November 2015

Liability in Driverless Car Accidents

Daniel Mensching, MJLST Staffer

Driverless cars made national headlines last week when a police officer in California pulled over a car for driving too slowly only to find that there was no driver to be ticketed. While this car was pulled over only for being too slow and no laws were actually broken, this incident is an example of the legal problems that will arise as driverless cars become a reality.

Driverless cars are currently being developed by several large automobile manufacturers, and Google is also producing a model which they plan on making available to the public in 2020. Advocates of driverless cars emphasize not only the convenience of not needing to drive, but also pointing out that they are much safer than human drivers. Robots will not experience road rage, they will not get drunk, and they will not text. That being said, accidents will inevitably occur and the legal system will need to determine liability and provide recourse to those who are injured.

Some commentators have noted that the problem of determining liability has the potential to kill automated vehicles despite the fact that these vehicles are safer than human drivers.

Some states have already passed statutes in anticipation of the rise of driverless cars, but these laws only make driverless cars legal for research purposes, and there are still many questions to be answered. The most likely legal policy that will emerge will be that manufacturers of driverless cars will be the sole target in lawsuits arising from accidents involving driverless cars. In fact, Volvo has already released a statement where the Swedish automobile manufacturer claimed that it would take full responsibility for any accident involving a driverless Volvo.

The legal system will most likely provide recourse to those injured in accidents by finding manufacturers liable in product liability cases. Plaintiffs can use several legal theories to win these cases, including design defect, manufacturing defect, or failure to warn. The legal system should avoid creating a strict liability standard for driverless car accidents, as this would have the effect of chilling research and development of this technology, which will have the overall effect of saving scores of lives and making society more efficient.


Digital Millennium Copyright Act Exemptions Announced

Zach Berger, MJLST Staffer

The Digital Millennium Copyright Act (DMCA) first enacted in 1998, prevents owners of digital devices from making use of these devices in any way that the copyright holder does not explicitly permit. Codified in part in 17 U.S.C. § 1201, the DMCA makes it illegal to circumvent digital security measures that prevent unauthorized access to copyrighted works such has movies, video games, and computer programs. This law prevents users from breaking what is known as access controls, even if the purpose would fall under lawful fair use. According to the Electronic Frontier Foundation’s (a nonprofit digital rights organization) staff attorney Kit Walsh, “This ‘access control’ rule is supposed to protect against unlawful copying. But as we’ve seen in the recent Volkswagen scandal . . . it can be used instead to hide wrongdoing hidden in computer code.” Essentially, everything not explicitly permitted is forbidden.

However, these restrictions are not iron clad. Every three years, users are allowed to request exemptions to this law for lawful fair uses from the Library of Congress (LOC), but these exemptions are not easy to receive. In order to receive an exemption, activists must not only propose new exemptions, but also plead for ones already granted to be continued. The system is flawed, as users often need to have a way to circumvent their devices to make full use of the products. However, the LOC has recently released its new list of exemptions, and this expanded list represents a small victory for digital rights activists.

The exemptions granted will go into effect in 2016, and cover 22 types of uses affecting movies, e-books, smart phones, tablets, video games and even cars. Some of the highlights of the exemptions are as follows:

  • Movies where circumvention is used in order to make use of short portions of the motion pictures:
    • For educational uses by University and grade school instructors and students.
    • For e-books offering film analysis
    • For uses in noncommercial videos
  • Smart devices
    • Can “jailbreak” these devices to allow them to interoperate with or remove software applications, allows phones to be unlocked from their carrier
    • Such devices include, smart phones, televisions, and tablets or other mobile computing devices
      • In 2012, jailbreaking smartphones was allowed, but not tablets. This distinction has been removed.
    • Video Games
      • Fan operated online servers are now allowed to support video games once the publishers shut down official servers.
        • However, this only applies to games that would be made nearly unplayable without the servers.
      • Museums, libraries, and archives can go a step further by jailbreaking games as needed to get them functioning properly again.
    • Computer programs that operate things primarily designed for use by individual consumers, for purposes of diagnosis, repair, and modification
      • This includes voting machines, automobiles, and implantation medical devices.
    • Computer programs that control automobiles, for purposes of diagnosis, repair, and modification of the vehicle

These new exemptions are a small, but significant victory for consumers under the DMCA. The ability to analyze your automotive software is especially relevant in the wake of the aforementioned Volkswagen emissions scandal. However, the exemptions are subject to some important caveats. For example, only video games that are almost completely unplayable can have user made servers. This means that games where only an online multiplayer feature is lost, such servers are not allowed. A better long-term solution is clearly needed, as this burdensome process is flawed and has led to what the EFF has called “unintended consequences.” Regardless, as long as we still have this draconian law, exemptions will be welcomed. To read the final rule, register’s recommendation, and introduction (which provides a general overview) click here.


