DISA Global Faces Class Action After Cyber-Attack
Last week, two separate class actions were filed in the federal district court for the Southern District of Texas against DISA Global Solutions (DISA), a third-party employment screening services provider, related to an April 2024 cyber-attack.
DISA provides drug and alcohol testing and background checks for employers. DISA reportedly faced a cyber-attack from February to April 2024, which resulted in unauthorized third-party access to over 3.3 million individuals’ personal information. According to DISA, the information may have contained individuals’ names, Social Security numbers, driver’s license numbers, and financial account information.
DISA sent notification letters to individuals around February 24, 2025. The lead plaintiffs in both actions claim that they were required to provide their personal information to DISA as part of a job application or to obtain certain employment-related benefits.
Data breach class actions can help inform entities’ risk management strategies. We will consider some key considerations from the class action complaints against DISA.
Reasonable Safeguards
One plaintiff alleges that DISA had a duty to exercise reasonable care in securing data, but that DISA breached that duty by “neglect[ing] to adequately invest in security measures.” The complaint lists numerous commonly accepted security standards, including:
Maintaining a secure firewall configuration;
Monitoring for suspicious credentials used to access servers; and
Monitoring for suspicious or irregular server requests.
The other plaintiff similarly alleges that DISA failed to adequately implement measures. This complaint also enumerates common measures, including:
Scanning all incoming and outgoing emails;
Configuring access controls; and
Applying the principle of least-privilege.
Such claims of inadequate security and privacy measures are common in data breach class action litigation. Organizations should evaluate their security standards and ensure they are aligned with current best practices.
Notification Timeframe
DISA’s notification letter to affected individuals states that the unauthorized access occurred between February and April 2024. DISA sent notification letters in February 2025. One plaintiff alleges that the “unreasonable delay in notification” heightened the foreseeability that affected individuals’ personal information has been or will be used maliciously by cybercriminals.
It can take months to investigate a cyber incident and determine the nature and extent of information involved. Still, organizations who experience such incidents should be mindful of the ways in which plaintiffs can use the notification timeframe in their litigation.
Heightened Sensitivity of Social Security Numbers
One plaintiff includes in their complaint that Social Security numbers are “invaluable commodities and a frequent target of hackers.” This plaintiff alleges that, given the type of information DISA maintains and the frequency of other “high profile” data breaches, DISA should have foreseen and been aware of the risk of a cyber-attack.
The other plaintiff states that various courts have referred to Social Security numbers as the “gold standard” for identity theft and that their involvement is “significantly more valuable than the loss of” other types of personal information.
When it comes to information, not all data elements present the same level of risk if subject to unauthorized access. Organizations should track the types of information they maintain and understand that certain information may present higher risk if exposed, potentially requiring heightened security standards to protect it. The suits against DISA highlight that organizations should implement robust measures to not only minimize risk of cyber-attacks but also to minimize litigation risk in the often-inevitable class actions that follow.
Roma Patel also contributed to this article.
Federal Circuit Broadens ITC Economic Prong
In the recent decision of Lashify, Inc. v. International Trade Commission, the United States Court of Appeals for the Federal Circuit rejected the long-standing approach concerning the interpretation of the domestic-industry requirement under Section 337 of the Tariff Act of 1930. The complainant, an American company importing eyelash extensions from international manufacturers, which alleged that certain other importers were infringing on its patents.
The central legal issue in this case revolved around the interpretation of the “economic prong” of the domestic-industry requirement under 19 U.S.C. § 1337(a)(3)(B). Specifically, the panel examined whether significant employment of labor or capital related to sales, marketing, warehousing, quality control, and distribution could satisfy the economic prong, even in the absence of domestic manufacturing.
The Federal Circuit vacated the Commission’s split decision regarding the economic prong, finding that the Commission’s interpretation was contrary to the statutory text. Notably, the Court cited the Loper Bright Supreme Court decision that allows the Court to “exercise [] ‘independent judgment’ about the correctness of [the Commission’s] interpretation.”
The Court ultimately held that significant employment of labor or capital should be considered sufficient to satisfy the economic prong, regardless of whether the labor or capital is used for sales, marketing, warehousing, quality control, or distribution. The Court emphasized that the statutory language does not impose a domestic-manufacturing requirement or limit the economic prong to technical development. Rather the panel held that so long as the human activity is related to “aspects of providing [patented] goods or services,” the cost of that investment in human capital should be accounted for. This decision has significant implications for future cases involving the domestic-industry requirement under Section 337. The Federal Circuit’s interpretation broadens the scope of what can be considered significant employment of labor or capital, potentially allowing more companies to satisfy the economic prong without engaging in domestic manufacturing. This could lead to increased access to Section 337 relief for companies that focus on sales, marketing, and distribution activities within the United States.
Warby Parker Settles Data Breach Case with OCR for $1.5M
Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that between September and November of 2018, unauthorized third parties had access to customer accounts following a credential stuffing attack. The names, mailing and email addresses, payment card information, and prescription information of 197,986 patients was compromised.
Following the OCR’s investigation, it alleged three violations of the HIPAA Security Rule, “including a failure to conduct an accurate and thorough risk analysis to identify the potential risks and vulnerabilities to ePHI in Warby Parker’s systems, a failure to implement security measures sufficient to reduce the risks and vulnerabilities to ePHI to a reasonable and appropriate level, and a failure to implement procedures to regularly review records of information system activity.” The settlement reiterates the importance of conducting an annual security risk assessment and implementing a risk management program.
