Large-scale corporate data breaches have unfortunately become increasingly common events, posing a variety of challenges to the companies that suffer them. A few weeks ago, a district court in Georgia dismissed one of the first shareholder derivative actions that challenged the adequacy of a corporation’s data-breach prevention strategy. While that court held that the business judgment rule shielded the company’s actions, it remains to be seen whether that position becomes the majority one.

Read the full New York Law Journal article.