Category Archives: Technology Management

Why Boards Need a Technology Committee

Many have argued that data has become the most important asset for businesses and it is also clear that technology plays a fundamental role in how companies operate and compete.  As such, oversight of the company’s technology-related activities and formulation of an effective technology strategy is an essential function of the board of directors and boards should carefully consider the need to create a board-level technology committee.  Feldman and Potamianos, noting that creation of technology committees has proceeded slowly, argued that such committees can serve several important roles:

“It can serve to ensure effective and secure utilization of technology within the corporation, a broad area with a number of sub-responsibilities.  It can also evaluate, and advise with respect to, the direction of the corporation’s technological evolution– something distinct from the technology management role previously noted and, within a technology-based corporation, a role that dovetails with the overall role of the board of directors in guiding corporate direction – and it can, in the process, oversee effective protection of the corporation’s intellectual property.  Finally, the Technology Committee can recommend technology and procedures to meet the corporation’s financial and regulatory obligations with respect to privacy, data retention and data protection.”

Feldman and Potamianos noted that emphasis and objectives of technology committees will vary substantially from company-to-company since the mandates of such committees are not regulated by listing standards in the same manner as audit, compensation and nominating committees, thus freeing the board to structure and task technology committees in ways that are best for the particular situation.  They explained by suggesting that the technology committee of a company in the computer networking industry might focus on the development of networking standards and evaluating strategic product development, a biotechnology company might have its technology committee concentrate on regulation of product development and a non-technology based company would likely have its technology committee spend relatively little time on technology strategy and devote most of its efforts to information security and business continuation risks.

In a December 2016 report on how board committees among S&P 500 companies had evolved to address new challenges, the EY Center for Board Matters mentioned that companies often created technology committees at the board level to assume responsibility for overseeing and assessing the company’s technology-related development and innovation strategies; making recommendations regarding the scope, direction, quality and investment levels; and overseeing the execution of technology strategies formulated by management.  Technology committees also reviewed and discussed management’s assessment of the company’s technology profile and addressed related risks and opportunities.  The functions of the technology committee may overlap with the risk and research and development committees.  The sectors most likely to have a technology committee included financial services, industrials and materials.

The scope of the duties and responsibilities of the board-level technology committee will vary depending on the activities of the company and the decisions that the entire board makes with respect to allocating oversight authority among various committees.  Companies that depend heavily on technology development, acquisition and commercialization will generally look to have the board-level technology committee proactively participate in technology planning and strategy.  In other cases, the primary concern for the company will be in identifying and managing security risks for the information that the company collects and uses in the course of its business activities (e.g., cybersecurity, business continuity and disaster response).  Many technology committees oversee both technology planning and technology-related risks; however, it is not uncommon for technology risk identification, assessment and management to be assigned to the board’s risk management committee.

When committee is charged with oversight of all of the company’s technology-related activities, including risks and opportunities, the scope of duties and responsibilities of the committee will be quite broad and include responsibility and authority to:

  • Review and approve the company’s technology planning and strategy, including the financial, tactical and strategic benefits of proposed significant technology-related projects and initiatives.
  • Review significant technology investments and expenditures
  • Request and receive reports from management, as and when appropriate, concerning the implementation of the company’s technology priorities, including the cost compared to budget, the expected benefits and the timelines of implementation
  • Remain informed of, assess, and advise the company’s senior technology management team with respect to monitoring and evaluating existing and future trends in information technology and new technologies, applications, and systems that relate to or affect the company’s technology strategy or programs, including monitoring of overall industry trends
  • Receive reports from management concerning the company’s technology operations including, among other things, software development project performance, technical operations performance, technology architecture and significant technology investments and approve related policies or recommend such policies to the board for approval, as appropriate.
  • Report and make recommendations to the board, as appropriate, as to the scope, direction, quality, investment levels and execution of the company’s technology strategies
  • Oversee management’s programs relating to technology-related risks and opportunities including review, at least annually, of management’s IT security program and receipt of frequent updates on IT security from management
  • Oversee effective protection of the company’s intellectual property right portfolio
  • Request and receive periodic reports from management on their strategy for disasters and assess the company’s readiness for disasters to ensure continuity of the company’s business operations
  • Oversee the company’s activities relating to sustainable technology management, typically through collaboration with the board-level committee charged with oversight of corporate social responsibility

When necessary, the charter should address potential overlaps with the duties and responsibilities of other board committees.  For example, as mentioned above, responsibility for the oversight of risks associated with technology, including risk assessment and risk management, will often be reserved to the board’s compliance and risk management committee; however, provision should be made for that committee to report regularly to the technology committee on steps taken to mitigate technology-related risks and for the technology committee to have access to company executives with responsibility for important information technology initiatives and providing for security of the company’s intellectual property.

