Shawn E. Tuma

Posts Tagged ‘Data breach’

Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails

In Corporate Governance, Data Breach on December 1, 2016 at 11:09 am

Will Home Depot be the one to "get it"?Officers and directors of companies that have had data breaches have become targets of litigation through shareholder derivative claims since the consumer class-action claims have had a difficult time making it past the causation of harm threshold. Those officers and directors may now sigh in relief, if only briefly, following a November 30, 2016, ruling by the District Court in the Home Depot Shareholder Derivative Litigation dismissing the shareholders’ claims against the officers and directors. (Court’s Order)

The general theory of data breach shareholder derivative claims is that when a company has a data breach, the damages to the value of the company begin to accrue at the time of the breach (or, discovery of the breach) through expenses such as response and remediation costs and litigation costs, as well as diminution in brand value, all of which then reduces the value of the shareholders’ investment in the company thereby causing harm to the shareholders. Because the officers and directors consciously failed to act in the face of known risks to prevent those risks, the theory goes, they breached their duties of care and loyalty to the company and should be held responsible for such losses.

In the Home Depot ruling, the court found that the plaintiff did not meet their burden of proving the officers and directors “consciously failed to act in the face of a known duty to act” which the court called an “incredibly high hurdle for the plaintiff to overcome” and remarked that it was “not surprising that they failed to do so.”

This is a little simplistic and should not be taken as a “Get Out of Jail Free” pass for many reasons, including that the Court’s Order was 30 pages and there are more nuanced cybersecurity, corporate, and shareholder derivative issues that will be examined more closely in a future post. But for now, this at least one ray of hope for officers and directors looking for a reason to sleep a little better tonight.

Enjoy it while you can, it won’t last forever …


Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Complimentary SecureWorld Webinar – 2016 Breaches: Lessons Learned

In Cyber Generally, Cybersecurity Law, Media, NYDFS Cybersecurity Requirements on November 29, 2016 at 10:17 pm

You are welcome to attend a complimentary SecureWorld webinar with these featured presenters:

  • Erich Kron, Security Awareness Advocate, KnowBe4
  • Aliki Liadis-Hall, Director of Compliance, North American Bancard
  • Craig Spiezle, Executive Director & President, Online Trust Alliance
  • Shawn Tuma, Cybersecurity & Data Privacy Partner, Scheef & Stone, LLP

The webinar qualifies for CPE Credits, and will take place on Wednesday, November 30 at 12 pm CST but if you are unable to attend, you can access the recording as well.

You can learn more about, and register for, the webinar at this LINK.

Eye Opener Morning Show Guest Shawn Tuma Discusses Adult Friend Finder Data Breach

In Cyber Generally, Data Breach, Media, Privacy on November 18, 2016 at 7:22 am

7 Strategies To Win the Cyber “Space Race” – Cybersecurity Policy Ideas for Trump Administration

In Cybersecurity Law on November 11, 2016 at 6:00 am

“To truly make America safe, we must make cybersecurity a major priority for both the government and the private sector.”  -Donald Trump

Taking a page from the “avoidance of disaster handbook,” the article below sets out 7 strategies that both your company (and the government of the United States) could pursue to better protect its networks, intellectual property and personally identifiable information. Yes, some of these strategies involve government funding, tax credits, or government involvement. But isn’t that the point of the cybersecurity race? We need to prove our cybersecurity and cyber defense is second to none.”

In 7 Strategies To Win the Cyber “Space Race”, well-respected cybersecurity thinker Paul Ferrillo (@PaulFerrillo) and I share some of our thoughts on how to win the Cyber “Space Race” based on recent examples we can all learn from as well as a few suggestions for cybersecurity policy that we would like to see from the new Trump Administration. For reference, here is President-Elect Trump’s vision for cybersecurity during his campaign.

Our purpose is to ignite a debate that will vet these ideas as well as lead to more ideas from other thought leaders who are willing to engage in this discussion along with us. Please, share your thoughts, whether good or bad,  in the comments to this post or to the article itself, via Twitter, LinkedIn, or the Cybersecurity Business Law Facebook Page.

Yes, You Can Be Held Personally Liable for Your Company’s Data Breach – Here’s Why

In Corporate Governance, Cyber Generally, Data Breach, Privacy on October 30, 2016 at 10:48 am

jeffmullinswebsizeda“Can I be held personally liable for my company’s data breach?”

That is one of the questions I am asked most frequently.  The answer is “YES!” though the usual reasons provided are not nearly as straightforward as the one discussed in the video below. Read the rest of this entry »

%d bloggers like this: