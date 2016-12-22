Readers of this space will note our skepticism about the merits
of shareholder derivative actions against corporate officers and
directors in data breach cases. Claims for corporate mismanagement
are subject to the business judgment rule, which protects officers
and directors from lawsuits second-guessing their exercise of
judgment in the performance of their corporate responsibilities
absent self-interested conduct – which is generally not
present in data breach cases – or such extreme dereliction of
responsibilities as to constitute a breach of their fiduciary duty
of care. The difficulty in surmounting that burden is exemplified
by dismissals of derivative actions based on data breaches
perpetrated against
Wyndham,
Target, and
Home Depot.
The Home Depot dismissal, issued just three
weeks ago, apparently did not deter the Wendy's shareholders
from pursuing their derivative claims. But it should have. In both
cases the shareholders elected to sue without making demand on the
boards of directors, despite the fact that both corporations are
incorporated under Delaware law, which makes demand mandatory
absent proof that a majority of the board members would be unable
to exercise disinterested judgment. The Home Depot shareholders
could not do so, and the Wendy's plaintiffs are unlikely to
fare any better. Allegations that a company's data security
practices proved inadequate, standing alone, are generally
insufficient to establish that the company's board cannot
exercise independent judgment about whether such inadequacy rises
to the level of a fiduciary breach. If past is prologue, the likely
result of this shareholder derivative action will be to divert
corporate attention from responding to the data breach until such
time as the case is dismissed.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Parties entering into a non-disclosure agreement or NDA would like to share confidential information for particular purposes while also not sharing such confidential material to unauthorized individuals or third parties.
SEC Chief Accountant Wesley R. Bricker, speaking at the American Institute of Certified Public Accountants Conference in Washington, D.C., emphasized the importance of high quality financial reporting...
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).