Earlier this week, media reports circulated that this past spring Google had exposed the private data of thousands of the Google+ social network users and then opted not to disclose the issue, in part because of concerns that doing so would draw regulatory scrutiny and cause reputational damage. In the wake of these revelations, one question is whether the SEC will look into these circumstances. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at what he regards as a likely SEC investigation and the questions that the SEC likely will be asking. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit an article. Here is John’s post. Continue Reading Guest Post: Ten Questions the SEC Will Probably Be Asking Google
For some time now, some observers had been predicting that we would be seeing a bunch of data breach-related securities class action lawsuits, but the predicted wave never seemed to materialize. However, with a recent uptick in these kinds of cases, that could be changing. On October 8, 2018, in the latest of these kinds of lawsuits to be filed, a plaintiff shareholder filed a securities class action lawsuit against China-based Huazhu Group. As discussed below, there are a number of interesting features of this latest data breach-related securities suit. 
One of the most important recent legal and regulatory developments has been the elevation of privacy rights and concerns. Privacy issues are related to but distinct from cybersecurity issues and concerns, because privacy is concerned about more than just keeping data free from unauthorized intrusion. Privacy concerns also involve how data is used and to what kinds of controls the persons whose rights are affected have over the data. As more and more businesses gather and use user data and other potentially sensitive personal information, they will increasingly find themselves grappling with the growing wave of privacy regulation and legislation. Among the many potential exposures these circumstances create for companies and their senior officials is the growing possibility of privacy-related D&O litigation. Indeed, the growing potential for privacy-related claims may be among the most important emerging D&O liability exposures. 
I have frequently written on this blog about relatedness issues and how they affect the availability of D&O insurance coverage for a series of lawsuits that have been filed over time against a company. D&O insurers 
The rise of financial technology (fintech) is rapidly changing the financial services industry, in the U.S., in the U.K. and elsewhere. But with the rise of fintech also has come increasing regulation. Among the regulatory regimes applicable to fintech sector is the EU’s 
Claims made policies provide coverage for claims first made during the policy period, but only if the insurer is provided with timely notice of claim. Most claims made policies allow policyholders to provide insurers with a notice of circumstances that may give rise to a claim in the future, in order to make the date of the notice of circumstances as the claims made date for any future claims. A recent Sixth Circuit considered a situation in which a policyholder attempted to provide notice of circumstances, even though, the court later concluded, a claim had already been made. The appellate court concluded that because the policyholder’s notice omitted the circumstance the court considered to represent a claim, the attempted notice was insufficient to provide notice of the actual claim. The court’s decisions raises questions about policyholder’s notice obligations under the policy. The Sixth Circuit’s July 10, 2018 decision can be found 
One of the most-watched corporate and securities litigation trends in recent years has been the incidence of D&O claims after companies experience data breaches. Although there have been a number of high profile claims along the way, the volume of data breach-related D&O claims has never quite lived up to the hype. Just the same, these kinds of claims have continued to be filed. The most recent case is a securities class action lawsuit that has now been filed against educational services company Chegg, Inc., after its recent announcement of a data breach involving customer data. The Chegg lawsuit, filed on September 27, 2018 in the Northern District of California, can be found 
In the latest development in nearly decade-long legal battle, a New York intermediate appellate court has held in light of the U.S. Supreme Court’s 2017 decision in Kokesh v. SEC that amounts Bear Stearns paid under an SEC disgorgement order represent a “penalty” for which coverage is precluded under the bank’s insurance policy. This ruling, which overturned a trial court order holding that the disgorgement amount was covered, represents a substantial reversal of fortune for the claimants in this long-running and high-profile insurance coverage dispute. While further proceedings in the case seem likely, the ruling nevertheless represents a setback for policyholders seeking to establish insurance coverage for disgorgement amounts. The intermediate appellate court’s September 20, 2018 opinion can be found 
Elon Musk’s August 7, 2018 Tweets, in which he had “secured” funding to take Tesla private at a substantial premium over the then-current share price, have already produced a storm of controversy and