On May 31, 2019, the Court of Chancery issued a 57-page memorandum opinion ordering Facebook Inc. to provide certain corporate books and records to various plaintiff investors, in the case of In re Facebook Inc. Section 220 Litigation, Consol. C.A. No. 2018-0661-JRS (Del. Ch. May 31, 2019), in a dispute filed under Section 220 of the Delaware General Corporation Law (“DGCL”).
Plaintiffs’ books and records demand was brought following “one of the sharpest single-day market value declines in history when [Facebook’s] stock price dropped 19%, wiping out approximately $120 billion of shareholder wealth.” Slip op. at 1. Such drop in value occurred following news reports that in 2015, the private data of 50 million Facebook users had been poached by Cambridge Analytica, a British political consulting firm. The Court noted that Facebook did not disclose this security breach to its users upon discovery or at any time thereafter, leaving users to first learn of the breach in the news.
Vice Chancellor Slights also noted that the Cambridge Analytica breach occurred at a time when Facebook was subject to a Consent Decree entered by the Federal Trade Commission (“FTC”) in 2011, “after the FTC found that Facebook’s data privacy measures were not protecting users’ private information.” Id. The Consent Decree required Facebook to implement “more robust and verifiable data security protocols.” Id. Per the memorandum opinion, at the time of the news reports of the breach, additional news reports indicated that Facebook’s business model included incentives to monetize user data without their consent.
Following the above-referenced news reports, multiple investors served Section 220 books and records demands upon Facebook. Among other things, the investors sought inspection to investigate mismanagement and wrongdoing of the Facebook board. In response, the company produced approximately 1,700 heavily redacted pages covering a portion of the requested time period. Vice Chancellor Slights consolidated the demands and held a one-day trial on March 7, 2019.
Facebook defended on the grounds that the requests lacked the requisite precision as they are not limited to documents “necessary, essential and sufficient to the stockholder’s purpose.” Id. at 37. Facebook also asserted that if plaintiffs sought to investigate a potential Caremark claim, the Demand Letter failed to provide any evidence that Facebook “utterly failed to implement a reporting system or ignored red flags”, citing Beatrice Corwin Living Irrevocable Tr. v. Pfizer, Inc., 2016 WL 4548101, at *5 (Del. Ch. Sept. 1, 2016). In addition, Facebook complained that the demands were a moving target and that plaintiffs’ counsel demanded more documents in a larger time period than originally listed in their demand letters.
While acknowledging that plaintiffs had “reshaped” their demands, Vice Chancellor Slights found that plaintiffs satisfied their low burden, noting that the “credible basis” standard in Section 220 actions “imposes the lowest burden of proof known in our law[.]” Id. at 4. Moreover, while the Court noted that a Caremark claim “’is possibly the most difficult theory upon which a plaintiff might hope to win a judgment,’ that admonition does not license this court to alter the minimum burden of proof governing a stockholder’s qualified right to inspect books and records.” Id. (citing In re Caremark Int’l Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996)).
Further, the Court found of significance the fact that the FTC Consent Order was in place at the time of the purported breach, noting that Delaware Courts “are more inclined to find Caremark oversight liability at the board level when the company operates in the midst of obligations imposed upon it by positive law yet fails to implement compliance systems, or fails to monitor existing compliance systems, such that a violation of law and resulting liability occurs.” Slip op. at 41.
Given that plaintiffs met their low burden to establish a credible basis to infer mismanagement and wrongdoing, the Court ordered inspection of certain of the demanded categories of documents, while finding that plaintiffs did not act in bad faith by expanding or contracting their demands during the Section 220 litigation, and expanding the time period of requested documents first from February 2017 to the present, to 2011 to the present.
However, the Court found that many of plaintiffs’ document demands “landed with the precision of buckshot”, and thus Vice Chancellor Slights tailored the inspection award to the purposes articulated in their demand. In addition, the Court found that documents dating back to 2011 would be too broad, while noting that claims dating back to 2011 would likely be time-barred. Accordingly, the Court limited the time period from February 2017 to the present, consistent with the time period of requested documents set forth in plaintiffs’ original demand letter made upon Facebook.