Publications — Page 37 of 50 — Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events

What Happens to a Business Partner’s Interests in a Company After Death?

Published on: April 19, 2017 | by David R. Pierce

Have you ever heard a story among your friends about a company where two partners got along great, but then one suffered an untimely death and then his widow or children caused the company to breakup? That is a common scenario, although one might not be able to place the blame on the surviving spouse or the children. This is one of the ultimate worst case scenarios that proper planning can help avoid.

As shareholders in a small company each shareholder may have a reasonable expectation of continuing employment and participation in management of the company. When one shareholder dies, unless an agreement among the shareholders is in place providing a right for the company or remaining shareholder to purchase the deceased shareholder’s stock, that stock will be transferred to that deceased shareholder’s heirs, whether by will or by intestacy. As a result, most often the deceased shareholder’s stock ends up in the hands of a surviving spouse or children. In some cases the heir of the deceased shareholder will be able to step into his or her shoes and be able to participate meaningfully in the operation of the business. There may be personality conflicts and other difficulties in operating the business with a new partner, but hopefully, those can be worked out.

More often, however, the deceased shareholder’s stock is inherited by someone who does not have any clue about the business and cannot be expected to participate in or contribute to the operation of the business in any realistic sense. Sometimes this leads the remaining original shareholder to think that he will not pay them a salary since they are not working in the business and he can retain the earnings to reinvest in the business since he is not required to pay dividends. This is a recipe for disaster and some really unfortunate consequences.

Cybersecurity Insurance Considerations For Small And Medium-Sized Businesses

Published on: April 13, 2017 | by Lindabury, McCormick, Estabrook & Cooper, P.C.

Cybersecurity experts have observed that hackers and cybercriminals are increasingly targeting small and medium-sized businesses and that these efforts account for 60% of all cyberattacks. One expert described these companies as the “soft underbelly” of cybersecurity. Companies of all sizes face potentially significant costs in responding to a data breach and losses including business disruption, lost revenue and loss of reputation. The average time to resolve a cyberattack has been estimated at 46 days and costs can increase if the damage is not resolved quickly.

Such expenses could be catastrophic for small or medium-sized businesses so it is important for such companies to understand the insurance implications and select the appropriate coverage to protect against losses from a cyberattack.

TRADITIONAL INSURANCE

New Jersey Courts Are Limited Only By Imagination When Resolving Business Disputes Between Partners

Published on: April 13, 2017 | by David R. Pierce

When dealing with shareholder oppression claims the court has a broad arsenal of remedies at its disposal. In fact, the remedies available to the court are limited only by its own imagination and the court’s sense of fairness.

The statute applicable to oppressed minority shareholders does provide some remedies along with its rights. N.J.S.A. 14A:12-7 (1)(c)(8) states that “Upon the motion of the corporation or any shareholder who is a party to the proceeding, the court may order the sale of . . . the corporation’s stock held by any other shareholder who is a party to the proceeding to either the corporation or the moving shareholder . . . if the court determines in its discretion that such an order would be fair and equitable to all parties under all of the circumstances of the case.”

The statute also gives the court the power, under the appropriate circumstances, to order the dissolution of the company. Although this is a favored threat of a party claiming oppression, it is quite unlikely to be ordered by the court. The court is extremely reluctant to dissolve an operating business and will go the great lengths to preserve a business, including to the extent of ordering a sale of the business to a third party. At least one court has ruled that the statute contemplates the ongoing existence of the corporation or the existence of a successor operating the business as a requirement of any remedy that might be imposed. Thus, dissolution is likely to be the remedy only if the parties agree that it should be the ultimate remedy in the case.

Minority Shareholder Oppression: The Court’s View of “Unfair” Action

Published on: April 6, 2017 | by David R. Pierce

Statutory remedies are made available to shareholders in a small, closely held corporation should harmful actions be undertaken by other shareholder or directors of the corporation. Importantly, these statutory remedies are available only to owners of a corporation with 25 or fewer shareholders.

Pursuant to N.J.S.A. 14A:12-7(1)(c), a shareholder in a closely held corporation may seek judicial remedies if the directors or other persons in control of a corporation have:

Acted fraudulently;

Cybersecurity and the Importance of Attorney-Client Privilege

Published on: March 30, 2017 | by Robert W. Anderson

Businesses have a major need to assess their own cybersecurity risks, and to openly exchange internal information within the company to effectively address and mitigate an actual breach situation. Yet a company’s internal assessments of its own weaknesses and the holes in its cybersecurity protections can, ironically, actually expose the company to even greater danger in future security breach litigation. A company’s good faith internal report of its cybersecurity weaknesses can potentially serve as almost an admission that it has found its cybersecurity protections for personal and confidential data to be inadequate.

Similarly it is of extreme importance that in the midst of dealing with a cyber breach event, that the company’s personnel freely exchange information related to the breach crisis situation quickly and without undue worries about how the disclosure of that information might look in a future litigation discovery proceeding.