“DRONE WARS”: THE BATTLE FOR MIDWESTERN SKIES

Travis Waller, MJLST Staffer

Given the new Star Wars: The Force Awakens film upcoming this December, introducing a discussion on recent policies involving drone regulation seemed like a worthwhile addition to this week’s blog.

While the robotic “drones” of our day and age are certainly not cut from the same titanium alloy as George Lucas’ quasi-humanoid “droid” characters in many of his films, North Dakota may well be on it’s way to starting it’s own “robotic army” of sorts.

A friend and colleague from the University of Connecticut School of Law brought to my attention an article by Ben Woods, discussing the 2015 ND House Bill proposing the arming of drones with “non-lethal weaponry” for police functions. With the shocking amount of police deaths reported in this country last year, North Dakota may well be leading the way in finding an innovative alternative to placing human officers in potentially dangerous confrontations. However, this benefit does not come without a cost. As presented in a segment by Ashley Maas of the NY Times, drone regulation is still up in the air (excuse the pun). Only within the last year has the FAA determined that they are able to take action against civilian violators of drone regulations.

Moreover, with recent reports involving the hacking of automated vehicles, as well as Maas’ examples of civilians using drone technology for less than constructive purposes, placing dangerous technology on these machines may well develop into a major public policy concern.

While it is this author’s humble opinion that a fair amount of time exists before we, as a people, need be concerned with an Invasion of Naboo type situation, this may be exactly the type of situation where more time is needed to allow for the security measures around the technology, as well as the legal infrastructure surrounding drone regulation, to catch up to the state legislatures hopes for drone usage. As the matter stands now, allowing drones to be used in a police capacity risks a host of possible problems, including potential 4th amendment violations, and even increasing an already shockingly high risk of civilian causalities related to police activity.

With the law having already gone into effect on August 1st of this year, we will just have to wait and see how these issues play out.

Until next time,

-Travis

*Special Thanks to Monica Laskos, University of Connecticut School of Law ’17, for the idea to pursue this topic.


Supreme Court to Hear Willful Infringement Cases: Will the Justices Clear the Way for Enhanced Damages for Patentees?

Na An, MJLST Staffer

The U.S. Supreme Court granted certiorari to hear two patent cases challenging the current Federal Circuit standard for proving willful infringement on October 19, 2015. The finding of willfulness allows judges to award triple damages, providing more leverage for patentees in licensing and settlement negotiations. The patent litigation world watches with great anticipation as the Court’s Octane Fitness decision rejected a similar rule for awarding attorney’s fees in patent cases last year.

The Federal Circuit established the current willfulness test in its landmark Seagate decision in 2007, which required the patentee to prove that there was an objectively high likelihood that the infringer’s actions constituted infringement and that the likelihood was either known or so obvious that it should have been known to the accused infringer. The Seagate two-prong test overruled decades of precedents that had imposed an affirmative duty on accused infringers to obtain opinion of counsel and posed a substantially heightened burden for a patentee seeking to establish willfulness. Later on, the Federal Circuit recognized the complexity of post-Seagate inquiry and held in Bard Peripheral Vascular that the threshold objective prong of the test is a question of law, reallocating the roles of the judge and jury in determining willfulness of the infringement. Consequently, as opposed to the traditional consideration of willfulness as a question of fact, a district court must now determine whether a reasonable person would have found there to be a high likelihood of infringement (first prong), while the jury determines the patent infringer’s subjective intent (second prong).

Upon a finding of willfulness, the court has discretion to increase the damages up to three times the amount found or assessed, as authorized in 35 U.S.C. § 284. This statutory provision is very similar to § 285, which grants the court power to award reasonable attorney fees in exceptional cases. Before the Supreme Court’s Octane Fitness decision last year, the Federal Circuit restricted its application of § 285 to cases, in which the losing party’s position was “objectively baseless” and brought in “subjective bad faith.” Octane Fitness rejected such a rigid rule and held that judges can decide to award fees when a case “stands out from others.” Seagate’s two-prong test bears a striking resemblance to pre-Octane fee inquiry, sparking much anticipation among practitioners and scholars that the high court would similarly strike down the restrictive willfulness test. The Court found its opportunity in Halo and Stryker.

