The company has been accused of fraud and misleading shareholders about user data.
Last week, the US Supreme Court heard arguments from Facebook, which was appealing a lower court’s decision to allow a 2018 class action suit led by Amalgamated Bank to proceed.
The class action suit accused Facebook of misleading investors, which would be a violation of the Securities Exchange Act that requires publicly traded companies to disclose risky actions to stakeholders.
At the heart of the suit is whether or not investors should have inferred that a data breach was both possible and could have previously occurred, or if Facebook failed to provide full information.
The plaintiffs accused Facebook of unlawfully withholding information regarding a 2015 data breach. The breach involved a British political consulting firm, Cambridge Analytica, and impacted 30 million Facebook users. Furthermore, in 2018, Facebook’s stock fell following reports that Cambridge Analytica had used Facebook user data in connection with Donald Trump’s successful 2016 presidential campaign.
The incident resulted in a government investigation and various lawsuits. Ultimately, Facebook settled one matter for $100 million and paid a $5 billion penalty.
The current lawsuit hopes to recoup losses related to both incidents.
The suit remains fairly contentious. When the case was filed with the 9th U.S. Circuit Court of Appeals, it was dismissed by district judge Edward Davila. Conversely, President Joe Biden’s administration is in support of the shareholder’s case.
Many of the justices discussed the importance of forward-looking disclosures. Before investors joined Meta, they were given a disclosure of business risks. The disclosure painted substantial data breaches as hypothetical, when in fact, a breach had already recently occurred.
Liberal Justice Elena Kagan said, “When we think about these questions, we’re not looking only to lies or complete false statements…We’re also looking to misleading statements or misleading omissions.”
Conservative Justice Samuel Alito posed the idea that the evaluation of risks are “always forward-looking.”
Decisions like these can impact future disclosures of data breaches, especially to stakeholders. Stakeholders will always want to balance their potential earnings with the potential risks that could impact the company.
As data breaches become more common, impacting larger and larger organizations, the consequences could be even more severe. While we know that breaches can result in class action suits and fines, it’s clear that these breaches can also impact stakeholder’s willingness to be part of companies that have risky business practices.
Related: HIPAA Compliant Email: The Definitive Guide