The involvement of the company’s legal counsel in all important aspects of a cybersecurity risk assessment and breach response is crucial because of the protections that involvement can potentially provide the company under the doctrines of (i) attorney-client privilege, and (ii) work product protection.

Regardless of Amount of Corporate Stock Owned, You May Still Be A “Minority Shareholder”

Published on: March 30, 2017 | by David R. Pierce

New Jersey statutes provide important rights and protections to “minority” shareholders of small, closely held companies. The applicable statute provides a right to file a lawsuit for relief under the following circumstances:

In the case of a corporation having 25 or less shareholders, the directors or those in control have acted fraudulently or illegally, mismanaged the corporation, or abused their authority as officers or directors or have acted oppressively or unfairly toward one or more minority shareholders in their capacities as shareholders, directors, officers, or employees. N.J.S.A. 14A:12-7(1)(c) (emphasis added).

This is not the only justification for filing a lawsuit against fellow shareholders, but it is one that the legislature has seen fit to create.

Federal Data Privacy and Cybersecurity Laws

Published on: March 29, 2017 | by Robert W. Anderson

The United States does not currently have a single comprehensive federal law regulating data privacy and cybersecurity matters. Instead, there is a patchwork of laws which at times overlap, and in other cases may even potentially contradict one another. This patchwork, together with the growth in interstate and international data flow, heightens the risk of privacy violations and can create significant compliance challenges. Failure to meet these challenges, however, can result in government imposed civil and criminal sanctions (including fines and penalties), private lawsuits and class actions, as well as damage to a company’s reputation and customer trust.

The following is a brief summary of some of the most significant Federal legislation impacting data privacy and cybersecurity matters.

Federal Trade Commission Act (the “FTC Act”)

Customer Data, FTC Red Flags Rules and Your Business

Published on: March 29, 2017 | by Robert W. Anderson

Identity theft is an area of major concern for consumers and businesses alike. Roughly nine million individuals in the U.S. can expect to have their identity stolen each year. With just a few items of personal information (such as the name, social security number, and the date of birth of an individual) a cyber-criminal can potentially drain existing accounts or open new credit card accounts with devastating consequences for the unwitting consumer’s credit ratings and future path in life. If your business has been lax in protecting the privacy of such personal information in its possession, you may be inviting your own devastating consequences: lawsuits by individuals experiencing identity theft as a result of your lax procedures, regulatory enforcement actions, and damage to your business reputation and loss of trust by your customers.

The Red Flags Rule, issued by the Federal Trade Commission (“FTC”), requires financial institutions and creditors with covered accounts (as defined in the Red Flag Rule) to develop a written program that identifies and detects the relevant warning signs, or red flags, of identity theft.

Red flags can include, for example:

Responding to a Cybersecurity Breach – Establish Your Response Team

Published on: March 24, 2017 | by Eric B. Levine

It is a day that virtually every business owner fears, when you receive word from your IT department that your company’s computer system has been hacked. A million thoughts rush through your head, but they all come back to one question: what do I do right now to protect my company, my employees and my customers? The answer may seem daunting, but an answer does exist. This article attempts to provide you with a few of the basics on how to respond to a cyber-attack, focusing on the first step: Establishing your cyber-response team.

The first step to be taken upon learning of a cyber-breach is to understand what happened and what type of breach occurred. For example, is your system being held hostage by Ransomware, or did an employee mistakenly release confidential information? There are a number of common circumstances for cyber-breaches, such as: employee negligence like losing a laptop or flash drive containing personally identifiable information (“PII”) or protected health information (“PHI”); malicious insider behavior, such as the disgruntled or dishonest employee who steals company information to use for some nefarious purpose against the company; and perhaps the most wildly publicized breach as of late, hacking and cybercriminal activity.

In order to understand what happened and how best to react, the initial step is to assemble a team of cybersecurity professionals who can assist with all facets of the cyber-breach. In a perfect world, your company has already established its own cyber-breach response team, but if you have not done so, you will need to hire professionals as soon as possible after learning of the cyber-attack. This means engaging individuals who possess expertise in Information Technology and are experienced in evaluating the severity and scope of a cyber-breach. The cyber-breach needs to be quickly identified, affected systems need to be isolated, defenses to future breaches need to be put in place and steps to retrieve data need to be taken.

Recognizing And Avoiding Social Engineering Attacks

Published on: March 24, 2017 | by Lindabury, McCormick, Estabrook & Cooper, P.C.

A successful New Jersey business recently retained a cyber expert to evaluate the effectiveness of its network’s cybersecurity. The expert upgraded the company’s systems and educated its employees on how to recognize, prevent and respond to a cyber-attack. The expert then tested the defenses and was unable, despite multiple attempts, to hack into the company’s network. Satisfied that the network was reasonably secure, he decided to try one last trick. Posing as a friendly client who had an upcoming meeting, he called a receptionist and was given a Wi-Fi password which gave him access to the company’s network and sensitive information.

The good news for the company is that the breach was not real. The bad news is that, despite spending thousands of dollars to bolster its network security, the company’s network was compromised with a simple phone call. This is social engineering at its best.

WHAT IS SOCIAL ENGINEERING?