Data Security Breach Documents Sought In Home Depot Books-And-Records Suit

M
Mintz

Contributor

Mintz is a general practice, full-service Am Law 100 law firm with more than 600 attorneys. We are headquartered in Boston and have additional US offices in Los Angeles, Miami, New York City, San Diego, San Francisco, and Washington, DC, as well as an office in Toronto, Canada.
Home Depot was recently hit with a books-and-records suit in the Delaware Court of Chancery, Frohman v. Home Depot, which seeks documents relating to the giant retailer's data security breach last September.
United States Privacy

Home Depot was recently hit with a books-and-records suit in the Delaware Court of Chancery, Frohman v. Home Depot, which seeks documents relating to the giant retailer's data security breach last September.  The plaintiff, a Home Depot shareholder, is requesting information concerning how the company first learned of the breach, any analysis of how the breach occurred, and what steps it took thereafter, among other topics. 

The suit was brought under Section 220 of the Delaware General Corporation Law, which permits shareholders to request corporate documents for a "proper purpose."  A proper purpose may include investigation of alleged wrongdoing by corporate officers and directors, if the allegations are adequately supported.  The Delaware Court of Chancery has long encouraged shareholder plaintiffs to use Section 220 to investigate their claims before launching a derivative suit alleging breaches of fiduciary duty by the board or management, and increasingly plaintiffs' attorneys have been following this advice.

Corporations that have been struck by data security breaches should anticipate that they may have to respond to such "books-and-records" suits seeking documents relating to the breach.  Any corporate documents concerning the circumstances of a data security breach, subsequent investigations, and steps taken to prevent or remedy such breaches should be prepared with the awareness that these documents may well be requested in a subsequent shareholder suit.  While it may be possible to limit access to these documents if they contain confidential commercial information or are protected by the attorney-client privilege and the attorney work product doctrine, the potential for disclosure should not be ignored.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More