In response to a shareholder proposal, Apple Inc. has amended its Board’s Audit and Finance Committee charter to include responsibility for privacy and data security risks that confront the company.

The change was praised by advocates as an important step in improving accountability for privacy and data security at the highest levels of corporate governance. “Apple is to be congratulated for recognizing the critical risks that privacy and data security can pose to a company’s financial performance,” said Michael Connor, Executive Director of Open MIC a non-profit organization that assisted investors in drafting the proposal at Apple.

Audit committees play a critical role in the financial reporting system by overseeing and monitoring management's and independent auditors' participation in the financial reporting process.  The Securities and Exchange Commission has said that “audit committees that have their responsibilities set forth in a written charter are more likely to play an effective role in overseeing the company's financial reports.”

Apple’s amended charter requires its Audit and Finance committee to maintain board oversight of the “legal and regulatory, and reputational risks” of privacy and data security and to review with management “the Corporation's privacy and data security risk exposures; the potential impact of those exposures on the Corporation’s business, operations and reputation; the steps management has taken to monitor and mitigate such exposures; the Corporation's information governance policies and programs; and major legislative and regulatory developments that could materially impact the Corporation's privacy and data security risk exposure.”

The shareholder proposal, filed by investment firms Trillium Asset Management LLC and Zevin Asset Management LLC, had sought more clarity from Apple’s Board regarding oversight of privacy and data security.  Citing a number of potential risks to the company, the proposal said shareholders believed “Apple’s Board has a fiduciary and social responsibility to protect company assets which include the personal information of a variety of stakeholders.”

The shareholders withdrew their proposal following dialogue with Apple management and the company’s amendments to its Audit and Finance Committee charter. “By incorporating privacy into its committee charter Apple’s board of directors has acted in the best interests of the company, its shareholders and society,” said Jonas Kron, Trillium’s Director of Shareholder Advocacy & Corporate Engagement. “This kind of positive dialogue between a company and its shareholders is a great example of how active investors can benefit the company and its stakeholders.” 

Open MIC’s Mr. Connor said additional shareholder proposals regarding privacy and data security have been filed with other publicly-held companies.  “This is a long-term initiative,” Connor said. “Privacy is a critical issue, and companies need to address it.