Halo involves infringement of three US patents, which disclose “surface mount electronic packages containing transformers for mounting on a printed circuit board inside electronic devices.” The Federal Circuit affirmed the district court’s denial of increased damages because the patentee failed to satisfy the objective prong of the Seagate test. Similar issues arose in Stryker. The patents in Stryker were directed to devices that deliver pressurized irrigation for different medical therapies, and the Federal Circuit again denied increased damages due to district court’s failure to undertake an objective assessment of the infringer’s defense. Interestingly, Judge Kathleen O’Malley, concurring in Halo, called for a complete reevaluation of the two-prong test for finding willful infringement, and she reasoned that increased damages and attorney fees should be grouped, given their analogous frameworks and statutory provisions. Therefore, in light of the Octane Fitness decision, the Seagate two-prong test merits reconsideration.

The Federal Circuit voted 8-2 in March not to reconsider the willfulness standard en banc in Halo; nevertheless, the Court granted certiorari without a sharp divide in the lower court. It signals that the Court is unlikely to retain the Seagate standard. But the question remains how much more flexible the new test will be. Will the Court use the same “stands out from others” language in Octane Fitness? Are the justices taking the second prong of the Seagate test away from juries? Or are we going back to the pre-Seagate rule that a mere notice of patent infringement triggers an affirmative duty on the defendant to obtain opinion of counsel? Additionally, the statutory language in § 284 says nothing about willfulness. Will the court give judges even broader discretion to award increased damages in absence of willfulness? If so, is there a danger of more forum shopping? We eagerly await the high court’s decision.


Let’s Talk: The Cold & Flu Season & Personalized Medicine

Allison Kvien, MJLST Managing Editor

As we approach cold and flu season, it is time we all start thinking about properly taking care of ourselves. Many individual factors have been linked to your heath. A Newsweek article reported that people who get less than 5 hours of sleep a night are 4.5 times as likely to become ill. According to The L.A. Times, an elevated heart rate could mean that a cold is on the way. Finally, an article from Harvard found a link between your popularity and how early in the season you become ill (yes, really—and I guess this explains why I haven’t gotten the flu since I was a kid). While this is all helpful information, it represents only a few factors that contribute to a person’s overall health. Over the years, the practice of medicine has become more accepting of the concept that “one size does not fit all” and that patients may need more personalized medicine.

One interesting development in personalized medicine was ten years ago, in 2005, when FDA approved the first race-specific drug, BiDil. As Dorothy E. Roberts explained in her MJLST article, BiDil, is “a combination drug that relaxes the blood vessels, [and] was authorized to treat heart failure in self-identified black patients.” Many scholars and citizens alike have found the approval of BiDil controversial, for a variety of reasons, legal, political, ethical, and otherwise. It may be, however, simply one more step on the path to personalization of medicine for patients. As Roberts reported, “BiDil increased survival by an astonishing 43 percent. Hospitalizations were reduced by 39 percent.” Roberts’s opinion, however, was that BiDil should have been approved for all heart failure patients, regardless of race because there was no underlying genetic difference in African Americans that the drug relied on for its positive results. The economic results of the BiDil drug may prevent others from going developing race-specific drugs for a while, though; BiDil has been described as a “flop.”

Cold season medicine is normally pretty generic. Think: Airborne, Sudafed, Advil, and cough drops, my favorite of which are the less-than-pleasant tasting Fisherman’s Friends that completely numb your throat—seriously, try them. I think the concept of personalized cold and flu medicine is particularly interesting because our current cold season medicine is normally over-the-counter and generalized. Can you imagine a future where you pick up a cold medicine tailored specifically to your genetic background? Well, it may already be happening. Just two years ago, FDA approved personalized flu vaccines for three groups: the elderly, children, and those with allergies. These personalized vaccines may allow some groups of our population to receive them when they wouldn’t otherwise be able to, or to at least receive them more safely. Specifically for flu vaccines, anyway, this step in personalization may not also reflect increased overall effectiveness in preventing illness. But let’s not give you an excuse to not get your flu vaccine. Go get that flu shot that was made just for you!


