In addition to all of the other risks, liabilities and exposures arising from cybersecurity concerns, you can now add the possibility of a whistleblower action for cybersecurity fraud. According to a July 31, 2019 press release from counsel for the whistleblower involved (here), Cisco Systems has agreed to an $8.6 million settlement in what the press release claims is the “first cybersecurity whistleblower case ever successfully litigated under the False Claims Act.” Cisco has agreed to pay the amount to settle allegations that the company knowingly sold vulnerable and defective video surveillance software to federal, state, and local government agencies, exposing the systems to unauthorized access. As discussed below, this development even further expands the range of concerns companies must take into account when assessing their cybersecurity exposures. An August 12, 2019 memo from the Jones Day law firm about the settlement and its implications can be found here. Continue Reading Cybersecurity Whistleblower Claim under the False Claims Act Settled
Bribery-Related Securities Suit Based on Acquired Company’s Pre-Merger Activities
As I have frequently noted on this site (most recently here), plaintiffs’ lawyers often attempt to fashion a securities lawsuit out of on revelations of corporate activities involving alleged violations of anti-bribery laws. A securities class action lawsuit filed this week represents the latest example of this phenomenon. In this instance, the allegedly improper conduct involved activities of an acquired company that reportedly took place prior to the merger. As discussed below, this latest example of the bribery-related securities lawsuits involves several interesting variations on the pattern of these kinds of follow-on securities suits. Continue Reading Bribery-Related Securities Suit Based on Acquired Company’s Pre-Merger Activities
Guest Post: Working Hard or Making Work? Plaintiffs’ Attorneys Fees in Securities Fraud Class Actions
In the following guest post, Stephen J. Choi, Jessica M. Erikson, and Adam C. Pritchard take a look at the plaintiffs’ attorney fee awards in “mega-settlements” in securities class action lawsuits. The authors ask the question whether the lawyers who lead these cases and negotiate the settlements are appropriately rewarded for their efforts. Choi is the Murray and Kathleen Bring Professor of Law at New York University School of Law. Erickson is Professor of Law & Associate Dean for Faculty Development at University of Richmond School of Law. Pritchard is the Frances and George Skestos Professor of Law at University of Michigan Law School. My thanks to the authors for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article. Continue Reading Guest Post: Working Hard or Making Work? Plaintiffs’ Attorneys Fees in Securities Fraud Class Actions
The Fed Has a Message for Banks about D&O Insurance
The Federal Reserve wants bank directors and senior executives to know that while their D&O insurance policies are “an important risk mitigation tool,” their policies could contain exclusions that could “potentially limit coverage” and leave them without insurance in the event of a claim. In a July 23, 2019 letter (here), the Fed informed banks and other financial institutions of the risks associated with exclusionary provisions in D&O insurance policies and urged board members and senior executives to “understand fully the protections and limitations” that the D&O insurance policies provide. As discussed below, the Fed’s guidance is good advice for directors and senior executives of any organization, not just for banks. An August 3, 2019 post on the Willis Towers Watson blog about the Fed letter can be found here. Continue Reading The Fed Has a Message for Banks about D&O Insurance
Guest Post: Using Facebook’s “Like” Button May Violate the GDPR
In a number of prior posts, I suggested that privacy related issues may be a significant area of potential corporate risk in the months and years ahead. Among the potential sources of risk are the legal requirements of the General Data Protection Regulation (GDPR), the EU’s privacy regulation, which just went into effect in May 2018. Because GDPR is still relatively new, we are still learning what it means in terms of corporate risk. In the following guest post, Bill Boeck takes a look at one interesting and arguably surprising aspects of GDPR’s requirements. Bill is currently Senior Vice President and Insurance and Claims Counsel with the Lockton Companies. He is Lockton’s global leader for cyber claims and for the development of proprietary cyber wordings and endorsements. Bill also leads Lockton’s US financial lines claims practice. A version of this article previously was published on the Lockton Cyber Risk Update Blog. I would like to thank Bill for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Bill’s article. Continue Reading Guest Post: Using Facebook’s “Like” Button May Violate the GDPR
Environmental Liability-Related Securities Suit Filed Against 3M
At a time when litigation involving corporate disclosures regarding cybersecurity, privacy, and human resource practices and other hot topics dominate the discussion, potential corporate exposure arising from environmental liabilities and disclosures does not always receive the attention it deserves. However, as I have previously noted on this blog, environmental disclosures can and frequently are the subject of D&O litigation, both in the form of securities class action litigation and shareholder derivative litigation. A new securities suit recently filed against 3M is the latest example of corporate and securities litigation arising from environmental disclosure-related issues. As discussed further below, the 3M complaint is also the latest example of event-driven securities litigation as well. Continue Reading Environmental Liability-Related Securities Suit Filed Against 3M
Guest Post: What the Capital One Hack Means for Board of Directors
The news of the recent massive data breach at Capital One made the front pages of the business sections of newspapers across the country. The hack has drawn attention not just because of the magnitude of the hack, but also because the hackers apparently managed to steal data from The Cloud. The Capital Data breach represents a “wake-up call” for boards of directors, according to the following guest post from John Reed Stark. John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on Securities Docket. My thanks to John for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article. Continue Reading Guest Post: What the Capital One Hack Means for Board of Directors
Recent Delaware Caremark Duty Decision Underscores Board Cyber and Privacy Liability Risks
Under the Delaware Chancery Court decision in the Caremark case, directors can be liable for failures in their oversight duties – that is, their duties to monitor the company and its functions. Lawsuits alleging a violation of the duty of oversight are notoriously challenging for plaintiffs. However, in the recent Marchand v. Barnhill case, the Delaware Supreme Court reversed the Chancery Court’s dismissal of a Caremark liability case and allowed the case to proceed against the board of an ice cream manufacturer that experienced a deadly listeria outbreak. Caremark liability cases remain difficult to plead and prove, but the Marchand decision nevertheless has important implications for director liability for breaches of their duty of oversight. Continue Reading Recent Delaware Caremark Duty Decision Underscores Board Cyber and Privacy Liability Risks
D&O Insurance: Del. Court Rejects Insurers’ Appraisal Action Coverage Defenses
As the number of shareholder appraisal lawsuits increased a few years ago, a recurring question has been whether or not a company’s D&O insurance covers the company’s costs incurred in defending an appraisal action. In a recent decision, a Delaware Superior Court judge rejected a number of the recurring coverage defenses on which insurers rely in disputing coverage for appraisal action costs and expenses. The Court’s opinion in the Solera Holdings case contains several very interesting rulings, some of which could be relevant even outside of the appraisal action context. A copy of the Delaware Superior Court’s July 31, 2019 opinion can be found here. Continue Reading D&O Insurance: Del. Court Rejects Insurers’ Appraisal Action Coverage Defenses
Guest Post: Time To Resolve Post-Cyan Securities Class Action Confusion
In numerous prior posts on this site (for example, here), I have written about the problems caused by the U.S. Supreme Court’s March 2018 decision in Cyan, Inc. v. Beaver County Employees Retirement Fund. In the following guest post, Nessim Mezrahi, cofounder and CEO of SAR, a securities class action data analytics and software company, issues a call for reform to address the “confusion” that Cyan has caused. A version of this article previously appeared on Law 360. I would like to thank Nessim for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to publish a guest post. Here is Nessim’s article. Continue Reading Guest Post: Time To Resolve Post-Cyan Securities Class Action Confusion