In a ruling last week, Delaware Vice Chancellor Travis Laster denied motions to dismiss in the shareholder derivative suit against Facebook executives for failing over the course of several years to protect users’ data privacy. The alleged privacy violations to which the lawsuit relates were the subject of a massive $5 billion penalty that Facebook agreed to pay to the FTC to settle charges that the company had violated a 2012 consent order relating to protecting users’ privacy. As discussed in a May 10, 2023, Law360 article (here), Vice Chancellor Laster made his ruling from the bench in a telephonic hearing. Vice Chancellor Laster’s ruling is also discussed in a May 10, 2023, Associated Press article (here). As discussed below, Vice Chancellor Laster’s ruling underscores the extent to which privacy-related issues represent an area of significant corporate liability exposure.

Continue Reading Court Denies Dismissal Motion in Facebook User Data Privacy Derivative Suit

In the midst of its battles with Elon Musk over Musk’s attempt to walk away from his proposed takeover of the company, Twitter was rocked by the news that a whistleblower had sent Congress and federal agencies explosive reports of “major security problems” at the company. According to the news reports, the whistleblower’s disclosure not only detailed privacy and cybersecurity vulnerabilities at Twitter, but also included allegations that company management had misled its own corporate board and government regulators about the vulnerabilities. Among other things, these revelations triggered a Congressional inquiry. And now, a plaintiff shareholder has launched a securities class action lawsuit against the company and several of its executives, based on the whistleblower’s allegations. As discussed below, the complaint has several interesting features.
Continue Reading Twitter Hit with Cybersecurity-Related Securities Suit Over Whistleblower Allegations

As readers of this blog well know, since the initial U.S. coronavirus outbreak in March 2020, plaintiffs’ lawyers have filed dozens of COVID-19-related securities class action lawsuits. Even though the coronavirus-related litigation phenomenon, like the coronavirus outbreak itself, is about to enter its third year, relatively few of the coronavirus-related securities suits have yet reached the motion to dismiss stage. However, last week the federal judge presiding over the coronavirus-related lawsuit filed against Zoom Video Telecommunications entered an order granting in part and denying in part the defendants’ motion to dismiss. The Court’s February 16, 2022 order, a copy of which can be found here, also presents an interesting perspective on the ways in which privacy and security issues can lead to potential securities law liability exposures.
Continue Reading Zoom Coronavirus-Related Securities Suit Dismissal Motion Denied in Part

Peter Selvin

In an October 19, 2021 decision in Twin City Fire Insurance Co. v. Vonachen Services, Inc., the Northern District of Illinois, applying Illinois law, addressed key insurance coverage issues under the D&O and EPL coverage parts of a management liability insurance policy. In the following guest post, Peter Selvin reviews and analyzes the decision. Selvin is a partner with Los Angeles-based Ervin Cohen & Jessup. A version of this article previously was published in the LA Daily Journal. I would like to thank Peter for allowing me to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Peter’s article.
Continue Reading Guest Post: Court Addresses Biometric Claims and Insurance Issues

Peter Selvin

In the following guest post, Peter Selvin discussed the Fifth Circuit’s July 21, 2021 decision in Landry’s Incorporated v. The Insurance Company of the State of Pennsylvania (here), which considered the question of coverage under a commercial general liability policy of damages from a data breach caused by a third-party hacker. Selvin is a partner with Los Angeles-based Ervin Cohen & Jessup. A version of this article previously was published in the LA Daily Journal. I would like to thank Peter for allowing me to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Peter’s article.
Continue Reading Guest Post: CGL Coverage for Data Breaches: New Developments

When companies are hit with cybersecurity incidents, class action privacy litigation often follows. However, claimants in these kinds of cases face a threshold challenge of showing they have suffered a sufficient “injury in fact” to establish that they have standing to assert their claims. The following guest post, written by Paul Ferrillo, Kristine Argentine, Emily Dorner, and Alexandra Drury of the Seyfarth Shaw law firm, provides a survey of the current state of play for the standing requirements in this type of litigation. I would like to thank the authors for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article. 
Continue Reading Guest Post: First There was Litigation; And Then There Was Standing

On July 6, 2021, after the Wall Street Journal reported that prior to DiDi’s June 30, 2021 U.S. IPO,  government authorities had urged the Chinese ride-hailing firm to postpone the offering, but that the company, under pressure from investors, had gone ahead with the IPO anyway, it seemed that it would only be a matter of time before DiDi would be hit with a U.S. securities lawsuit. Indeed, as it turned out, the same day the Journal article appeared, an investor filed a U.S. securities class action lawsuit against the company. As discussed below, the lawsuit is based on cybersecurity and privacy concerns relating to the company’s ride-hailing app. A copy of the investor’s July 6, 2021 complaint can be found here.
Continue Reading Chinese Ride-Hailing Firm DiDi Hit With Securities Suit Related to Its Recent IPO

In a very interesting June 16, 2021 opinion, the Ninth Circuit has reversed in part the district court’s dismissal of the privacy and cybersecurity-related securities class action lawsuit filed against Google- parent Alphabet, Inc, relating the company’s discovery of and decision not to disclose a software vulnerability that exposed user data of nearly half a million users of the Google+ social media site. The appellate court’s decision, a copy of which can be found here, could represent a significant development in the evolution of cybersecurity and privacy-related securities litigation.
Continue Reading Ninth Circuit in Part Reverses Dismissal of the Google+ User Data Securities Lawsuit

In prior posts on this site, I have identified privacy-related issues as a potentially important source of future D&O claims. In making these projections, one thing I had in mind was the possibility of claims as a result of the enforcement of the EU’s General Data Protection Regulation, which went into effect in May 2018. There have in fact already been GDPR-related securities class action lawsuits filed in the U.S., including the securities suit filed in August 2018 against U.K.-incorporated media tracking company Nielsen Holdings. In a January 4, 2021 opinion, Southern District of New York Judge Jesse Freeman granted in part and denied in part the defendants’ motion to dismiss the Nielsen Holdings lawsuit. Of significance to the questions concerning privacy-related claims, the plaintiff’s allegations concerning defendants’ statements after GDPR went into effect about the GDPR’s impact on the company survived the dismissal motion. A copy of Judge Furman’s opinion can be found here.
Continue Reading GDPR-Related Securities Suit Against Nielsen Holdings in Part Survives Dismissal Motion