privacy

Subscribe to privacy via RSS

Under the Delaware Chancery Court decision in the Caremark case, directors can be liable for failures in their oversight duties – that is, their duties to monitor the company and its functions. Lawsuits alleging a violation of the duty of oversight are notoriously challenging for plaintiffs. However, in the recent Marchand v. Barnhill case, the Delaware Supreme Court reversed the Chancery Court’s dismissal of a Caremark liability case and allowed the case to proceed against the board of an ice cream manufacturer that experienced a deadly listeria outbreak. Caremark liability cases remain difficult to plead and prove, but the Marchand decision nevertheless has important implications for director liability for breaches of their duty of oversight.
Continue Reading Recent Delaware Caremark Duty Decision Underscores Board Cyber and Privacy Liability Risks

Francis Kean

In the following guest post, Francis Kean, Executive Director FINEX Willis Towers Watson, take a look at an interesting and arguably surprising recent U.K. judicial decision in which a supermarket chain was held liable for the unauthorized Internet disclosure of its employees’ personal data. Francis has some interesting observations about the decision’s possible implications as well. A version of this article previously was published on the Willis Towers Watson Wire blog (here). I would like to thank Francis for allowing me to publish his article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Francis’s article:
Continue Reading Guest Post: Claims Against Directors for Failure to Insure Against Cyber Risk Are More Likely Now

Libby Benet

In the current environment, most people are aware that there are serious pitfalls and problems involved with data security and privacy. However, business leaders may not always be aware of their legal and ethical duties for securing employee, customer, and partner information. In the following guest post, Libby Benet, JD, CIPP US, Principal Benet Consulting, takes a look at these issues, as well as the important differences between information security and privacy. I would like to thank Libby for allowing me to publish her article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Libby’s article.
Continue Reading Guest Post: Information Security and Privacy – What Business Leaders Need To Know

Bill Boeck

As most readers undoubtedly are aware, the EU’s General Data Protection Regulation went into effect on May 25, 2018. Even though the regulation has only been in effect for a few months, regulators across Europe have already starting levying fines under the regulation’s provisions. In the following guest post, Bill Boeck takes a look at the fines that have been imposed so far and considers their implications. Bill is currently Senior Vice President and Insurance and Claims Counsel with the Lockton Companies.  He is Lockton’s global leader for cyber claims and for the development of proprietary cyber wordings and endorsements.  Bill also leads Lockton’s US financial lines claims practice. A version of this article previously was published on the Lockton Cyber Risk Update Blog. I would like to thank Bill for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Bill’s article.
Continue Reading Guest Post: What Can the First GDPR Fines Tell Us?

When the European Union’s updated General Data Protection Regulation (GDPR) went into effect on May 25, 2018, media reports focused on the potentially massive fines that the regulation authorizes – the regulation authorizes fines of up to €20 million or 4 percent of a company’s annual worldwide revenue, whichever is higher, for noncompliance with the regulation’s strict data collection and use requirements. The possibility of regulatory fines of this magnitude immediately raised the question of whether or not insurance is available to protect companies against the huge financial exposure. The answer to this question, it turns out, is complicated.
Continue Reading Are GDPR Fines and Penalties Insurable?

Last week, the Wall Street Journal reported that this past spring Google had exposed thousands of the Google+ social network users’ private data and then opted to withhold disclosure of the incident because of concerns that doing so would attract regulatory scrutiny and harm the company’s reputation. Following the news reports, questions immediately were asked about a possible SEC investigation of the incident. And now, these developments have drawn two new securities class action lawsuits in which shareholders of Alphabet, Google’s parent company, allege that the company misled investors about the adequacy of the company’s security measures to protect user data from theft and security breaches. As discussed below, the new lawsuits bring together several securities litigation filing trends involving data and privacy-related issues.
Continue Reading Google+ User Data Securities Lawsuits Filed Against Alphabet

As readers of this blog know, data breach, cyber, and privacy-related issues have become a new important area of securities class action litigation in the U.S. In the following guest post, Andrew Miers, Jason Symons, and Shonagh Rasmussen of the HWL Ebsworth law firm review the possibilities or this type of securities lawsuit in Australia. I would like to thank the authors for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ guest post.
Continue Reading Guest Post: Cyber and Privacy Risks: The Next Australian Securities Litigation Frontier?

September is here. Labor Day has come and gone. Time to put away the swim trunks, parasols, flip flops, bungee cords, ukuleles, sun screen, boomerangs, bongos, snorkels, vorpal blades, and unicycles, and get back to work. Yes, it is time to answer all those emails and return all of those phone messages. And most importantly of all, it is time to catch up on what has been happening in the world of directors’ and officers’ liability and insurance. Here is what happened while you were out.
Continue Reading While You Were Out

Earlier this year when I questioned whether or not privacy-related issues might represent an important emerging area of corporate liability, I was thinking we might see privacy claims emerge over time. I was thinking a longer time frame, over the course of years. What has happened is that the privacy-related claims are materializing now. As I previously noted, in July investors filed a securities suit against Facebook following the company’s quarterly earnings release that disappointed investors in part because company’s growth rate was affected by allegedly unanticipated expenses and difficulties in complying with the EU’s update privacy requirements in the General Data Protection Regulation (GDPR), which went into effect in May.

Investors have now filed an additional lawsuit against a company reporting GDPR-related difficulties. As discussed further below, on August 8, 2018, investors filed a lawsuit against Nielsen Holdings plc after the media performance ratings company disclosed in its quarterly earnings release that GDPR-related changes affected the company’s growth rate, pressured the company’s partners and clients, and disrupted the company’s advertising “ecosystem.”  The Nielsen lawsuit underscores the suggestion that privacy-related concerns could be a significant source of corporate liability.
Continue Reading Investors Filed GDPR-Related Securities Suit Against Nielsen Holdings