This article is adapted from material in Sustainability and Corporate Governance: A Handbook for Sustainable Entrepreneurs, which is prepared and distributed by the Sustainable Entrepreneurship Project and can be downloaded here.

Alan Gutterman is the Founding Director of the Sustainable Entrepreneurship Project, which engages in and promotes research, education and training activities relating to entrepreneurial ventures launched with the aspiration to create sustainable enterprises that achieve significant growth in scale and value creation through the development of innovative products or services which form the basis for a successful international business.  Visit the Project’s Library of Resources for Sustainable Entrepreneurs to download handbooks, guides, articles and other materials relating to sustainable entrepreneurship and keep up with the Project’s activities by following Alan on LinkedInTwitter and Facebook.

Board Oversight of Information Technology

One of the most significant issues for the board of directors is oversight of the company information technology (“IT”) activities; however, until recently directors paid relatively little attention to IT even though their companies often were spending significant amounts of money on IT, information was becoming an essential strategic asset and the financial and reputational risks of breaches of information security were becoming more and more apparent.  In many cases the directors were content to leave IT issues to management, particularly the chief information officer, and devoted a limited amount of time to discussions of IT at board meetings.  Since the beginning of the 2000s the situation has changed dramatically as larger companies began to invest heavily in IT assets in order to comply with new requirements regarding the integrity of the internal controls within their financial reporting systems.  Directors and senior executives also became more aware of the role that IT systems played in creating a competitive advantage and adding value to the business.  As a result, companies gradually began to establish board-level committees that focused, in whole or in part, on IT risks and opportunities.  Many companies limit the duties and responsibilities of their board-level technology committee to oversight of the companies with IT activities, with management being responsible for day-to-day management, monitoring and reporting.  In those cases, the duties of the technology committee with respect to its oversight role might be limited to the following functions and responsibilities:

  • Reviewing at least annually the company’s IT and operational strategies, costs and planning, including the financial, tactical and strategic benefits of proposed major IT and operational related initiatives
  • Approving major IT and operational initiatives and the IT and operational budget for each calendar year
  • Receiving a quarterly report from management that provides information on management’s progress in executing on major IT initiatives, technology architecture decisions (as applicable) and IT priorities as well as overall IT performance, including metrics concerning technology investments, talent management, and system availability, integrity, capacity and performance
  • Reviewing at least annually the adequacy of the company’s management of information security risks
  • Approving all material changes to written policies related to the management of information security risks and recommending such changes to the board for approval
  • Receiving reports from management that provide information on the effectiveness of the management of information security risks and the company’s crisis management plan
  • Monitoring and assess the overall adequacy of the company’s IT and operational control environment, including the implementation of key controls in response to regulatory requirements

Similar to the caveat above, a technology committee’s review of information security risks will generally be a shared activity with the board-level risk management committee.

In 2015 Lankton and Price compiled a list of companies with board-level IT committees by searching the web sites of all Fortune 500 companies and reviewing the charters of each committee containing the word “technology” in its name.  After setting aside committees that were primarily focused on research and development within the company rather than on IT, Lankton and Price settled on IT committees of 23 companies for further analysis.  Lankton and Price reviewed the roles and responsibilities of the committees as listed in their charters and coded them into five primary governance domains: strategic alignment; value delivery; resource management; risk management; and performance measurement.  Most of the companies did not include roles and responsibilities for all five domains.  They found that “strategic alignment” was clearly the most often cited role for board-level IT committees, a topic which included:

  • Verifying that IT strategy is aligned with business strategy
  • Making decisions about priorities and the focus of IT resources
  • Clarifying the role of IT
  • Monitoring the impact of IT infrastructure and applications
  • Evaluating benefits delivered by IT projects
  • Communicating goals and objectives through policies
  • Issuing high-level policy guidance
  • Enabling business strategy
  • Monitoring industry trends