Blocked DOL Overtime Rule Set for Review in the Fifth Circuit (US)
On February 28, 2025, the US Department of Labor (DOL) appealed a December 2024 Texas federal trial court’s decision that blocked a Biden-era overtime rule promulgated by the DOL. This is the DOL’s second appeal following an appeal in November by the then Biden-led DOL of another Texas district court’s ruling that similarly vacated and set aside the overtime rule nationwide. Both cases were appealed to the Fifth Circuit Court of Appeals.
The DOL’s revised overtime rule went into effect in July 2024 and expanded overtime eligibility for employees by raising the salary threshold required for an employee to qualify for an overtime exemption under the Fair Labor Standards Act (FLSA). To be exempt from overtime requirements under the FLSA (time-and-one-half the regular rate of pay for hours worked in excess of 40 hours in a work week), employees must primarily perform certain job duties, be paid on a salary, not hourly, basis, and earn at least a minimum threshold salary.
Under the DOL’s 2024 rule, the annual salary threshold initially increased from $35,568 to $43,888 on July 1, 2024, and was set to increase again on January 1, 2025 to $58,656 prior to the decision by the US District Court for the Eastern District of Texas to vacate the rule in November. The rule also provided for a mechanism to increase the threshold level every three years, beginning on July 1, 2027. In November, District Court Judge Sean D. Jordan granted summary judgment, thereby blocking the rule nationwide, stating that the DOL’s “changes to the minimum salary level in the 2024 Rule exceed its statutory jurisdiction.” By setting the minimum salary threshold so high, Judge Jordan wrote, the 2024 rule “effectively eliminates” the other considerations required under the FLSA, like job duties, “in favor of what amounts to a salary-only test.”
The decision by the Trump Administration to appeal the most recent District Court decision came as a surprise to some, as it is believed by many that the Trump Administration will look to review the 2024 overtime rule and possibly get rid of it all together. However, the decision by the Trump Administration to appeal allows the DOL to defend its longstanding practice to set a salary threshold for overtime eligibility, although it appears likely the Trump DOL would set the threshold minimum much lower—closer to the $35,500 threshold minimum set by the DOL during the first Trump Administration.
We expect and will continue to monitor changes to the overtime rule as it moves through the courts under the new Trump Administration.
Supreme Court Says EPA Has No Authority to Impose “End-Result” Requirements in Clean Water Act Permits
On Tuesday, March 4, 2025, the Supreme Court issued an opinion in City and County of San Francisco, California v. Environmental Protection Agency, U.S. No. 23-753 in which the City and County of San Francisco (San Francisco) challenged certain provisions in the Clean Water Act (CWA) National Pollution Discharge Elimination System (NPDES) permit for its Oceanside wastewater treatment plant (WWTP) that conditioned compliance on whether the receiving water body met certain water quality standards. Among other requirements and restrictions, the NPDES permit at issue prohibited the WWTP from 1) making any discharge that “contribute[s] to a violation of any applicable water quality standard,” and 2) performing any treatment or making any discharge that “create[s] pollution, contamination, or nuisance as defined by California Water Code section 13050.”
According to San Francisco, these permit requirements created significant uncertainty for the compliance status of its Oceanside WWTP by holding petitioner responsible for a condition it could not directly control—the quality of the oceanwater into which the WWTP discharges. The EPA, on the other hand, argued that it needs the authority to impose these “end-result” permit requirements when the regulated entity does not provide the agency with adequate information to craft more specific requirements that will be adequately protective of receiving water quality.
Justice Samuel Alito delivered the opinion of the Court, which held in a 5-4 opinion that the CWA provisions authorizing the EPA to impose “effluent limitations” (33 U.S.C. § 1311) in NPDES permits do not authorize such “end-result” requirements that “condition [permittees’] compliance on whether receiving waters meet applicable water quality standards.” In other words, the EPA cannot impose requirements that “simply tell[] a permittee that a particular end result must be achieved and that it is up to the permittee to figure out what it should do.” Justice Amy Coney Barrett, joined by three justices (Sotomayor, Kagan and Jackson), argued in dissent that there is nothing in the “straightforward statutory language” of the CWA that distinguishes “end-result” permit requirements from other requirements the majority found to be acceptable.
A driving concern for the majority was the potential hole that “end-result” requirements could create in CWA Section 1342(k), which deems a permittee to be in compliance with the CWA if it is in compliance with its permit. This “permit shield” provision offers certain legal assurances to permittees that would otherwise be exposed to harsh civil and even criminal penalties for violations of the CWA that are ultimately outside of their control. The Court found that “end-result” permit requirements, by “making the permittee responsible for any drop in water quality below the acceptable standard,” would potentially swallow the protections offered by Section 1342(k) and result in significant civil and criminal exposure for permittees, even when they comply with all the other terms of their permits.
A second key issue for the Court was the lack of any mechanism in the CWA for apportioning liability where multiple permittees, each with “end-result” permit requirements, discharge into the same water body. In such a case, the EPA would have to “unscramble the polluted eggs after the fact” to determine which permittee was liable. According to the Court, it was exactly this backwards-looking convoluted enforcement scheme that Congress sought to abandon when it amended the Water Pollution Control Act in 1972 to create the modern Clean Water Act.
Notably, the Court upheld “narrative” permit terms, such as requirements to implement best management practices without specifying the exact practices to implement in every given situation. In doing so, the Court rejected San Francisco’s argument that “all limitations” imposed under CWA Section 1311 must qualify as “effluent limitations” and upheld conditions that “do not directly restrict the quantities, rates, or concentration” of pollutants that a permittee may discharge.
