LEGAL
As governmental focus on data security increases, companies' legal exposure from data breaches is rising. Counsel can better protect their company from the consequences of a data breach by getting more involved in how technology is managed before a breach occurs.
The Federal Communications Commission (FCC) recently proposed $10 million in fines against two companies for allegedly mishandling sensitive customer information by making it accessible to the public on the internet. State legislatures are also strengthening their data security laws. For example, California's legislature recently amended the California data breach statute to:
To proactively manage data security risk, counsel must know more than just which data breach notification laws and regulations apply. They should thoroughly understand their company's technology and data, and specifically:
Learning more about the company's data security practices involves greater communication with the company's technology managers and any outside consultants that assist with data security.
While avoiding a data breach may be impossible, documenting data security efforts will be critical to minimizing the fallout of a data breach by demonstrating that the company made reasonable efforts to protect customer data and comply with industry standards.
For more on these developments, see Legal updates, FCC to Fine Phone Carriers $10M for Failing to Safeguard Customer Data and California Enacts Law Protecting Student Privacy and Amends Data Breach Statute.
For more on identifying data security risks, see Common Gaps in Information Security Compliance Checklist.
Companies that participate in information exchange programs with competitors should note the potential antitrust risks involved. In a recent business review letter issued to CyberPoint International LLC, the Department of Justice (DOJ), while stating that it did not intend to challenge the information exchange at issue, noted that the antitrust agencies evaluate competitor information exchange agreements under the rule of reason.
The antitrust agencies' central concern with these agreements is whether they harm competition by incentivizing participants to raise prices or lower standards of quality, service or innovation. The DOJ explained that it considers three factors when analyzing these agreements:
In addition to understanding these factors, counsel should note that companies can request business review letters from the DOJ regarding proposed joint ventures or business conduct. Business review letters afford companies the opportunity to seek the DOJ's opinion on the potential competitive impact of proposed business conduct and whether the DOJ would challenge the conduct under the antitrust laws.
However, the DOJ:
To request a review, counsel should submit a written request to the Assistant Attorney General, providing the information and documents identified in 28 C.F.R. Section 50.6(5).
For more on competitor collaborations, see Practice Note, Competitor Collaborations in the US and Cooperating with Competitors Checklist.
Given the recent high-profile increase in proxy access shareholder proposals, public companies of all sizes should begin planning how they might respond to this type of proposal.
The New York City Comptroller recently announced he would submit proxy access proposals on behalf of the New York City Pension Funds to 75 companies across a range of industries and market capitalizations. The proposals request a by-law empowering any shareholder who has beneficially owned at least 3% of the outstanding stock for at least three years to include its own director candidates in the company's proxy statement. The targeted companies were selected because they:
The Comptroller's announcement included strong supporting statements from some of the nation's largest state and municipal pension funds, including the California Public Employees' Retirement System (CalPERS).
As a result of these developments, companies should:
For an overview of the shareholder proposal process and when a shareholder proposal may be excluded, see Practice Note, How to Handle Shareholder Proposals.
This look at the major issues on the horizon for corporate counsel comes from Practical Law – an online legal know-how service. View all the looming issues now – compliments of Practical Law The Journal, which covers the latest transactional and compliance topics that impact your practice. To gain access to more related know- how resources, please visit us.practicallaw.com.
-->
