Last week, the Wall Street Journal reported that this past spring Google had exposed thousands of the Google+ social network users’ private data and then opted to withhold disclosure of the incident because of concerns that doing so would attract regulatory scrutiny and harm the company’s reputation. Following the news reports, questions immediately were asked about a possible SEC investigation of the incident. And now, these developments have drawn two new securities class action lawsuits in which shareholders of Alphabet, Google’s parent company, allege that the company misled investors about the adequacy of the company’s security measures to protect user data from theft and security breaches. As discussed below, the new lawsuits bring together several securities litigation filing trends involving data and privacy-related issues. Continue Reading Google+ User Data Securities Lawsuits Filed Against Alphabet
Guest Post: Ten Questions the SEC Will Probably Be Asking Google
Earlier this week, media reports circulated that this past spring Google had exposed the private data of thousands of the Google+ social network users and then opted not to disclose the issue, in part because of concerns that doing so would draw regulatory scrutiny and cause reputational damage. In the wake of these revelations, one question is whether the SEC will look into these circumstances. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at what he regards as a likely SEC investigation and the questions that the SEC likely will be asking. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit an article. Here is John’s post. Continue Reading Guest Post: Ten Questions the SEC Will Probably Be Asking Google
Chinese Hotel Company Hit With Data Breach-Related Securities Suit
For some time now, some observers had been predicting that we would be seeing a bunch of data breach-related securities class action lawsuits, but the predicted wave never seemed to materialize. However, with a recent uptick in these kinds of cases, that could be changing. On October 8, 2018, in the latest of these kinds of lawsuits to be filed, a plaintiff shareholder filed a securities class action lawsuit against China-based Huazhu Group. As discussed below, there are a number of interesting features of this latest data breach-related securities suit. Continue Reading Chinese Hotel Company Hit With Data Breach-Related Securities Suit
Privacy Rights, Liability Exposures, and Potential D&O Claims
One of the most important recent legal and regulatory developments has been the elevation of privacy rights and concerns. Privacy issues are related to but distinct from cybersecurity issues and concerns, because privacy is concerned about more than just keeping data free from unauthorized intrusion. Privacy concerns also involve how data is used and to what kinds of controls the persons whose rights are affected have over the data. As more and more businesses gather and use user data and other potentially sensitive personal information, they will increasingly find themselves grappling with the growing wave of privacy regulation and legislation. Among the many potential exposures these circumstances create for companies and their senior officials is the growing possibility of privacy-related D&O litigation. Indeed, the growing potential for privacy-related claims may be among the most important emerging D&O liability exposures. Continue Reading Privacy Rights, Liability Exposures, and Potential D&O Claims
D&O Insurance: Insurer Must Defend Later Securities Lawsuits Related to Earlier Claim
I have frequently written on this blog about relatedness issues and how they affect the availability of D&O insurance coverage for a series of lawsuits that have been filed over time against a company. D&O insurers frequently argue, in order to try to avoid coverage, that a later lawsuit is related to an earlier proceeding in order to try to argue that the subsequent suit is deemed made at the time of the earlier proceeding. In an interesting case in the Southern District of Texas, the insurer took the opposite position and tried to argue that two securities class action lawsuit complaints filed after the end of the policy period were unrelated to an earlier securities suit that had been filed during the policy period, in order to try to avoid coverage for the subsequent lawsuits.
In an October 4, 2018 decision (here), Magistrate Judge Nancy K. Johnson ruled that the later securities lawsuits filed against Nobilis Health were interrelated with the earlier lawsuit against the company, and therefore that the insurer was obligated to cover the costs the insured company incurred in defending all three lawsuits. The court’s decision underscores the breadth of the relatedness in D&O insurance policies and highlights the fact that relatedness issues can, depending on the circumstances, result in a coverage expansion and not only a narrowing of coverage. Continue Reading D&O Insurance: Insurer Must Defend Later Securities Lawsuits Related to Earlier Claim
Guest Post: PSD2: A New Era for Banking?