Let’s Talk: The Cold & Flu Season & Personalized Medicine

Allison Kvien, MJLST Managing Editor

As we approach cold and flu season, it is time we all start thinking about properly taking care of ourselves. Many individual factors have been linked to your heath. A Newsweek article reported that people who get less than 5 hours of sleep a night are 4.5 times as likely to become ill. According to The L.A. Times, an elevated heart rate could mean that a cold is on the way. Finally, an article from Harvard found a link between your popularity and how early in the season you become ill (yes, really—and I guess this explains why I haven’t gotten the flu since I was a kid). While this is all helpful information, it represents only a few factors that contribute to a person’s overall health. Over the years, the practice of medicine has become more accepting of the concept that “one size does not fit all” and that patients may need more personalized medicine.

One interesting development in personalized medicine was ten years ago, in 2005, when FDA approved the first race-specific drug, BiDil. As Dorothy E. Roberts explained in her MJLST article, BiDil, is “a combination drug that relaxes the blood vessels, [and] was authorized to treat heart failure in self-identified black patients.” Many scholars and citizens alike have found the approval of BiDil controversial, for a variety of reasons, legal, political, ethical, and otherwise. It may be, however, simply one more step on the path to personalization of medicine for patients. As Roberts reported, “BiDil increased survival by an astonishing 43 percent. Hospitalizations were reduced by 39 percent.” Roberts’s opinion, however, was that BiDil should have been approved for all heart failure patients, regardless of race because there was no underlying genetic difference in African Americans that the drug relied on for its positive results. The economic results of the BiDil drug may prevent others from going developing race-specific drugs for a while, though; BiDil has been described as a “flop.”

Cold season medicine is normally pretty generic. Think: Airborne, Sudafed, Advil, and cough drops, my favorite of which are the less-than-pleasant tasting Fisherman’s Friends that completely numb your throat—seriously, try them. I think the concept of personalized cold and flu medicine is particularly interesting because our current cold season medicine is normally over-the-counter and generalized. Can you imagine a future where you pick up a cold medicine tailored specifically to your genetic background? Well, it may already be happening. Just two years ago, FDA approved personalized flu vaccines for three groups: the elderly, children, and those with allergies. These personalized vaccines may allow some groups of our population to receive them when they wouldn’t otherwise be able to, or to at least receive them more safely. Specifically for flu vaccines, anyway, this step in personalization may not also reflect increased overall effectiveness in preventing illness. But let’s not give you an excuse to not get your flu vaccine. Go get that flu shot that was made just for you!


The Legal Persona of Electronic Entities – Are Electronic Entities Independent Entities?

Natalie Gao, MJLST Staffer

The advent of the electronic age brought about digital changes and easier accessibility to more information but with this electronic age came certain electronic problems. One such problem is whether or not electronic entities like, (1) usernames online, (2) software agents, (3) avatars, (4) robots, and (5) artificial intelligence, are independent entities under law. A username for a website like eBay or for a forum, for all intents and purposes may well be just a pseudonym for the person behind the computer. But at what point does the electronic entity become an independent entity, and at what point does the electronic entity start have the rights and responsibilities of a legally independent entity?

In 2007, Plaintiff Marc Bragg brought suit against Defendants Linden Research Inc. (Linden), owner of the massive multiplayer online role playing game (MMORPG) Second Life, and its Chief Executive Officer. Second Life is a game with a telling title and it essentially allows its players to have a second life. It has a market for goods, extensive communications functions, and even a red-light district, and real universities have been given digital campuses in the game, where they have held lectures. Players of Second Life purchase items and land in-game with real money.

Plaintiff Bragg’s digital land was frozen in-game by moderators due to “suspicious” activity(s) and Plaintiff brought suit claiming he had property rights to the digital land. Bragg v. Linden Research, Inc., like its descendants including Evans v. Linden Research, Inc. (2011), have been settled out of court and therefore do not offer the legal precedents it could potentially have had regarding its unique fact pattern(s). And Second Life is also a very unique game because pre-2007, Linden had been promoting Second Life by announcing they recognize virtual property rights and that whatever users owned in-game would be belong to the user instead of to Linden. But can the users really own digital land? Would it be the users themselves owning the ditigal land or the avatars they make on the website, the ones living this “second life”, be the true owners? And at what point can avatars or any electronic entity even have rights and responsibilities?

An independent entity is not the same as a legal independent entity because an latter, beyond just existing independently, has rights and responsibilities pursuant to law. MMORPGs may use avatars to allow users to play games and avatars may be one step more independent than a username, but is that avatar an independent entity that can, for example, legally conduct commercial transactions? Or rather, is the avatar conducting a “transaction” in a leisure context? In Bragg v. Linden Research, Inc., the court touches on the issue of transactions but it rules only on civil procedure and contract law. And what about avatars existing now in some games that can play itself? Is “automatic” enough to make something an “independent entity”?

