Advisor: Target's board members should go
By Kavita Kumar
By Kavita Kumar
Star Tribune (Minneapolis)
(MCT) — A new report recommends that Target shareholders oust seven of the 10 board members at the retailer's shareholders meeting next month, saying that those directors failed to protect the company against the massive data breach.
Institutional Shareholder Services, a proxy adviser that provides counsel to shareholders, said members of Target Corp.'s audit and corporate responsibility committees should not be re-elected since risk assessment and oversight of reputational risk were part of their tasks.
"ISS believes that in light of the company's significant exposure to customer credit card information and online retailing, these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information, especially since it involves shoppers and the communities in which the company operates, as well as the overall impact on brand reputation and brand value," the report says.
In a statement, Target said the board views risk oversight as a "full board responsibility" and said it has made "significant" data security investments.
"As one would expect, following the criminal attack that resulted in the data breach, the board is re-examining the entire risk oversight structure, including senior management roles and reporting structures, as well as board oversight," the company said.
In December, Target disclosed that its point-of-sale systems had been compromised by cyberthieves who gained access to the personal and financial information of tens of millions of customers. The breach triggered congressional hearings and a blistering Senate committee report outlining several steps Target could have taken to prevent the attack.
Amid the fallout from the breach, Target's chief information officer, Beth Jacob, resigned in March. In late April, the company announced it appointed Bob DeRodes to take over that role.
But ISS noted that there were questions about the adequacy of Jacob's credentials. It noted that her public biography listed previous roles such as head of guest operations. DeRodes, by comparison, has a deep background in information technology and data security, it said.
Target is still looking for a new chief security officer and chief compliance officer, in addition to a new chief executive since the board fired Gregg Steinhafel last month.
But ISS said these actions by the board seem to be "largely reactionary in nature." It noted that Target's stock has fallen about 11 percent _ a $4.2 billion loss in market value _ since Dec. 18, when the data breach was first revealed.
"For shareholders who have seen the value of their investment decline by over 10 percent, this might appear to be a case of 'too little too late,' " ISS said. "The addition of these 'new' positions raises serious concern about how Target could have been running a business of its size and complexity without these permanent roles."
Among those ISS recommends voting against is interim board Chair Roxanne Austin, who leads the company's audit committee. It also recommended a no vote for Calvin Darden, Henrique De Castro, James Johnson, Mary Minnick, Anne Mulcahy and Derica Rice.
It recommended a yes vote on Douglas Baker Jr., Kenneth Salazar and John Stumpf. While Salazar is chairman of the corporate responsibility board, ISS gave him a pass because he is a fairly new director.
The report also recommended a yes vote on a shareholder proposal to have an independent chairman. Previously, the CEO also served as chairman of the board.
In its statement, Target said the board prefers to have flexibility to determine which leadership structure best serves the interests of Target based on the circumstance.
"The board believes there are many strong governance practices in place at Target that balance any risk of concentration of authority that may exist with a combined chair/CEO position, including the requirement to have an independent lead director in those situations."
The company said the board has not yet made a decision whether it will continue with an independent chair and will reassess its leadership structure once a new CEO is announced.