At the other end of the spectrum, “value delivery” roles and responsibilities (e.g., optimizing expenses and proving the value of IT, monitoring the return and competitive aspects of IT and balancing the risks and benefits of IT) were mentioned least often overall and by the fewest companies.  The IT committees of 20 of the 23 companies analyzed by Lankton and Price had roles and responsibilities relating to “resource management”, which included oversight of IT expenditures; providing staff development and recruiting and retaining skilled IT staff; overseeing IT asset deployment; and ensuring that IT had competent, sufficient and efficient applications, information, infrastructure and people. 78% of the charters included at least one role relating to performance measurement, which included activities such as tracking project delivery and resource usage, monitoring IT services and establishing a balanced scorecard for IT and measuring IT performance and the contribution of IT to the business.  Finally, just over two-thirds of the charters required committees to address risk management and issues relating to IT security, internal controls, audits and disaster recovery plans.

Sources for this article included N. Lankton and J. Price, “Board-level Information Technology Committees”, ISACA Journal, 2016(2). (citing R. Nolan and F. McFarlan; “Information Technology and the Board of Directors”, Harvard Business Review (October 2005).

This article is adapted from material in Sustainability and Corporate Governance: A Handbook for Sustainable Entrepreneurs, which is prepared and distributed by the Sustainable Entrepreneurship Project and can be downloaded here.

Alan Gutterman is the Founding Director of the Sustainable Entrepreneurship Project, which engages in and promotes research, education and training activities relating to entrepreneurial ventures launched with the aspiration to create sustainable enterprises that achieve significant growth in scale and value creation through the development of innovative products or services which form the basis for a successful international business.  Visit the Project’s Library of Resources for Sustainable Entrepreneurs to download handbooks, guides, articles and other materials relating to sustainable entrepreneurship and keep up with the Project’s activities by following Alan on LinkedInTwitter and Facebook.

Developing a Privacy and Data Security Compliance Program

 

Developing a privacy and data security compliance program requires a substantial investment of professional and managerial time and financial resources to acquire, install and operate the necessary technological systems that serve as the foundation for collecting, using, transferring and discarding nonpublic personal information. It is common to refer to privacy and data security as a top-level corporate governance issue that involves the board of directors and senior management and as companies grow they are likely to recruit and appoint experienced professional to serve as chief privacy officers with their own dedicated personnel and budget to oversee the element of the compliance program. While there is no single template for the privacy and data security compliance program it is important to address the following:

  • Defining and identifying nonpublic personal information handled by the company and documenting how the information flows into, within and outside the organizational structure of the company;
  • Establishing managerial responsibility and control over the compliance program and allocating sufficient cash and other resources to the program;
  • Establishing and enforcing all necessary policies and procedures with regard to privacy and data security;
  • Establishing focused programs to deal with specific privacy-related risks such as online collection of information and collection and use of information during the course of customer relationships;
  • Establishing programs for educating all company employees and business partners about privacy- and data security-related requirements, including continuing education of new developments and threats for executives and managers directly responsible for the compliance program;
  • Understanding and monitoring all applicable privacy- and security-related laws and regulations including emerging trends that may change the regulatory landscape in the foreseeable future;
  • Establishing and administering procedures for oversight of vendors with access to nonpublic personal information for which the company is ultimately responsible;
  • Establishing procedures for data retention and destruction;
  • Establishing and administering privacy incident response and breach notification procedures;
  • Establishing and enforcing disciplinary policies with respect to failure of employees and business partners to comply with the privacy- and data security-related policies and procedures of the company;
  • Communicating the company’s privacy- and data security-related practices to relevant stakeholders including employees, customers, business partners, financial markets and regulators; and
  • Providing regular reports on the efficacy of the program to the board of directors and members of the senior management group.

