Last month in Doehler N. Am., Inc. v. Davis, Case No. 22-00501, 2022 U.S. Dist. LEXIS 125903, a District of Delaware judge denied a motion for a preliminary injunction in the context of a heated dispute over a failed joint venture transaction, and an allegation of a data incident that the Plaintiff claimed caused it irreparable harm. The case is a useful reminder of the multitude of privacy and cybersecurity considerations implicated in the business-to-business context and the various procedural mechanisms available to a plaintiff claiming harm from a data incident.
First, some background: Plaintiff, a start-up, sued Defendants (consisting of a corporate entity and an individual) earlier in the year for Defendants’ alleged failure to abide by certain provisions of agreements related to a joint venture. Plaintiff and Defendants entered into an Operating and Member Agreement to manage a company involved in the freeze-dried fruit and vegetable business. Plaintiff sought to purchase the corporate Defendant’s units in the joint venture, which was rejected. In the middle of this dispute, a party to the underlying business disagreement asserted that his and other email accounts related to the joint venture were compromised in a data incident and sent an email to suppliers and customers of the joint venture asking them to email him at separate, external email accounts.
Plaintiff then sought a preliminary injunction against all Defendants, based primarily on the individual Defendant’s representation that a data incident compromised the systems of the joint venture.
Recall that Federal Rule of Civil Procedure 65 governs the issuance of a preliminary injunction, which is an “extraordinary remedy” to be granted “only in limited circumstances.” When seeking a preliminary injunction, it is well-established that the movant must show: “(1) a likelihood of success on the merits; (2) that it will suffer irreparable harm if the injunction is denied; (3) that granting preliminary relief will not result in even greater harm to the nonmoving party; and (4) that the public interest favors such relief.” Federal precedent recognizes that the “failure to establish any element . . . renders a preliminary injunction inappropriate.”
In this case, Plaintiff alleged it, as well as the joint venture, had suffered irreparable reputational harm as a result of the claimed data incident. The Court considered this argument and swiftly rejected it. At the bottom, the Court was unable to find that a single email disclosing an email compromise (the source of the purported data incident) would cause irreparable reputational harm—or any harm at all. And in any event, the Court noted, to the extent Plaintiff alleged harm from the data incident as a result of being a member of the joint venture, that was a derivative claim rather than one that could be raised by Plaintiff directly.
Doehler provides insight into how courts may treat purported data incidents and motions for injunctive relief in other contexts when a plaintiff asserts that the purported data incident affected the business or reputation of the accused. For more, stay tuned.