Statutory remedies are made available to shareholders in a small, closely held corporation should harmful actions be undertaken by other shareholder or directors of the corporation. Importantly, these statutory remedies are available only to owners of a corporation with 25 or fewer shareholders.
Pursuant to N.J.S.A. 14A:12-7(1)(c), a shareholder in a closely held corporation may seek judicial remedies if the directors or other persons in control of a corporation have:
Businesses have a major need to assess their own cybersecurity risks, and to openly exchange internal information within the company to effectively address and mitigate an actual breach situation. Yet a company’s internal assessments of its own weaknesses and the holes in its cybersecurity protections can, ironically, actually expose the company to even greater danger in future security breach litigation. A company’s good faith internal report of its cybersecurity weaknesses can potentially serve as almost an admission that it has found its cybersecurity protections for personal and confidential data to be inadequate.
Similarly it is of extreme importance that in the midst of dealing with a cyber breach event, that the company’s personnel freely exchange information related to the breach crisis situation quickly and without undue worries about how the disclosure of that information might look in a future litigation discovery proceeding.
The involvement of the company’s legal counsel in all important aspects of a cybersecurity risk assessment and breach response is crucial because of the protections that involvement can potentially provide the company under the doctrines of (i) attorney-client privilege, and (ii) work product protection.
New Jersey statutes provide important rights and protections to “minority” shareholders of small, closely held companies. The applicable statute provides a right to file a lawsuit for relief under the following circumstances:
In the case of a corporation having 25 or less shareholders, the directors or those in control have acted fraudulently or illegally, mismanaged the corporation, or abused their authority as officers or directors or have acted oppressively or unfairly toward one or more minority shareholders in their capacities as shareholders, directors, officers, or employees. N.J.S.A. 14A:12-7(1)(c) (emphasis added).
This is not the only justification for filing a lawsuit against fellow shareholders, but it is one that the legislature has seen fit to create.
The United States does not currently have a single comprehensive federal law regulating data privacy and cybersecurity matters. Instead, there is a patchwork of laws which at times overlap, and in other cases may even potentially contradict one another. This patchwork, together with the growth in interstate and international data flow, heightens the risk of privacy violations and can create significant compliance challenges. Failure to meet these challenges, however, can result in government imposed civil and criminal sanctions (including fines and penalties), private lawsuits and class actions, as well as damage to a company’s reputation and customer trust.
The following is a brief summary of some of the most significant Federal legislation impacting data privacy and cybersecurity matters.
Federal Trade Commission Act (the “FTC Act”)
Identity theft is an area of major concern for consumers and businesses alike. Roughly nine million individuals in the U.S. can expect to have their identity stolen each year. With just a few items of personal information (such as the name, social security number, and the date of birth of an individual) a cyber-criminal can potentially drain existing accounts or open new credit card accounts with devastating consequences for the unwitting consumer’s credit ratings and future path in life. If your business has been lax in protecting the privacy of such personal information in its possession, you may be inviting your own devastating consequences: lawsuits by individuals experiencing identity theft as a result of your lax procedures, regulatory enforcement actions, and damage to your business reputation and loss of trust by your customers.
The Red Flags Rule, issued by the Federal Trade Commission (“FTC”), requires financial institutions and creditors with covered accounts (as defined in the Red Flag Rule) to develop a written program that identifies and detects the relevant warning signs, or red flags, of identity theft.
Red flags can include, for example:
It is a day that virtually every business owner fears, when you receive word from your IT department that your company’s computer system has been hacked. A million thoughts rush through your head, but they all come back to one question: what do I do right now to protect my company, my employees and my customers? The answer may seem daunting, but an answer does exist. This article attempts to provide you with a few of the basics on how to respond to a cyber-attack, focusing on the first step: Establishing your cyber-response team.
The first step to be taken upon learning of a cyber-breach is to understand what happened and what type of breach occurred. For example, is your system being held hostage by Ransomware, or did an employee mistakenly release confidential information? There are a number of common circumstances for cyber-breaches, such as: employee negligence like losing a laptop or flash drive containing personally identifiable information (“PII”) or protected health information (“PHI”); malicious insider behavior, such as the disgruntled or dishonest employee who steals company information to use for some nefarious purpose against the company; and perhaps the most wildly publicized breach as of late, hacking and cybercriminal activity.
In order to understand what happened and how best to react, the initial step is to assemble a team of cybersecurity professionals who can assist with all facets of the cyber-breach. In a perfect world, your company has already established its own cyber-breach response team, but if you have not done so, you will need to hire professionals as soon as possible after learning of the cyber-attack. This means engaging individuals who possess expertise in Information Technology and are experienced in evaluating the severity and scope of a cyber-breach. The cyber-breach needs to be quickly identified, affected systems need to be isolated, defenses to future breaches need to be put in place and steps to retrieve data need to be taken.
A successful New Jersey business recently retained a cyber expert to evaluate the effectiveness of its network’s cybersecurity. The expert upgraded the company’s systems and educated its employees on how to recognize, prevent and respond to a cyber-attack. The expert then tested the defenses and was unable, despite multiple attempts, to hack into the company’s network. Satisfied that the network was reasonably secure, he decided to try one last trick. Posing as a friendly client who had an upcoming meeting, he called a receptionist and was given a Wi-Fi password which gave him access to the company’s network and sensitive information.
The good news for the company is that the breach was not real. The bad news is that, despite spending thousands of dollars to bolster its network security, the company’s network was compromised with a simple phone call. This is social engineering at its best.
WHAT IS SOCIAL ENGINEERING?
Does your business partner owe you anything? We’re not talking about money, although that may be an ultimate outcome, we’re talking about how they treat you. Do they owe you any duty to be fair or to bring business opportunities to your company? Whether you are a shareholder in a small, closely held corporation or a member in a limited liability company, the answer to this question is yes, with some exceptions.
Every small business owner, again, whether be it a corporation or limited liability company, has a fiduciary relationship with the other business owners. What is a fiduciary relationship? A person who is a fiduciary is someone charged with a legal and/or ethical relationship of trust with one or more other persons. A fiduciary duty, in turn, is the highest standard of care that can be imposed on someone. A fiduciary is required to be loyal to the beneficiaries of that duty and there must be no conflict of interest between the fiduciary and beneficiaries. The fiduciary cannot profit personally from his position as a fiduciary.
Since each shareholder or limited liability company member owes each other a fiduciary duty the responsibility is reciprocal. Therefore, as a small business owner, you owe a fiduciary duty to your other partners whether you own 60% of the company or 5% of the company and they also owe you a reciprocal fiduciary duty.
Although it is presently illegal under the New Jersey Law Against Discrimination (the “LAD”) to pay people different wages for performing the same work under similar working conditions because of their gender, there is currently pending in both the State Senate and Assembly legislation “concerning equal pay for women and employment discrimination, requiring public contractors to report certain employment information.”
Implications for All Employers: As proposed, the new legislation will make it an illegal act of discrimination to pay any employee at a rate of pay, including benefits, which is less that the rate paid by the employer to employees of the other sex for substantially similar work, when viewed as a composite of skill, effort and responsibility. Unlike prior legislation in this area, the proposed legislation codifies five circumstances justifying a pay differential between the sexes, but the employer bears the burden to prove that any of those circumstances exist. In so doing, the bill materially changes the legal standard for establishing wage discrimination.
The proposed legislation also adopts recent New Jersey Supreme Court jurisprudence by specifying that an unlawful employment act occurs each time an individual is adversely affected by a discriminatory compensation practice and paid less because of their sex. Contrary to the federal Lilly Ledbetter Fair Pay Act and current New Jersey law, however, the new legislation does not limit the amount of back pay the aggrieved employee can receive for violations that occur within the applicable statute of limitations period. Rather, under the new bill there is no statute of limitation, and an aggrieved employee can collect back wages retroactive to the date that discriminatory compensation first occurred, so long as the violation continues into the applicable two year statute of limitation of the LAD. Moreover, the proposed legislation prohibits employers from requiring individuals to agree to a shortened statute of limitation as a condition of employment.
One of the questions often asked by divorced individuals, particularly at the time of their retirement or the retirement of their former spouse, is whether or not they are entitled to receive Social Security benefits based on their prior marriage. The Social Security Administration interprets the law with the philosophy that a divorced person may deserve a personal benefit themselves if they were a long-term spouse of a member of the country’s workforce.
Generally, there are two sets of rules which the Social Security Administration applies to determine whether or not an individual will qualify. The first applies if your former spouse is living; the second applies if they are deceased. The interpretation of these rules can sometimes be complicated and is often necessary to have an experienced family law attorney review not only the rules applied by Social Security but the settlement agreement signed at the time of the divorce.
In the first scenario, where the former spouse is still living, the preliminary criteria which need to be met are: (1) your prior marriage lasted for 10 years or more; (2) you are not currently married; and (3) you are 62 years of age or older. Just as important is whether you are entitled to receive Social Security benefits based on your own prior work history. If you are, the amount which you are entitled to receive for your efforts must be less than what you are entitled to receive based on your prior marriage. No individual is entitled to collect both benefits.
Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events