Responsibility for administering the privacy program should be vested in a single person, generally referred to as the chief privacy officer, who will be given authority to establish privacy policies and procedures and oversee personnel in each department of the company who will be responsible for privacy-related issues in their functional area. The importance of have an executive-level position responsible for managing the risks and business impacts of privacy laws and policies is reinforced by the fact that most of the Fortune 100 companies now have a chief privacy officer or an equivalent position. The chief privacy officer, with the support of the chief executive officer and other members of the senior management group, should be prepared to implement privacy policies and practices for the entire company and coordinate the compliance activities of disparate departments such as marketing, communications, customer service, information technology, human resources and legal. The privacy officer and his/her staff should begin by making an assessment of the nonpublic personal information that the company collects and how it is used and otherwise handled by the company. Once policies and procedures are in place the privacy officer should conduct privacy impact assessments and audits of the handling of nonpublic personal information and should create training and educational programs for employees and company agents. Various resources are available for developing a privacy program including the materials that are readily available from privacy seal organizations and from privacy advocacy groups.

Achieving adequate data security and privacy protections for customers, employees and other parties requires a strategy and like any other strategy it is important to identify relevant metrics that can be used to assess performance.  Unfortunately, there is no single strategy that will be entirely successful in each instance and even companies that have thoughtfully developed and implemented data protection regimes can suffer security breaches.  When creating a data protection program companies should be mindful of the stories they might need to tell if and when problems occur and this means being able to demonstrate that the program was based on recognized industry standards and applicable regulatory guidelines.  In addition, companies should have a record of their consultation processes that includes the names and backgrounds of the technical and legal specialists that were involved.  Companies should also be able to explain how their data security framework work and when and how decisions were made among various alternative solutions.  For example, companies typically have a limited budget for their data security programs and the record should describe how and why dollars were invested in addressing particular risks.  While all this information cannot eliminate potential liability for security breaches it can help mitigate potential penalties and punitive damage awards.

Chapter 230 of Business Transactions Solution (§§230:1 et seq.) on WESTLAW covers the development and administration of policies and procedures to comply with laws, regulations and industry standards relating to privacy, data security and overall collection and use of nonpublic personal information. The materials include a large library of illustrative policies and related practice tools such as checklists for developing a privacy and data security compliance program (BTS §230:130), negotiating information security issues in outsourcing contracts (BTS §230:131) and privacy and data security issues in acquisition transactions (BTS §230:132).  The chapter also includes valuable communications vehicles for clients including client executive summaries regarding privacy and data security laws (BTS §230:133), security requirements for nonpublic personal information (BTS §230:134) and implementation and management of privacy programs (BTS §230:135).

 

Federal Trade Secrets Law Requires Changes to Employment Agreements

 

The federal Defend Trade Secrets Act of 2016 (“DTSA”), which came into effect on May 11, 2016 as Public Law No. 114-153, amended the federal criminal code to create a private civil cause of action for trade secret misappropriation.  Specifically, a trade secret owner may file a civil action in a U.S. district court seeking relief for trade secret misappropriation related to a product or service in interstate or foreign commerce (18 U.S.C.A. § 1836(b)(1)). The DTSA established remedies including injunctive relief, compensatory damages, and attorney’s fees, and set a three-year statute of limitation from the date of discovery of the misappropriation (18 U.S.C.A. § 1836(b)(3)).  The DTSA does not preempt state law, which means that trade secret owners may continue to pursue remedies in state courts while taking advantage of the provisions in the DTSA.

Under the DTSA (18 U.S.C.A. § 1836(b)(2)), a trade secret owner may apply for and a court may grant, in extraordinary circumstances, an ex parte seizure order (i.e.,, seizure without prior notice to the person against whom seizure is ordered), such as an employee whom an employer suspects may be prepared to leave the U.S. with the employer’s valuable trade secrets) to prevent dissemination of a trade secret if the court makes specific findings, including that: (1) a temporary restraining order or another form of equitable relief is inadequate, (2) an immediate and irreparable injury will occur if seizure is not ordered, and (3) the person against whom seizure would be ordered has actual possession of the trade secret and any property to be seized.  A court must take custody of and secure seized materials and hold a seizure hearing within seven days. An interested party may file a motion to encrypt seized material.  It should be noted, however, that the DTSA allows individuals or companies who believe they have been subjected to wrongful or excessive seizure to pursue a cause of action for damages including lost profits, costs of materials, loss of goodwill and punitive damages if the seizure was sought in bad faith.

