Will Home Depot be the one to "get it"?

Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails

Will Home Depot be the one to "get it"?Officers and directors of companies that have had data breaches have become targets of litigation through shareholder derivative claims since the consumer class-action claims have had a difficult time making it past the causation of harm threshold. Those officers and directors may now sigh in relief, if only briefly, following a November 30, 2016, ruling by the District Court in the Home Depot Shareholder Derivative Litigation dismissing the shareholders’ claims against the officers and directors. (Court’s Order) Continue reading “Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails”

Data Breach Litigation: Who’s Gonna Get It? Will it be Yahoo! (or Verizon)?

ford-pintoBelow is a post that I wrote in 2011, back when we thought we were in the middle of the “Year of the Data Breach.” We weren’t — not even close. Yesterday I read an article referencing the Ford Pinto and the infamous cost-benefit analysis memo that led to the jury sending “the message” to Ford so I thought of re-sharing my golden oldie.

Now, here is the interesting part. Yahoo! has been in the final states of a deal to sell itself to Verizon for $4.8 billion and, if this were to happen, that means that Verizon would be inheriting the fallout from the massive Yahoo! 500,000,000 record data breach. So, it may not be Yahoo! that gets it — it may be Verizon so let’s see how this all plays out and whether the purchase price stays at or above $4.8 billion.

Here is my old post: Data Breach – Who’s Gonna Get It? Continue reading “Data Breach Litigation: Who’s Gonna Get It? Will it be Yahoo! (or Verizon)?”

Cybersecurity Legal Issues: What you really need to know (slides)

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Continue reading “Cybersecurity Legal Issues: What you really need to know (slides)”

Cybersecurity Legal Year in Review – #DtSR Podcast

Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast.

In this episode…

  • Most important cybersecurity-related legal developments of 2015
    • Tectonic Shift that occurred with “standing” in consumer data breach claims
      • Discussion of law prior to Neiman Marcus case, and post-Neiman Marcus
      • Does this now apply to all consumer data breach cases?
      • Immediate impact? Companies now liable?
      • Lesson is in seeing the trend and how incrementalism works
      • Michaels & SuperValu case dismissals in light of Neiman Marcus
  • Regulatory Trends
    • FTC & SEC gave hints in 2014, post-emergence of Target details
    • Wyndham challenged authority – came to fruition in August 2015
    • SEC not far behind – significant case in September 2015
    • Aggressiveness of FTC is substantial – FTC v. LabMD … all over LimeWire
  • Officer & Director Liability
    • 2014 – SEC Comm. fired the warning shot … pointed the finger
    • Shareholder derivative litigation
    • Individual liability of IT / Compliance / Privacy “officers”
  • Anticipated 2016 Legal Trends
    • Regulatory enforcement … which, by the way, is why NIST is becoming default
    • Shareholder Derivative – much more likely than consumer class actions at this time
    • Lessons from both of these: when you need to persuade the “money folks” that they need to act, mention D&O Liability (especially Caremark) and Regulatory focus on individuals … now they’re in the cross-hairs
    • Realization that cybersecurity is more of a legal issue than anything else (IT or business) b/c it is the legal requirements and consequences that ultimately drive everything

Go HERE to listen to the Podcast!