachter, S., Mittelstadt, B. and Floridi, L., 2017. Why a right to explanation of automated decision-making does not exist in the general data protection regulation. International Data Privacy Law, 7(2), pp.76-99.
________________________________________________________________________________
Know more about UniqueSubmission’s other writing services:
