The trend in many legal quarters toward imposing upon businesses affirmative duties to implement measures to help prevent data breaches and comply with ever-expanding data privacy regulation—and liability if they fail to do so—has brought increased scrutiny of the actions, or more likely inactions, of corporate directors in the cybersecurity arena. A series of cases applying Delaware law, culminating in the June 2019 opinion in Marchand v. Barnhill, 212 A.3d 805, 824 (Del. 2019), indicate that directors who leave cybersecurity and data privacy compliance to management may run a substantial risk of personal liability if they turn a blind eye toward the adequacy of management’s response. These developments are of interest to New Jersey attorneys who advise companies on these matters, because many in-state corporations were incorporated in Delaware and because many states, including New Jersey, follow many aspects of Delaware corporate law. In re Merck & Co. Sec., Derivative & ERISA Litig., 493 F.3d 393, 399 (3d Cir. 2007).
Delaware cases decided before Marchand, including the seminal case of In re Caremark Int’l Derivative Litig., 98 A.2d 959 (Del. Ch. 1996), established that directors breach their duty of loyalty if they fail to make a good faith effort to monitor and oversee a company by either “utterly fail[ing] to implement any reporting or information system” that would allow information to reach the board or, if such a system exists, by “consciously fail[ing] to monitor or oversee” the company’s operations through that system. Stone ex rel. AmSouth Bancorporation v. Ritter, 911 A.2d 362, 370 (Del. 2006). While most so-called “Caremark claims” fail because the plaintiff concedes at least some form of board level monitoring and reporting, the allegations in Marchand presented the type of “utter failure” to monitor a company’s “essential and mission critical” compliance issues that would be sufficient to support a Caremark claim. 212 A.3d at 822-24.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]