The Board of Directors’ Responsibility for Cybersecurity

Kelly Friedman, Partner, DLA Piper (Canada) LLP recently spoke at a Toronto Chapter event acheiving some of the highest speaker ratings we have seen.  Kelly recently posted a blog offering further insights that CIOs should read.

In December 2015, Wyndham Worldwide Corporation entered into a significant settlement with the FTC requiring the company to put in place cybersecurity controls, which had been absent. If the Board of Directors had not put reasonable cybersecurity controls in place, why did a lawsuit against Wyndham’s directors fail? The answer lies in the “business judgment rule”. In this post, I will explain the causes of action brought against directors, why they have failed thus far in the cybersecurity context, and why I believe these lawsuits may have more teeth in the coming days.

Read the balance of the article