Diane Lourdes Dick & Joseph Yockey

As companies increasingly boast to the public markets about their massive digital transformations and the value of their extraordinary customer insights, data is emerging as a crown jewel asset with unique corporate governance implications under state and federal laws. For those firms that tout data and other digital resources as among their most valuable assets, compliance with evolving cybersecurity and privacy laws, customer expectations, and best practices will be  the key to unlocking this value. By the same token, if compliance or policy gaps arise in this context, data could instead become toxic; that is, not only will digital assets  fail to serve as drivers of corporate value, but they may also generate significant liabilities.

Toxic data—a term we introduce here—can cause firms to incur massive litigation and regulatory fines and penalties, as well as major reputational damage that can destroy brand equity and erode market share. In light of recent signals by the U.S. Securities and Exchange Commission (“SEC”) that it intends to focus on these risks, companies and their advisors should expect well-funded teams to aggressively monitor corporate disclosures and investigate compliance in an effort to carry out the agency’s mission to protect investors and maintain fair, orderly, and efficient markets.

In response to this watershed moment in corporate law, this Article provides the first comprehensive review of the corporate governance of data and other digital assets under state business entities laws and the federal securities laws, with special attention to the evolving fiduciary responsibilities to monitor, oversee, and report on the risks associated with toxic data. This research contributes to the emerging scholarship on corporate governance in the data economy by establishing a theoretical framework for understanding toxic data risks and proposing mechanisms for effective board oversight and risk management.