The Court’s holding impacts NPDES permits throughout California and across the country. “End-result” permit requirements in the form of receiving water limitations are commonly found in general NPDES permits, including California’s Construction General Permit and Industrial General Permit, as well as site-specific NPDES permits. The Court’s holding also may impact pending regulatory and citizen-suit enforcement actions, at least to the extent such actions are based on “end-result” permit requirements similar to the ones rejected by the Supreme Court.
While FTC Non-Compete Appeals Linger, Ohio Poses Ban on Non-Competes, Forum Selection, and Other Restrictive Covenants
The Federal Trade Commission (FTC) implemented its 2024 rule banning non-compete agreements on April 23, 2024. The rule gained some life at first as a U.S. District Court in Pennsylvania ruled in its favor and denied a request to implement a permanent injunction. Since then, however, employers have won multiple arguments supporting the enforcement of non-compete agreements in front of the National Labor Relations Board and U.S. District Courts in Texas and Florida. The rule was vacated by a permanent injunction from the court in Texas on Aug. 20, 2024.
While the FTC rule goes through the appeals process, non-compete agreements remain a state law issue. To date, 33 states have implemented restrictions requiring the agreements to be reasonable in relation to the time, scope, and geographical area of the restriction. In January 2025, New York’s legislature reintroduced a bill that would make it the 34th state to restrict non-compete agreements.
Ohio introduced a bill in February 2025 that would make it the fifth state to ban non-compete agreements. Currently, California, Oklahoma, Minnesota, and North Dakota have outright bans on non-compete agreements. That said, Ohio’s proposed legislation would go beyond non-compete agreements for all employees, volunteers, and independent contractors.
Specifically, the Ohio law would prohibit any agreement that contains a forum selection clause requiring an Ohio employee to litigate a claim outside the state. The potential law would also prohibit an “agreement that imposes a fee or cost” on an employee “for terminating the work relationship” for various scenarios. Further, it would prohibit any agreement requiring “a worker who terminates the work relationship to reimburse the employer for an expense incurred” during the relationship for “training, orientation, evaluation, or other service intended to provide the worker with skills to perform the work or to improve performance.” Finally, the law would give courts the option to award punitive damages when an employer violates the law.
While state law determines whether agreements with restrictive covenants are enforceable, the laws are constantly changing. Based on this, employers should consider reviewing agreements with counsel to ensure they comply with various state laws.
Fast Track to a First Contract: Senator Proposes Faster Labor Contracts Act
U.S. Sen. Josh Hawley (R-Mo.) looks to speed up collective bargaining negotiations for a first contract between private employers and unions via new legislation. On March 4, Sen. Hawley introduced the Faster Labor Contracts Act. The bill proposes an amendment to Section 8(d) of the National Labor Relations Act (NLRA) that would, it says:
Amend the NLRA to require that after workers have voted to form a union, employers must begin negotiating with the new union within 10 days
Provide that if no agreement is reached within 90 days, the dispute will be referred to mediation
Stipulate that if mediation fails within 30 days, or additional periods agreed upon by the parties, the dispute will be referred to binding arbitration to secure an initial contract
Commission a Government Accountability Office report on average workplace time-to-contract one year after enactment.
Section 8(d) of the NLRA requires the employer and the union to bargain in good faith over employees’ wages, hours, and other terms and conditions of employment, and states “but such obligation does not compel either party to agree to a proposal or require the making of a concession.” The NLRA does not impose a time limit for the parties to reach an agreement. According to Bloomberg Law’s statistics, it takes the parties on average 458 days to bargain a first contract.
If passed, the Faster Labor Contracts Act will affect employers and unions alike. Most notably, the bill ignores both the union’s and the employer’s rights to object to the results of an election, test certification of a unit, and have the opportunity to litigate those issues. It is not clear how those rights – also provided by the NLRA – would stand in light of the proposed 10-day start time. By setting a negotiation timeline, the bill may also force both parties to concede to unfavorable terms, placing limits on the parties’ rights to freely contract without outside intervention.
The bill is bipartisan and cosponsored by Sens. Cory Booker (D-N.J.), Gary Peters (D-Mich.), Bernie Moreno (R-Ohio), and Jeff Merkley (D-Ore.). The bill is also backed by the International Brotherhood of Teamsters.
First Circuit Adopts But-For Causation Standard for Kickback-Premised False Claims Act Actions
On 18 February 2025, the First Circuit Court of Appeals issued its decision in United States v. Regeneron Pharmaceuticals, Inc., determining that “but-for” causation is the proper standard for False Claims Act (FCA) actions premised on kickback and referral schemes under the Anti-Kickback Statute (AKS). This issue has divided circuits in recent years, with the Third Circuit requiring merely some causal connection, and the Sixth Circuit and Eighth Circuit requiring the more defendant-friendly proof of but-for causation between an alleged kickback and a claim submitted to the government for payment.
This issue has major implications for healthcare providers, pharmaceutical manufacturers, and other entities operating in the healthcare environment. Both the government and qui tam relators have frequently brought FCA actions premised on alleged kickback schemes, and these actions pose significant potential liability. A higher but-for standard for proving causation represents a key tool for FCA defendants to defend against such actions. There is a good chance that the government petitions the US Supreme Court to review the First Circuit’s decision, and, given the growing split, there is certainly a possibility that this becomes the next issue in FCA jurisprudence that finds itself before the high court.
Background on AKS-Premised FCA Actions and the Growing Circuit Split
To establish falsity in an AKS-premised FCA action, a plaintiff has historically needed to show that the defendant (1) knowingly and willfully, (2) offered or paid remuneration, (3) to induce the purchase or ordering of products or items for which payment may be made under a federal healthcare program. In 2010, Congress added the following language to the AKS at 42 U.S.C. § 1320a-7b(g): “a claim that includes items or services resulting from a violation of [the AKS] constitutes a false or fraudulent claim for purposes of [the FCA].” (Emphasis added). Courts have generally agreed that the AKS, therefore, imposes an additional causation requirement for FCA claims premised on AKS violations. However, courts have been divided on how to define “resulting from” and the applicable standard for proving causation.
In 2018, the Third Circuit was faced with this issue and explicitly declined to adopt a but-for causation standard. Relying on the legislative history, the Third Circuit determined that a defendant must demonstrate “some connection” between a kickback and a subsequent reimbursement claim to prove causation.
Four years later, the Eighth Circuit declined to follow the Third Circuit and instead adopted a heightened but-for standard based on its interpretation of the statute. The court noted that the US Supreme Court had previously interpreted the nearly identical phrase “results from” in the Controlled Substances Act to require but-for causation. In April 2023, the Sixth Circuit joined the circuit split, siding with the Eighth Circuit and adopting a but-for causation standard.
Eyes Turn Toward the First Circuit
In mid-2023, two judges in the US District Court for the District of Massachusetts ruled on this causation issue as it related to two different co-pay arrangements, landing on opposite sides of the split. In the first decision, United States v. Teva Pharmaceuticals USA, Inc., the district court adopted the Third Circuit’s “some connection” standard. The court indicated it was following a prior First Circuit decision—Guilfoile v. Shields—though Guilfoile had only addressed the question of whether a plaintiff had adequately pled an FCA retaliation claim, as opposed to an FCA violation. In the second decision, Regeneron, the district court declined to follow Guilfoile (given Guilfoile dealt with the requirements for pleading an FCA retaliation claim); instead, the district court in Regeneron followed the Sixth Circuit and Eighth Circuit in applying a but-for standard. These dueling decisions set the stage for the First Circuit to weigh in on the circuit split.
First Circuit Adopts But-For Standard
On 18 February 2025, the First Circuit issued its opinion in Regeneron, affirming the district court’s decision and following the Sixth Circuit and Eighth Circuit in adopting a but-for standard. The court first determined that Guilfoile neither guided nor controlled the meaning of the phrase “resulting from” under the AKS. Turning to an interpretation of the statute, the First Circuit noted that “resulting from” will generally require but-for causation, but the court may deviate from that general rule if the statute provides “textual or contextual indications” for doing so. After a thorough analysis of the textual language and its legislative history, the First Circuit concluded that nothing warranted deviation from interpreting “resulting from” to require but-for causation. The court also rejected the government’s contention that requiring proof of but-for causation would be such a burden to FCA plaintiffs that the 2010 amendments to the AKS would have no practical effect.
Notably, the First Circuit made clear that its decision was limited to FCA actions premised on AKS violations under the 2010 amendments to the AKS. The court distinguished such actions from FCA actions premised on false certifications, where a plaintiff asserts that an FCA defendant has falsely represented its AKS compliance in certifications submitted to the government.
Takeaways
The growing confusion and disagreement among district and circuit courts over this issue, coupled with the issue’s import to FCA jurisprudence, creates the potential that this could be the next FCA issue decided by the US Supreme Court.
Until this split is resolved, FCA practitioners must pay close attention to the choice of venue for AKS-premised FCA actions.
But-for causation presents an important tool for FCA defendants in AKS-premised FCA actions. But-for causation may allow a defendant to argue that even if it had acted with an intent to induce referrals, no actual referrals resulted from the conduct, which would allow a defendant to avoid FCA liability altogether. Alternatively, but-for causation may allow a defendant to argue that FCA damages are lower than the total referrals made where the plaintiff is unable to prove all referrals “resulted from” the improper arrangement.
While this is a significant win for FCA defendants, its impact may be somewhat limited for FCA actions that are not premised on AKS violations. It also remains to be seen whether the government and relators will begin bringing FCA actions premised on alleged false certifications of compliance with the AKS (rather than solely relying on an alleged AKS violation itself).
The firm’s Federal, State, and Local False Claims Act practice group practitioners will continue to closely monitor developments on this issue, and we are able to assist entities operating in the healthcare environment that are dealing with AKS-premised FCA actions.
TCPA CLASS ACTION FILINGS EXPLODE: The MASSIVE Final Numbers Are In for 2024–And January, 2025 Numbers Are INSANE
These numbers are just insane.
85.3% of all TCPA filings in December, 2024 were class actions.
85.3%.
I can pretty much guarantee that is the highest percentage of cases to be filed as a class action under any statute at any point in the history of our country.
Oh wait, I lied.
In November, 2024 an INSANE 95.5% —95.5%!!!–of TCPA filings were class actions.
Welcome to TCPAWorld.
To add to the fun, a total of 2788 TCPA cases were filed last year UP 67% from 2023.
A 67% rise in TCPA suits year-over-year folks.
And considering that class actions now account for over 80% of those filings 2024 saw the highest number of TCPA class actions in history!
Insanity.
Want more fun?
The numbers for January, 2025 are also in.
172 TCPA class actions in January, 2025!
In January, 2024 there were 64.
64 to 172.
That’s a 268% rise in TCPA class actions to start 2025 over 2024!!!!!
Yes, it is only one month but considering how steep a rise 2024 saw the fact that 2025 is already SMOKING 2024 filings is real cause for concern.
So to summarize:
TCPA cases were up 67% last year;
Over 80% of filings are now class actions;
TCPA class action filings were up over 250% in January, 2025 YOY.
Wow.
And each one of these lawsuits has the ability to END a company. No wonder I have dedicated my career to keeping people safe in the TCPAWorld!
My goodness.
Credit to WebRecon for all the stats!
SB21: Delaware Responds In The DExit Battle
The annual DGCL amendments this year carry a little more urgency than before. SB21 was rushed through to the Delaware Senate in mid-February, bypassing the normal process that involves recommendation by the Council of the Corporation Law Section of the Delaware State Bar Association (the “CLC”). At the legislature’s request, the CLC is weighing in with recommended changes to SB21, and that version is the current front runner to get approved by the legislature and adopted this year, and is the version (as currently available) described below. Delaware’s hurried process can be seen as a response to a gathering movement by corporations to reincorporate in other jurisdictions, dubbed “DExit”, which threatens Delaware’s mantle as the undisputed leader in state corporate law, and a material revenue source for the State. The movement seems to have at least two underlying causes. One is cyclical. Delaware’s judge made law periodically either swings too far in the pro-plaintiff direction, or otherwise produces controversial decisions, alienating companies incorporated in Delaware. This is followed by a course correction, sometimes judicial and sometimes legislative. A second cause is jurisprudence around the level of judicial scrutiny applied to actions taken by controllers, with particularly pronounced criticism coming from companies with “rockstar” CEOs and founders.[1]
There were several decisions in 2023 that provoked backlash, including Moelis,[2] which invalidated a controller’s stockholder agreement in a decision that was sharply at odds with prevailing M&A practice, and Activision,[3] some aspects of which were unusually formalistic and ran contrary to common M&A practices. Both decisions were legislatively overturned in the 2024 DGCL amendments. Another decision, Palkon v. Maffei,[4] applied the entire fairness standard of review to a reincorporation transaction, eliciting the ire of controllers given the speculative nature of the purported controller benefit. That decision was overturned by the Delaware Supreme Court this year. But perhaps the biggest judicial catalyst for DExit is Tornetta v. Musk[5], where in 2024 the Court of Chancery invalidated Elon Musk’s performance award at Tesla, despite its having received board and minority stockholder approval. The value of the award ($56 billion at the time of litigation), the size of the fee award to plaintiff’s counsel ($345 million), and the profile of the company and its CEO, guaranteed that the judicial decisions emanating from the dispute would receive a lot of attention, particularly from other large founder-led tech companies.[6]
SB21 seeks to recalibrate through expanding DGCL Section 144, which regulates the voidability of contracts and transactions in which officers and directors are interested, to also regulate challenges to controlling stockholder contracts and transactions, and to expand applicability of the rule to fiduciary duty challenges. SB21 also seeks to recalibrate through tightening up DGCL Section 220, the rule governing inspection of books and records, which has been a vehicle for a significant increase in litigation in the last few years. In tandem with SB21, the Delaware Senate introduced Senate Concurrent Resolution 17 (“SCR17”), requesting that the CLC prepare a report with recommendations for legislative action relating to excessive awards of attorney’s fees in certain corporate litigation cases.
Amendments to DGCL Section 144
Current paragraph (a) of Section 144 protects against the voidability of contracts and transactions due to the interest of one or more officers or directors, where the contract or transaction is authorized in good faith by the board or a board committee by a majority of the disinterested directors, is approved by the stockholders (in each case with knowledge of the material facts) or is fair to the corporation. As amended, paragraph (a) would protect against equitable relief or damages awards. It thus would expand from a narrow focus on validity to serve as a broad shield against fiduciary duty challenges. Approval by the board requires a majority of disinterested directors, and if a majority of board members are not disinterested, approval of a committee of two or more members, all of whom are independent.
New paragraphs (b) and (c) would for the first time bring controlling stockholders within the ambit of Section 144. One of the criticisms of current case law is that to avoid an entire fairness standard of review and obtain the shielding effect of the business judgment standard of review, controllers must comply with the narrow strictures of In re MFW[7] and its progeny,[8] including obtaining approval of both (i) a special committee composed of disinterested and independent directors, and (ii) disinterested stockholders. Paragraph (b) significantly relaxes the procedural hurdles for controllers to obtain the liability shield outside of going private transactions. Under paragraph (b), for a controlling stockholder transaction to be protected against equitable relief or damages awards, either (i) or (ii) is required, but not both. As for paragraph (a), the special committee must have two or more members, all of whom are independent. The approval of disinterested stockholders must be by a majority of votes cast, in contrast to the majority of shares held by disinterested stockholders currently required under MFW.
For public companies, the amendments provide that a director is presumed to be disinterested with respect to a transaction to which the director isn’t a party, if the board has determined that the director satisfies the criteria for determining independence from the corporation and, if applicable, the controlling stockholder, under stock exchange rules. The presumption is “heightened and may only be rebutted by substantial and particularized facts that such director has a material interest in such act or transaction or has a material relationship with a person with a material interest in such act or transaction.” Moreover, being the nominee of someone with a material interest does not, by itself, show that a director is not disinterested. This new test addresses scope creep that occurred through a series of Delaware cases, where the test has expanded in recent years to include social ties.[9]
Under new paragraph (c), for going private transactions, approval of both a special committee and disinterested stockholders is required. But, given the liberalization of the stockholder approval requirement described above, the test is easier to meet than under existing case law. Moreover, paragraph (c) does not incorporate the “ab initio” requirement under MFW, but merely provides that the transaction “is conditioned on a vote of the disinterested stockholders at or prior to the time it is submitted to stockholders for their approval or ratification.” For public companies, a “going private transaction” is a “Rule 13e-3 transaction” as defined under the Securities Exchange Act of 1934. For non-public corporations, it is, generally stated, an M&A transaction pursuant to which all or substantially all of the shares of capital stock held by disinterested stockholders are cancelled or acquired.
Another criticism of existing case law is the expanding definition of who can be deemed to be a controlling stockholder. This is also addressed in the amendments, through introduction of a specific definition of a “controlling stockholder” as a person that, together with affiliates and associates, either (i) owns or controls a majority in voting power of outstanding voting stock of the corporation entitled to vote in the election of directors, (ii) has the contractual or other right to cause the election of nominees constituting a majority of members of the board, or (iii) has the power functionally equivalent to such a majority owner, and holds at least one-third in voting power of outstanding voting stock of the corporation. The one-third threshold is an important bright line that is likely to lead to a reduction in litigation against controllers.
The amendments also override recent case law holding that controlling stockholders owe a fiduciary duty of care to the corporation,[10] by introducing the functional equivalent of exculpation under DGCL Section 102(b)(7), but without the need to opt in. The amendments provide that controlling stockholders are not liable in that capacity to the corporation or to its stockholders for monetary damages for breach of fiduciary duty, other than for breach of the duty of loyalty, acts or missions not in good faith, or derivation of an improper personal benefit.
The amendments to Sections 144 and 220 apply to all acts and transactions (including book and records demands) before, on or after the date the Governor signs them into law, but do not apply to any judicial proceeding that is completed or pending on or before February 17, 2025. The synopsis states that this lack of retroactivity “shall not in any way affect the ability of a court, by reference to existing case law, to reach an outcome consistent with one that would be dictated by this Act.”[11]
Amendments to DGCL Section 220
Amendments to Section 220 delineate, through a “books and records” definition, the documents that stockholders can obtain, including items such as a charter and bylaws (and instruments incorporated by reference), minutes of meetings of stockholders, emails to stockholders within the last 3 years, minutes of meetings of the board and board committees and information packages for those meetings, agreements under DGCL 122(18), annual financial statements, and D&O independence questionnaires. Importantly, this does not include emails or text messages among directors, officers, or managers, access to which has allowed plaintiff’s attorneys to engage in sometimes expansive fishing expeditions. The amendments limit a court’s ability to order the production of a broader set of books and records, but they do provide that a court can require production of additional records if the corporation does not have minutes of meetings of stockholders, boards or board committees, or annual financial statements. This underscores the importance for corporations of maintaining good minutes in order to limit the scope of document productions in books and records actions.
The amendments also limit the time period for which a shareholder can inspect books and records (that is, only books and records within three years of the date of the demand) and impose conditions on a stockholder’s ability to inspect and copy the books and records themselves. A stockholder’s demand must be “made in good faith and for a proper purpose” and describe “with reasonable particularity the stockholder’s purpose and the books and records the stockholder seeks to inspect.” The books and records sought must be “specifically related to the stockholder’s purpose.” This change appears to replace the currently low standard requiring only a “credible basis,” but the CLC’s recommended changes to the amendments in SB 21 permit shareholders to request a broader set of documents in the event that the shareholder can show a “compelling need for an inspection of such records to further the stockholder’s proper purpose” and the shareholder has shown “by clear and convincing evidence that such specific records are necessary and essential to further such purpose.” Whether this change to the amendments is incorporated into the final bill remains to be seen.
The amendments permit the corporation to impose reasonable restrictions on the “confidentiality, use, or distribution” of the books and records, to redact unrelated material, and to require that the stockholder incorporate by reference the books and records into any complaint the stockholder files. This change codifies what has been Delaware courts’ current practice.
SCR 17
SCR 17 focuses on the trade-off between preventing excessive attorney’s fees in stockholder litigation, and appropriately incentivizing law firms to bring actions on a contingent fee basis that protect stockholder rights. The Resolution requests the Council of the Corporation Law Section of the Delaware State Bar Association to:
prepare, on or before March 31, 2025, a report with recommendations for legislative action that might help the Delaware Judiciary ensure that awards of attorney’s fees provide incentives for litigation appropriately protective of stockholders but not so excessive as to act as a counterproductive toll on Delaware companies and their stockholders that threatens to make the overall “benefit-to-cost” ratio of corporate litigation negative.
The Resolution specifically requests the Council to consider the utility of fee caps. Foley & Lardner LLP will continue monitoring the progress of SB 21 and SCR 17 as they progress. Both are moving quickly. The Senate Judiciary Committee has scheduled a hearing on the proposed amendments on March 12, 2025.
[1] To the extent that rockstar founders/CEOs seek the same level of autonomy controlling corporations as they could have managing limited liability companies, that is not the focus of the proposed amendments, and it is difficult seeing the Delaware legislature granting their wish. It would undermine Delaware’s goal of navigating between being a business-friendly jurisdiction and protecting the rights of stockholders, and would undermine one of its competitive advantages, which is the sophistication of its judiciary. The CLC recommendations appear to dial back some of the loosening of procedural constraints under SB21.
[2] W. Palm Beach Firefighters’ Pension Fund v. Moelis & Co., 311 A.3d 809 (Del. Ch. 2024).
[3]Sjunde AP-Fonden v. Activision Blizzard, Inc., 2024 WL 863290 (Del. Ch. 2024).
[4] Palkon v. Maffei, 311 A.3d 255 (Del. Ch. 2024), rev’d, 2025 WL 384054 (Del. 2025).
[5] See, e.g. Tornetta v. Musk, 310 A.3d 430 (Del. Ch. 2024).
[6] For example, Tesla, SpaceEx and The Trade Desk have reincorporated out of Delaware. Meta and DropBox are both reportedly considering reincorporating out of Delaware. There are also several very large tech companies that are likely to go public in the near future.
[7] In re MFW S’holders Litig., 67 A.3d 496 (Del. Ch. 2013), aff’d, 88 A.3d 635 (Del. 2014)
[8] In re Match Grp., Inc. Deriv. Litig., 315 A.3d 446 (Del. 2024) (holding that where a controlling stockholder stands on both sides of a transaction with its controlled corporation, the standard of review does not change to business judgment unless both of MFW’s procedural devices – that is, using a special committee and a majority-of-the-minority vote – are used).
[9] See, e.g. In re Dell Technologies Inc. Class V S’holders Litig., 2020 WL 3096748 (Del. Ch. 2020)
[10] See In re Sears Hometown and Outlet Stores, Inc. S’holder Litig., 309 A.3d 474 (Del. Ch. 2024).
[11] Some legal commentators have viewed this as paving the way for the Tornetta decision to be overturned on appeal.
CJEU Recognizes Cross-Border Jurisdiction of National Courts, Long-Arm Jurisdiction of UPC
The Court of Justice of the European Union (CJEU) issued a decision significantly expanding the capabilities of both the Unified Patent Court (UPC) and the national courts in EU Member States to issue cross-border injunctions and adjudicate on patent infringement acts in countries (seemingly) outside their respective jurisdiction. Case C-339/22 (CJEU, Grand Chamber Feb. 25, 2025) ECLI:EU:C:2025:108.
Background
German company BSH Hausgeräte GmbH owns a European patent that is validated in several EU Member States and non-EU countries such as Turkey. BSH sued Swedish company Electrolux AB before a Swedish court for infringement of all national parts of the European patent (including the Turkish part).
Electrolux argued that the parts of the patent validated outside Sweden were invalid and that the Swedish court accordingly lacked jurisdiction to rule on these infringement claims. Electrolux relied on Article 24(4) of Regulation (EU) 1215/2012, the Brussels I bis Regulation, which confers exclusive jurisdiction for questions of patent validity on the courts of the state where a patent is registered.
The Swedish court of first instance declared that it did not have jurisdiction to rule on infringement of any non-Swedish parts of the patent. BSH appealed, and the Swedish Court of Appeal referred key questions to the CJEU about the interplay between Articles 4(1) and 24(4) of the Brussels I bis Regulation. Article 4(1) of the Regulation grants the courts of EU Member States general jurisdiction over all infringement actions committed by a person or company domiciled in their territory (regardless of where the infringement occurred). One of the relevant questions in this case was whether, in light of Article 24(4) of the Regulation, the court hearing the patent infringement action loses jurisdiction when an invalidity defense is raised.
Long-Arm Jurisdiction and Invalidity Defense
The CJEU clarified that Article 24(4) of the Regulation must be interpreted narrowly. According to the CJEU, the “validity of patents” mentioned in Article 24(4) of the Regulation only pertains to validity challenges that would lead to the annulment of the patent with effect erga omnes. Such erga omnes validity proceedings must still be brought before the courts of the forum of registration (e.g., the German Federal Patent Court in the case of the German part of a European patent). However, the CJEU considers that Article 24(4) of the Regulation does not apply to an inter partes invalidity defense raised in patent infringement litigation. Consequently, according to Article 4(1) of the Regulation, a court of an EU Member State in which the infringement case is being heard can decide on patent infringements in another EU Member State or in a third (non-EU) country and does not lose its jurisdiction if an invalidity defense is raised. Patent proprietors can therefore obtain cross-border injunctions in national courts of EU Member States (as well as before the UPC, even in states that do not take part in the UPC), and the courts remain jurisdictionally competent even if the infringer imposes an invalidity defense.
Where a third country outside of the European Union is concerned (e.g., the United Kingdom, Switzerland, or Turkey), the EU infringement court may even have jurisdictional competence to rule on an invalidity defense with inter partes effect. This means that a defendant can obtain a decision dismissing the infringement action on the basis of its invalidity defense (but not resulting in the patent being revoked in whole or in part, as there is no erga omnes effect of such invalidity decision).
Practical Implications
This decision marks a shift from the CJEU’s previous jurisprudence, according to which a cross-border injunction was blocked if the defendant raised an invalidity defense. The decision will also have significant implications for global patent litigation strategies:
Defendants cannot simply escape the forum chosen by the patentee by raising an invalidity defense. They may still file a separate nullity action in the country in which the patent or the relevant national part of a European patent is registered, but the EU infringement court will retain jurisdiction over the question of whether the defendant infringed the patent.
Patent proprietors can sue any defendant based in the European Union for patent infringement in any country (potentially worldwide) before the national courts of domicile. The question of patent infringement would then have to be decided on the basis of the applicable foreign law. This could require multinational litigation teams and expert opinions on foreign law (on matters such as claim construction) as well as possible uncertainty as to how an EU national court might interpret and apply foreign law, such as US or Chinese law. At least in principle, the CJEU’s decision allows EU courts to rule on patent infringement cases globally.
The owner of a non-opted-out European patent can now sue any defendant domiciled in a UPC contracting state for patent infringement, even with regard to infringing acts in European Patent Convention states that are not part of the UPC system (e.g., Spain or Turkey). There is already precedent on this issue (published even before the CJEU decision) in the decision of the UPC Local Division Düsseldorf of January 28, 2025, in the case UPC_CFI_355/2023. Here, the UPC recognized its long-arm jurisdiction regarding the alleged infringement of a European patent in the United Kingdom, even though an invalidity defense was raised and even though the United Kingdom is not part of the UPC system.
While the CJEU granted extensive jurisdiction to national courts and the UPC, it accepted that the infringement court must consider a nullity action in another EU Member State, which may lead to a stay of the infringement proceedings – in particular where the national court sees a “reasonable, non-negligible possibility of that patent being declared invalid” in the pending nullity action. As a result, defendants may have to file multiple nullity actions simultaneously before national courts if a patent owner decides to bring an action for patent infringement in several countries before only one national court. This could exert significant pressure on the defendant, which would have to advance considerable corresponding legal costs.
Practice Note: The CJEU decision strengthens the UPCs power to rule on allegations of infringement occurring in non-UPC countries. However, it also allows national courts in the EU to compete with the UPC in certain cross-border cases, particularly where a defendant domiciled in one country infringes in several countries. In its ruling, the CJEU confirmed the long-arm jurisdiction of both the national courts in the EU Member States and the UPC, and confirmed that raising an invalidity defense does not remove the jurisdiction of the infringement court.
A patent proprietor now can seek a cross-border injunction from a national court in the European Union without the risk of having several parts of its asserted European patent invalidated in a single counterclaim for revocation as in the UPC, but with a greater risk of a stay of infringement proceedings. Accordingly, the UPC has become an even more attractive venue for patent owners but could face additional competition from national courts. Patent proprietors will now be able to choose between EU national courts and the UPC when bringing infringement actions concerning multiple national designations and seeking cross-border injunctions, which translates into increased forum shopping possibilities. The CJEU’s decision may also lead to parallel proceedings in multiple jurisdictions, increasing the complexity of litigation for both parties.
This is where the UPC offers less costly and faster decisions. Because the CJEU confirmed the UPC’s competence to adjudicate on infringement issues related to European patents validated in non-UPC countries (such as the United Kingdom, Spain, Switzerland, and Turkey), the UPC is the more attractive option, especially for patentees with global patent portfolios. Overall, the CJEU’s decision strengthened the role of the UPC in European patent litigation but also introduced new dynamics that may influence cross-border patent litigation strategies.
The decision strengthens the relevance of EU-based courts in global patent litigation and underscores the need for cross-border strategies. Only time will tell whether non-EU courts will also affirm long-arm jurisdictions.
Data Breach Class Action Settlement Approval Affirmed by Ninth Circuit with Attorneys’ Fee Award Reversed and Remanded
Some data breach class actions settle quickly, with one of two settlement structures: (1) a “claims made” structure, in which the total amount paid to class members who submit valid claims is not capped, and attorneys’ fees are awarded by the court and paid separately by the defendant; or (2) a “common fund” structure, in which the defendant pays a lump sum that is used to pay class member claims, administration costs and attorneys’ fees awarded by the court. A recent Ninth Circuit decision affirmed the district court’s approval of a “claims made” settlement but reversed and remanded the attorney’s fee award. The decision highlights how the approval of the settlement terms should be independent of the attorney’s fees although some courts seem to merge them.
In re California Pizza Kitchen Data Breach Litigation, – F.4th –, 2025 WL 583419 (9th Cir. Feb. 24, 2025) involved a ransomware attack that compromised data, including Social Security numbers, of the defendant’s current and former employees. After notification of the breach, five class action lawsuits were filed, four of which were consolidated and proceeded directly to mediation. A settlement was reached providing for reimbursement for expenses and lost time, actual identity theft, credit monitoring, and $100 statutory damages for a California subclass. The defendant agreed not to object to attorneys’ fees and costs for class counsel of up to $800,000. The plaintiffs estimated the total value of the settlement at $3.7 million.
The plaintiffs who had brought the fifth (non-consolidated) case objected to the settlement. The district court held an unusually extensive preliminary approval hearing, at which the mediator testified. The court preliminarily approved the settlement, deferring its decision on attorneys’ fees until the information regarding claims submitted by class members was available. At that point, the district court, after estimating the total value of the class claims at $1.16 million (the claim rate was 1.8%), awarded the full $800,000 of attorneys’ fees and costs requested, which was 36% of the total class benefit of $2.1 million (including the $1.16 million plus settlement administration costs and attorneys’ fees and costs).
On appeal, the Ninth Circuit majority concluded that the district court did not abuse its discretion in approving the settlement. Based on the mediator’s testimony, the district court reasonably concluded that the settlement was not collusive. The Ninth Circuit explained that “the settlement offers real benefits to class members,” “the class’s standing rested on questionable footing—there is no evidence that any CPK employee’s compromised data was misused,” and “courts do not have a duty to maximize settlement value for class members.”
The attorneys’ fee award, however, was reversed and remanded. The Ninth Circuit explained that the class claims were properly valued at $950,000 (due to a miscalculation by the district court), and the fee award was 45% of the settlement value, “a significant departure from our 25% benchmark.” In remanding, the Ninth Circuit noted that a “downward adjustment” would likely be warranted on remand.
Judge Collins concurred in part and dissented in part. He would have reversed the approval of the settlement, concluding that the district court failed to adequately address the objections and the low claims rate, and citing “the disparity between the size of the settlement and the attorney’s fees.”
From a defendant’s perspective, this decision demonstrates how it can be important to convey to the court that the approval of the proposed settlement should be evaluated independently of the attorney’s fees application. If the court finds the proposed fee award too high, that should not warrant disapproval of the settlement if the proposed relief for the class members is fair and reasonable. This is true of both “claims made” and “common fund” settlement structures.