The concept of an independent electronic entity is discussed in length in Bridging the Accountability Gap: Rights for New Entities in the Information Society. Authors Koops, Hildebrandt, and Jaquet-Chiffelle compares the legal personhood of electronic artificial entities with animals, ships, trust funds, and organizations, arguing that giving legal personhood to basically all (or just “all”) currently existing electronic entities bring up problems such as needing representation with agency, lacking the “intent” required for certain crimes and/or areas of law, and likely needing to base some of their legal appeals in area of human/civil rights. The entities may be “actants” (in that they are capable of acting) but they are not always autonomous. A robot will need mens rea to assess responsibility, and none of the five listed entities do not have consciousness (which animals do have), let alone self-consciousness. The authors argue that none of the artificial entities fit the prima facies definition of a legal person and instead they moved to evaluate the entities on a continuum from automatic (acting) to autonomic (acting on its own), as well as the entity’s ability to contract and bear legal responsibility. And they come up with three possible solutions, one “Short Term”, one “Middle Term”, and one “Long Term”. The Short Term method, which seems to be the most legally feasible under today’s law, purposes creating a corporation (a legally independent entity) to create the electronic entity. This concept is reminiscent of theorist Gunther Teubner’s idea of a using a hybrid entity, one that combines an electronic agent(s) with a company with limited liability, instead of an individual entity to give something rights and responsibilities.

Inevitably, even though under the actual claims brought to the court, Bragg v. Linden Research, Inc. mostly seems more like an open-source licensing issue than an issue of electronic independent entity, Koops, Hildebrandt, and Jaquet-Chiffelle still tries to answer some questions that may be very salient one day. Programs can be probabilistic algorithms but no matter how unpredictable the program may be, their unpredictability is fixed in the algorithm. An artificial intelligence (AI), a program that grows and learns and create unpredictability on its own, may be a thing of science fiction and The Avengers, may one day be reality. And an AI does not have to be the AI of IRobot; it does not have to have a personality. At what point will we have to treat electronic entities as legally autonomic and hold it responsible for the things it has done? Will the future genius-programmer, who creates an AI to watch over the trusts in his/her care, be held accountable when that AI starts illegally funneling money out to the AmeriCorp bank account the AI was created to watch over, into the personal saving accounts of lamer non-MJLST law journals in the University of Minnesota? Koops, Hildebrandt, and Jaquet-Chiffelle argues yes, but it largely depends on the AI itself and the area of law.


EPA Revises Agricultural Worker Protection Standard, to the Disappointment of Agriculture Industry Groups

Jody Ferris, MJLST Staffer

An important development on the regulatory front has some agriculture industry groups shaking their heads. The U.S. Environmental Protection Agency has released finalized revisions to the 1992 Agricultural Worker Protection Standard on Sept. 28, 2015 (40 CFR 170). These regulations apply to millions of agricultural workers in fields, forests, orchards, and greenhouses across the country. The regulations are meant to enforce the observation of good safety practices in the use of pesticides by agricultural workers.

The changes to the current requirements include:

-a new minimum age requirement that prohibits children under the age of 18 from handling pesticides.

-mandatory posting of no-entry signs on fields that have been recently treated with highly dangerous pesticides.

-whistleblower protections to protect employees who alert authorities to illegal practices.

-increased frequency of employer provided safety training (now required annually, up from the previous requirement of every five years).

-recordkeeping requirements (records of training must be kept for two years, previous requirements did not require any record keeping).

-increased requirements for use of safety equipment, including fit testing and employee training on use of safety equipment. Recordkeeping of completion of safety equipment training and fit testing is also required. The previous requirements did not require any training, formal fit testing, or record keeping.

Agricultural industry groups are unhappy with many of the revisions to the regulations. A coalition including the National Association of Wheat Growers, the National Council of Farmer Cooperatives, the American Farm Bureau Federation, and the American Seed Trade Association submitted a 14-page comment letter during the public comment period and claim that their comments were not taken under proper consideration in the final revision of the rule. The coalition argued that since the original regulations were introduced in 1992, there have been significant improvements in worker safety and that acute poisoning events have been greatly reduced, thereby eliminating the need for more stringent regulations. In addition, they argue that the EPA has severely underestimated the financial costs that the new requirements place on agricultural producers. Criticism from the Agricultural Retailers Association includes the concern that the new rules will put employers at risk for increased liability without significantly increasing worker safety.

