ph: (312) 368-0100 | fx: (312) 368-0111
180 North LaSalle Street, Suite 3200 | Chicago, Illinois 60601

The Board Made a Wrong Decision – Can (Should) it be Held Liable?

The board of directors made the decision to acquire a company for $100 million.  The negotiations and the due diligence process were difficult, but the board finally approved the acquisition and the transaction closed.  After closing, the acquirer determined that the value of the acquired company’s assets were greatly overstated and the acquiring company took a loss on its books.  The shareholders of the acquiring company have met to determine whether to file litigation against the directors.

In Illinois, courts have ruled that the “business judgment rules acts to shield directors who have been diligent and careful in performing their duties from liability for honest errors or mistakes of judgment”.  Absent “bad faith, fraud, illegality or gross overreaching, the courts are not at liberty to interfere with the exercise of business judgment by corporate directors”.  Thus, just because a board made the “wrong” business decision, does not mean that the directors are liable to the shareholders.

While the courts are reluctant to make business judgments for companies, this does not always prevent shareholders from “second guessing” decisions of the board.  Illinois law provides that a corporation may indemnify its directors and officers from any liability if such director or officer “acted in good faith and in a manner he or she believed to be in, or not opposed to, the best interests of the corporation”.  Since the law is permissive, in order for a corporation to attract quality persons to serve as an officer or director, it may wish to agree to indemnify such person in such situations.  It is important from the corporation’s perspective to draft such an agreement, in a manner that, while protecting the “well-intended” officer or director, also protects the company.  If you have any questions about directors’ and officers’ liability to the corporation, or would like to discuss your company’s legal concerns, please feel free to contact the business lawyers at Levin Ginsburg.

For more information, please contact:

Morris R. Saunders at: (312) 368-0100 or msaunders@lgattorneys.com

Please follow and like us:

Unexpected Liability for Service Providers

With “hacking” and identify thefts becoming all too common place, each service provider must place more and more emphasis on protecting itself from legal liability caused by not only its own actions, but the actions of the company(ies) to whom it outsources. This article provides an introduction to contracting for service providers with an eye toward gaining legal platform upon which to adequately defend itself, if necessary.

In addition to government compliance, which will vary depending upon the industry, any company that collects personal information during the course of providing its services must take steps to safeguard itself from legal liability arising due to unwanted disclosures.  One way to provide a legal safety net is to consider the applicable issues in the service provider’s agreement.  The following is an abbreviated checklist.

  1. Whether personally identifiable information will be provided to service provider’s employees, and if so, what measures are taken to narrowly tailor the need to expose such information to only those employees or third parties who need to know in order to provide the service.  In considering this, a service provider may want to consider identifying types of employees or third parties that may be exposed to such information, or even listing such persons and having them sign a confidentiality agreement with respect to such information.
  2. When does a service provider have to notify a customer of a security breach?   Is there an obligation to notify customers of a potential privacy-related compliance issue?  Or, only when a security breach has occurred?  If a security breach is defined, service providers will be required to undertake all tasks from notification to remediation and payment for such remediation upon receipt of a complaint.
  3. While necessary, service providers will want to limit their contractual obligations to comply with compliance with IT management standards such as the International Organization for Standardization certification.
  4. If the service provider receives credit card information of customers, then at the very least, the following issues must be considered:
    1. Limitation of access of personal information to authorized employees or parties
    2. Securing business facilities, data centers, paper files, servicers, backup systems and computing equipment (mobile and other equip with info storage capability;
    3. Implementing network/ device application, database and platform security
    4. Securing info transmission storage and disposal
    5. Implementing authorization and access controls with media, apps, operating systems and equipment
    6. Encrypting highly sensitive personal information stored on any mobile media
    7. Encrypting highly sensitive transmitted over public or wireless networks
    8. Strictly segregating personal information from and info of service provider or its other customers so that personal information is not commingled;
    9. Implementing appropriate personnel security and integrity procedures and practices (conducting background checks, and providing appropriate privacy and info security training to service providers’ employees.

If you have any questions regarding your liability for disclosure of personal information, please contact:

Natalie Remien at:

nremien@lgattorneys.com or (312) 368-0100.

Please follow and like us: