Board portals and document handling

Part 12 of 18. Diligent, BoardEffect, Nasdaq Boards, the email-attachment habit, and the moments in board-paper handling when sensitive material is most likely to leak. The practical posture for non-executive directors.

_Part 12 of 18 in the Digital privacy for board directors series._

If you sit on a UK board today, the chances are high that you use a board portal. Diligent, Nasdaq Boards, BoardEffect, Convene, and several smaller players have between them captured most of the FTSE 350 and a large fraction of the AIM and unlisted board market. The promise of these platforms is secure distribution of board packs, accessible from a tablet, with controlled access and audit trails.

The promise is largely delivered. The board portal is materially more secure than the email-attachment habit it replaces. The compromise patterns I see at board level are now mostly around the portal rather than through it — the moments before the portal opens, the moments after the portal closes, and the small set of habits that, repeated over years, leak material the portal was designed to protect.

This post is about those moments.

What the portal does well

Three things, properly.

Encryption in transit and at rest. Documents stored on Diligent, BoardEffect, or Convene are encrypted at rest in the vendor's data centres and accessed over TLS. The vendor cannot, in normal operation, read your documents.

Access control. Each director sees only what they are entitled to see. Permissions are managed at the company-secretary's level. When a director leaves the board, access is revoked centrally.

Audit trail. The platform records who opened which document, when, from which device. For a regulated firm, this is the kind of evidence that materially helps in any subsequent inquiry.

These are real. The portal is the right place for board papers.

Where the leaks actually happen

Six moments in the handling cycle where I see board papers escape the controlled environment.

**One: the for ease of reference email.** The company secretary, the executive team, or a fellow director sends a board paper, or a section of one, by email for convenience. The email is on the firm's email system, the recipient reads it on the tablet, the file lives in two places, and neither was the portal. This is the single most common leak vector I see. The defence is the standing rule: board papers go via the portal, not by email. Holding the line on this is a non-trivial fight.

**Two: the let me print this for the train moment.** A director downloads a paper from the portal and prints it. The paper is now in a paper folder, on a train, in a hotel room, in a recycling bin three days later. The defence: read on the device. If printing is essential, the paper should be marked, kept in numbered copies, and shredded after the meeting. Most directors do not.

**Three: the quick scan on a personal device.** The portal works on the director's personal laptop or tablet. The director, between meetings, opens the portal on a hotel-room device or a borrowed laptop. The credentials are entered. The session may be saved by a browser. The personal device's security posture has now extended to cover what was a controlled environment. The defence: portal access only on the director's known and managed devices.

Four: the screenshot. Some directors annotate by screenshotting and emailing themselves notes, or pasting screenshots into a personal note-taking app. Each screenshot exits the portal's controlled environment. The defence: use the portal's own annotation features.

**Five: the I'll forward it to my advisor moment.** A NED wants to discuss a paper with their personal lawyer, accountant, or executive coach. They forward it. The advisor's email system, document handling, and confidentiality posture is now in scope, and almost certainly was not what the company secretary had in mind. The defence is the conversation with the company secretary about whether and how advisor consultation is permitted, and through what channel.

**Six: the let me check this thing from my phone moment.** Most board portals have apps. The app's offline-cache settings vary. Some directors have inadvertently configured the app to cache every document offline, which means the documents are sitting in an encrypted form on the phone — encrypted, yes, but accessible if the phone is unlocked. The defence: review the portal app's settings, particularly around offline caching, and decide deliberately what you want cached.

The director's standing posture

A small set of habits that, applied consistently, address most of the above.

The portal is the only place. Board papers are read in the portal. They are not emailed. They are not printed unless essential. They are not forwarded to personal advisors without the company secretary's agreement on the channel.

The device is the known device. Portal access happens on your known, managed personal devices. The personal laptop with the password manager, the MFA hardware key, the disk encryption. Not the hotel-room PC. Not the borrowed laptop.

The annotation stays in the portal. Use the portal's own highlighting, comments, and notes. They are encrypted with the document, they are auditable, they do not leak the document content to external apps.

The post-meeting tidy-up is real. After each meeting, log into the portal and confirm what has been archived, what has been retained, what local copies (if any) need to be deleted from your devices.

MFA is on, hardware MFA where possible. Each board portal supports MFA. Most directors I work with have it enabled. A meaningful minority do not, because the company secretary did not insist. Insist.

The board director on holiday

A small case worth a paragraph. The board meeting that happens while you are on holiday, the paper that needs to be read on a beach, the borrowed iPad of an in-law. The temptation to just log in to the portal on a device that is not yours is real and the defence has to be set up in advance.

The defence: do not log in. Either you read the paper in advance, on your known device, or you accept that some papers are read on the plane home. The portal is not designed for the borrowed-iPad case and the audit trail will not survive it.

What if you are an independent director with multiple boards?

A larger fraction of senior NEDs sit on three, four, or five boards simultaneously, each with a different portal. This is the operational reality and it produces its own friction — five different logins, five different MFA flows, five different document libraries. A few notes.

Use the password manager and the hardware MFA key. Both work across all the portals. Five logins are no friction once stored.

Keep portal use isolated to the same device. A director who reads board papers on a single, well-managed laptop has a much smaller compromise blast radius than one who switches between four devices.

Be deliberate about cross-board information. A document from board A is not a document for board B, even when the topic is similar. This is obvious to most NEDs and worth restating.

A note on AI summarisation tools

A short paragraph because the question has come up at every board I have advised in the past six months. The temptation to paste a board paper into a public AI tool — ChatGPT, Claude, Gemini, Copilot — for a summary is real and the action is, in most cases, a breach of the company's confidentiality obligations. The board paper is exactly the kind of material that should not enter a public AI tool. If your firm has an enterprise AI contract that includes data-handling protections, that may be a different conversation. If you are pasting into the consumer version of any of these tools, the paper is leaving the controlled environment.

What this month looks like

Three short pieces of work, each fifteen minutes.

One: confirm that MFA is enabled on every board portal you use, and that hardware MFA is enabled where the portal supports it.

Two: review your board portal app's offline-caching settings on your phone and tablet.

Three: have one conversation with your company secretary about the standing rule for advisor consultation. Either there is a permitted channel, or there is not. Both are workable; uncertainty is not.

In nine weeks: travel begins. International travel, jurisdictional risk, and what changes when you leave the country.