The rise of financial technology (fintech) is rapidly changing the financial services industry, in the U.S., in the U.K. and elsewhere. But with the rise of fintech also has come increasing regulation. Among the regulatory regimes applicable to fintech sector is the EU’s Payment Services Directive (PSD), designed among other things to provide certain consumer protections. A Revised Payment Services Directive (PSD2) came into force on January 13, 2018. In the following guest post, Karen Boto, a Legal Director at Clyde & Co law firm, takes a look at PSD2 and considers that insurance challenges the revised regulatory regime presents. A version of this article was previously published as a Clyde & Co client alert. I would like to thank Karen for allowing me to publish her article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Karen’s article. Continue Reading Guest Post: PSD2: A New Era for Banking?
Sixth Circuit: Attempted Notice of Potential Claim Insufficient to Provide Notice of Actual Claim
Claims made policies provide coverage for claims first made during the policy period, but only if the insurer is provided with timely notice of claim. Most claims made policies allow policyholders to provide insurers with a notice of circumstances that may give rise to a claim in the future, in order to make the date of the notice of circumstances as the claims made date for any future claims. A recent Sixth Circuit considered a situation in which a policyholder attempted to provide notice of circumstances, even though, the court later concluded, a claim had already been made. The appellate court concluded that because the policyholder’s notice omitted the circumstance the court considered to represent a claim, the attempted notice was insufficient to provide notice of the actual claim. The court’s decisions raises questions about policyholder’s notice obligations under the policy. The Sixth Circuit’s July 10, 2018 decision can be found here. Continue Reading Sixth Circuit: Attempted Notice of Potential Claim Insufficient to Provide Notice of Actual Claim
Educational Services Company Hit With Data Breach-Related Securities Suit
One of the most-watched corporate and securities litigation trends in recent years has been the incidence of D&O claims after companies experience data breaches. Although there have been a number of high profile claims along the way, the volume of data breach-related D&O claims has never quite lived up to the hype. Just the same, these kinds of claims have continued to be filed. The most recent case is a securities class action lawsuit that has now been filed against educational services company Chegg, Inc., after its recent announcement of a data breach involving customer data. The Chegg lawsuit, filed on September 27, 2018 in the Northern District of California, can be found here. Continue Reading Educational Services Company Hit With Data Breach-Related Securities Suit
N.Y. Appellate Court: Coverage Precluded for Disgorgement “Penalty”
In the latest development in nearly decade-long legal battle, a New York intermediate appellate court has held in light of the U.S. Supreme Court’s 2017 decision in Kokesh v. SEC that amounts Bear Stearns paid under an SEC disgorgement order represent a “penalty” for which coverage is precluded under the bank’s insurance policy. This ruling, which overturned a trial court order holding that the disgorgement amount was covered, represents a substantial reversal of fortune for the claimants in this long-running and high-profile insurance coverage dispute. While further proceedings in the case seem likely, the ruling nevertheless represents a setback for policyholders seeking to establish insurance coverage for disgorgement amounts. The intermediate appellate court’s September 20, 2018 opinion can be found here. Continue Reading N.Y. Appellate Court: Coverage Precluded for Disgorgement “Penalty”
Guest Post: The SEC/Musk/Tesla Settlement: The Dawning of a New Era of SEC Internet Enforcement
As I detailed in a post at the time (here), on Thursday last week, the SEC filed a securities fraud enforcement action against Tesla Chairman and CEO Elon Musk in connection with his now infamous tweets, in which he said he had “secured” funding to take the company private at a substantial premium over the company’s then-current share price. On Saturday, September 29, 2018, the SEC announced in a press release (here) that it had reached a settlement of the action with Musk, as well as in a separate action against Tesla filed simultaneously with the settlement. In the following guest post, John Reed Stark, the President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at the SEC’s enforcement actions and settlements with Musk and Tesla and provides his insight about what these developments may signify as far as the SEC’s enforcement posture regarding communications on the Internet. A version of this article originally appeared on the Securities Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article. Continue Reading Guest Post: The SEC/Musk/Tesla Settlement: The Dawning of a New Era of SEC Internet Enforcement