The DTSA amended certain definitions in 18 U.S.C.A. § 1839 and added the following definitions of “misappropriation” and “improper means”:

“(5) the term ‘misappropriation’ means—

“(A) acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means; or

“(B) disclosure or use of a trade secret of another without express or implied consent by a person who—

“(i) used improper means to acquire knowledge of the trade secret;

“(ii) at the time of disclosure or use, knew or had reason to know that the knowledge of the trade secret was—

“(I) derived from or through a person who had used improper means to acquire the trade secret;

“(II) acquired under circumstances giving rise to a duty to maintain the secrecy of the trade secret or limit the use of the trade secret; or

“(III) derived from or through a person who owed a duty to the person seeking relief to maintain the secrecy of the trade secret or limit the use of the trade secret; or

“(iii) before a material change of the position of the person, knew or had reason to know that—

“(I) the trade secret was a trade secret; and

“(II) knowledge of the trade secret had been acquired by accident or mistake;

“(6) the term ‘improper means’—

“(A) includes theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means; and

“(B) does not include reverse engineering, independent derivation, or any other lawful means of acquisition”

The DTSA provides immunity from civil and criminal liability for an individual who discloses a trade secret: (1) to a government official or attorney in confidence to report or investigate a violation of law, or (2) in a legal complaint or filing under seal.  See 18 U.S.C.A. § 1833(b).  It is important for employers to be aware that they are required to provide notice of the DTSA immunity in any contract or agreement with an employee that governs the use of a trade secret or other confidential information, which notice requirement may be satisfied by providing a cross-reference to a policy document provided to the employee that sets forth the employer’s reporting policy for a suspected violation of law.  Failure to comply with the notice requirement will prevent employers from be awarding certain exemplary damages or attorney fees under 18 U.S.C.A. § 1836(b)(3).  The notice requirements apply to contracts and agreements entered into or updated after the effective date of the DTSA (May 11, 2016).  It is recommended that notice language track the statute, such as the following:

“Notwithstanding the foregoing nondisclosure obligations, 18 USC § 1833(b)(1) added by the U.S. Defend Trade Secrets Act of 2016 (“DTSA”) provides that an individual shall not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret that is made: (1) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney, and solely for the purpose of reporting or investigating a suspected violation of law; or (2) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.  In addition, the DTSA provides that an individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the trade secret to the attorney of the individual and use the trade secret information in the court proceeding, if the individual (1) files any document containing the trade secret under seal; and (2) does not disclose the trade secret, except pursuant to court order.”

For examples of how the notice should be placed into a full agreement, see the chapter on Employee Confidentiality and Innovations Assignment Agreements (§§167:1 et seq.) in Business Transaction Solutions on Westlaw.

 

Developing and Implementing Intellectual Property Compliance Programs

Regardless of the size of its business or the activities in which it is engaged in, intellectual property is an important business asset for every company and an important factor in the development of the company’s competitive strategies.  As such, it is essential for companies to implement a compliance program to identify, perfect, protect, maintain and prosecute its own intellectual property rights—patents, trademarks, copyrights and trade secrets—and avoid potential liability for knowingly or inadvertently infringing the intellectual property rights of others.  A comprehensive compliance program will require the participation of members of all of the departments and other business groups within the company and the program should be consistent with the company’s overall intellectual property strategy as determined by the board of directors and members of the executive team.  The program will include a number of elements, many of which are similar to those that are part of other organizational compliance programs: a coordinating body, such as a compliance committee; an audit or assessment of the company’s current compliance activities relating to intellectual property; policies, procedures and manuals; training and educational initiatives; and continuous review of the effectiveness of the program and ongoing changes to remediate issues and incorporate new laws and regulations and changes in the company’s business activities.

To learn more, download the chapter on “Intellectual Property Compliance Programs and Manuals” presented by the Sustainable Entrepreneurship Project.  Additional Project materials on technology management and intellectual property are available here.

 

Intellectual Property Strategy

The creation, protection and thoughtful commercialization of intellectual property rights have become an important matter for companies of all sizes and across all types of industries.  The competitive impact of intellectual property rights is illustrated by the explosion in patent applications coupled with escalating legal costs for companies prosecuting and defending intellectual property litigation.  Intellectual property is a high value and high risk asset for the company and requires the attention of the board of directors as part of their broader fiduciary duties to the company and its stakeholders.  Members of the board of directors must be prepared to oversee the company’s intellectual property rights portfolio and, as such, must be regularly briefed by senior management and provided with training on the nuances of intellectual property law.  Board members must also be informed of intellectual property activities of competitors and the role that intellectual property is and will play in the evolution of the company’s markets.

