The Walt Disney Company (DIS)
Voluntary submission by James McRitchie, Shareholder Advocate, 9295 Yorkship Ct, Elk Grove, CA 95758. Franklin Resources shareholder since 2015
Vote FOR Proposal 2 – Report on Cyber Security and Data Privacy
Disney links senior executive compensation to various performance metrics, including information security metrics. Cyber security and data privacy are vitally important issues for Disney and should be integrated as appropriate into senior executive compensation to incentivize leadership to reduce needless risk, enhance financial performance, and increase accountability.
In its opposition statement, Disney argues their current program “allows the [Compensation] Committee to incentivize those executives with direct responsibility for data security and data privacy on an individual basis, and does not put undue emphasis on these matters for executives who do not have direct responsibility for these matters.” (our emphasis)
The requested report would not limit integration of cyber security metrics to the performance measures of senior executives with “direct responsibility for these matters,” since rewarding executives for risk mitigation by their staff as well as growth generation is critical to Disney maintaining its stature as a trusted brand. Disney may be especially vulnerable due to the depth of information it collects, including about children, who are usually subject to more stringent data protection laws.
High-profile cyber attacks and allegations have given the entertainment industry an image problem. Disney has adopted systems to address these issues. But as we have seen at companies like Equifax, Facebook, Target, and many others, even the “best” plans can be improved.
The stakes are incredibly high. In September 2017, the Co-Director of the SEC’s Enforcement Division announced the creation of a “Cyber Unit” stating, “Cyber-related threats and misconduct are among the greatest risks facing investors and the securities industry.” (https://www.sec.gov/news/press-release/2017-176) Prior to becoming the Chairman of the SEC, Jay Clayton wrote that “cyber-threats are among the most urgent risk to America’s economic and national security and the personal safety of its citizens.” (http://knowledge.wharton.upenn.edu/article/how-the-ten-commandments-of-cyber-security-can-enhance-safety/)
Disney should assess integrating cyber security and data privacy metrics into the performance measures of senior executives under its compensation incentive plans. The proposal does not dictate any particular outcome or timeline. It does not seek to prescribe how compensations plan would be constructed or how much weight cyber security and data privacy would be give. Assessment will not be burdensome. Protect our children.
Written materials are submitted pursuant to Rule 14a-6(g)(1) promulgated under the Securities Exchange Act of 1934. Submission is not required of this filer under the terms of the Rule, but is made voluntarily in the interest of public disclosure and consideration of these important issues. This is not a solicitation of authority to vote your proxy. Please DO NOT send me your proxy card; the shareholder is not able to vote your proxies, nor does this communication contemplate such an event.
Vote FOR Proposal 2 by following the instructions provided in the management proxy mailing.