It is currently unclear whether any regulated parties will seek to challenge the revised regulations in court. It also remains unclear precisely how great a burden the new requirements will place on agricultural producers or how much they will improve the safety of workers until they are followed in practice for some time. It remains to be hoped that the new requirements will indeed significantly improve the safety of agricultural workers on the job and justify any increased burden on employers.


The “Patent Dance” for Now: Rehearing Denied in Amgen v. Sandoz

Jeff Simon, MJLST Staffer

On July 21, 2015, the Federal Circuit’s decision in Amgen v. Sandoz established that a biosimilar applicant does not have to follow the patent dispute resolution procedures set forth by the Biologics Price Competition and Innovation Act. The BPCIA’s “patent dance,” located at 42 U.S.C. § 262(l)(2)(a), sets forth procedures requiring biosimilar applicants to disclose the biosimilar application and information describing the methods and procedures of its production to the sponsor of the reference biologic drug. The Federal Circuit’s fractured decision denied the compulsory nature of the “patent dance,” while still holding that biosimilar applicants are required to provide the biologic drug sponsor 180 days advanced notice of the first commercial marketing of its biosimilar product in accordance § 262(l)(2)(a).

Considering that the decision of the court was split by favoring the biosimilar applicants regarding the issue of the “patent dance” while favoring the biologic sponsor when it came to market disclosure, the decision was far from a satisfying result for either party as neither party came out as the clear victor. As such, both Amgen and Sandoz filed petitions for an en banc rehearing on August 20, 2015. Amgen’s petition for review once again contended that the language of § 262(I)(2)(a) as stated by congress, specifically the use of the word “shall,” indicates that the “patent dance’s” procedures are mandatory. Sandoz contended among other things that the 180-day provision necessarily increases the exclusivity period from 12 years to 12 and a half years and further that the court incorrectly asserted that notice was mandatory and enforceable. Both parties submitted amicus curiae briefs in agreement that, as a matter of first impression, it was appropriate for an en banc rehearing.

However, despite a fractured panel deciding a matter of first impression, Federal Circuit denied a rehearing in decision on October 16, 2015. The decision came as surprise to many of those associated with the biologic drug industry, especially considering the novelty and discord upon the issues. Considering the fact that both parties sought a rehearing, the court may have decided that the issue was undeserving of the court’s continued interest and resources. Both parties may file petitions for certiorari.

In regards to the future implications of the decision, it’s important to note that many of the high revenue pioneer biologic drugs are set to have their US patents expire within the next few years. This expected “patent cliff’ is certain to drive momentum within the biosimilar market. This wave of biosimilar applications is sure to have large implications upon the BPCIA, and particularly whether the “patent dance” is optional. All considered, the issues presented in Amgen may be approaching a level of importance that draws the attention of SCOTUS. It’s possible that a grant of certiorari may be in order to settle the debate on the BPCIA’s “patent dance” and market disclosure requirements, particularly considering the economic ramification of the anticipated biologics’ patent cliff.


Data Breach and Business Judgment

Quang Trang, MJLST Staffer

Data breaches are a threat to major corporations. Corporations such as Target Co. and Wyndham Worldwide Co. have been victim of mass data breaches. The damage caused by such breaches have led to derivative lawsuits being filed by shareholders to hold board of directors responsible.

In Palkon v. Holmes, 2014 WL 5341880 (D. N.J. 2014), Wyndham Worldwide Co. shareholder Dennis Palkon filed a lawsuit against the company’s board of directors. The judge granted the board’s motion to dismiss partially because of the Business Judgment Rule. The business judgement rule governs when boards refuse shareholder demands. The principle of the business judgment rule is that “courts presume that the board refused the demand on an informed basis, in good faith and in honest belief that the action taken was in the best interest of the company.” Id. The shareholder who brings the derivative suit has the burden to rebut the presumption that the board acted in good faith or that the board did not base its decision on reasonable investigation.

Cyber security is a developing area. People are still unsure how prevalent the problem is and how damaging it is. It is difficult to determine what a board needs to do with such ambiguous information. In a time when there is no set corporate cyber security standards, it is difficult for a shareholder to show bad faith or lack of reasonable investigation. Until clear standards and procedures for cyber security are widely adopted, derivative suits over data breaches will likely be dismissed such as in Palkon.