An important role for the board of directors and the members of the executive team is developing and implementing an intellectual property strategy that identifies the areas that the company needs focus its creative and innovative efforts and aligns those areas with the company’s overall goals and objectives for effectively competing in the market and otherwise meeting the expectations of its stakeholders.  As with any strategy, the intellectual property strategy must effectively address the specific needs of the company and assist the company in achieving its commercial goals and objective.  The intellectual property strategy should also include programs and tools, such as an intellectual property compliance program[1], that will stimulate creativity within the organization and facilitate the collection of ideas and the steps that are needed in order to perfect, maintain, exploit and enforce valuable intellectual property rights.  The intellectual property strategy will impact core activities such as new product development and commercialization and the information gathered during the course of developing the intellectual property strategy should reduce the risk that investments in innovation will be wasted due to the failure to create products and services that can protected and that do not infringe upon the intellectual property rights of others.

While there are many ways to develop an intellectual property strategy, it is important to begin with identifying the business goals and objectives of the company and figuring out how those goals and objectives can be achieved from an intellectual property rights perspective.  The next step is to audit the company’s existing intellectual property rights and evaluate the competitive intellectual property landscape in which the company is operating.  The company should then determine what will need to be done in order to align its intellectual property rights with its business goals and develop appropriate strategies and tactics for acquiring, through development, licensing or purchasing, the missing intellectual property rights and fortifying those rights to strengthen them in the face of competition.

To learn more, download the chapter on “Intellectual Property Strategy” prepared by the Sustainable Entrepreneurship Project.  Additional Project materials on technology management and intellectual property are available here.

Sustainable Technology Management

While there are number of different ways to define “sustainable development”, a reasonable choice would be to think of it as development that meets the needs of the present without compromising the ability of future generations to meet their needs.  Companies seeking to make a contribution to sustainable development must be prepared to change their traditional way of thinking and allow social, environmental and technological considerations to sit side-by-side with economic performance when establishing their goals and objectives.  Sustainable companies must also commit to acting in a socially responsible manner toward their stakeholders and maintaining high ethical standards.

Technology plays a big role in their pursuit of sustainability and economic development.  Sustainable technologies include technologies that use durable, low-maintenance, recyclable and economic materials and technologies, including materials and technologies that can be locally sourced to reduce transportation costs.  Sustainable technologies may be incorporated into sustainable design practices for products that are focused on designing products to leverage materials and technologies that will reduce product life cycle environmental impacts.  An effective sustainable technology will facilitate improvements in the appearance, performance, quality, functionality and ecological, social and economic value of the products.  From a technology management perspective, companies may consider investing in the development of new technologies that provide alternatives to traditional technologies that have been shown to be being damaging to the health of members of the community and to the environment.

Sustainable technology management is based on the premise that individual companies can and do make an impact on sustainable development through the decisions they make as part of their technology management programs: what products should they manufacture and what technologies should be included in those products; what process technologies should be used; what types and amounts of resources should be used in the manufacturing process; how much should be invested in research and development and which R&D projects should be given the highest priority; and can the company deploy technologies that do not harm the environment and improve the overall quality of life of their employees, customers and members of society in general.

While sustainable technology management obviously impacts the traditional economic “bottom line” that is relevant to investors, it also is important to many of the other key stakeholders of the company:

  • Many customers are concerned about whether or not sourced components have been manufactured to meet certain environmental standards and may require that supplier provide the results of audits of their manufacturing processes to verify compliance.
  • Employees are concerned about the health and safety aspects of participating in the manufacturing process such as air quality and exposure to harmful materials in the workplace.
  • Local communities are concerned about the environmental impact of manufacturing activities including emissions, odors and noise and it is often necessary and prudent to providing information to community members about standards and performance.
  • Regulators will be concerned about a company’s compliance with applicable environmental laws and regulations as well as progress being made on effort to improve energy efficiency and reduce harmful emissions beyond the levels otherwise permitted by law.
  • Consumer action groups will monitor various impacts of the company’s finished products such as greenhouse gas emissions and may engage in adverse publicity campaigns to force the company to take steps to improve its performance.

To learn more, download the chapter on “Sustainable Technology Management” prepared by the Sustainable Entrepreneurship Project.  Additional Project materials on technology management are available here.