In a development in an enforcement action that is the first of its kind, the SEC has levied a $35 million penalty against Altaba, Inc. as successor in interest to Yahoo, for Yahoo’s two-year delay in reporting the massive data breach the company experienced in December 2014. Altaba, which neither admitted nor denied any wrongdoing, agreed to pay the penalty as part of the settled resolution of SEC cease-and-desist proceedings. The penalty follows the SEC’s recent release of cybersecurity disclosure guidance for reporting companies and clearly indicates that the agency is increasingly focused on companies’ cybersecurity disclosure practices. The SEC’s April 24, 2018 press release about the penalty can be found here. The SEC’s April 24, 2018 order in the cease-and-desist proceedings can be found here.
Continue Reading First-Ever SEC Data Breach Disclosure Enforcement Penalty Imposed
Guest Post: Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers
Among the many problems that have come to light in the current cryptocurrency craze have been problems relating to celebrity endorsements for initial coin offerings (ICO). In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, reviews the highest profile examples of cryptocurrency celebrity endorsements, and then proposes a list of cryptocurrency caveats, for celebrities and for everyone else as well. A version of this article originally appeared on Cybersecurity Docket. I would like to thank John for his willingness to allow me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s guest post.
Continue Reading Guest Post: Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers
Guest Post: Cybersecurity: The SEC’s Wake-Up Call to Corporate Directors
As I noted in a post at the time, on February 21, 2018, the SEC released its cybersecurity disclosure guidance for publicly traded companies. In the following guest post, David Fontaine, CEO of Kroll, Inc. and its parent, Corporate Risk Holdings, and John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, take a look at the SEC’s guidance, with a particular focus on what the agency’s statement has to say about the duties of corporate directors. A version of this article originally appeared on The Harvard Law School Forum on Corporate Governance and Financial Regulation (Here). I would like to thank David and John for their willingness to allow me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is David and John’s article.
Continue Reading Guest Post: Cybersecurity: The SEC’s Wake-Up Call to Corporate Directors
Guest Post: A Dozen C-Suite Takeaways from the 2018 SEC Cyber-Disclosure Guidance
As I noted in a post at the time, on February 20, 2018, the SEC issued its guidance for cybersecurity-related disclosures. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, has pulled together of list of 12 takeaways for corporate officials from the SEC’s guidance. I would like to thank John for his willingness to allow me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: A Dozen C-Suite Takeaways from the 2018 SEC Cyber-Disclosure Guidance
A Multitude of Cryptocurrency Developments
The astonishing bitcoin bubble may have burst over the last several days. From its intraday peak in December 2017 of $19,783, the price for bitcoin had fallen as of Saturday to $8,524, a decline of over 60%. (Price declines continued on Monday.) Bitcoin’s price has fallen before and it has generally proven to be volatile. The price may yet escalate again. But if it has always been hard to specify a reason for the phenomenal price movements of bitcoin and other cryptocurrencies, there certainly have been recent developments aplenty to undermine the price for these digital assets.
Continue Reading A Multitude of Cryptocurrency Developments
Guest Post: Which ICOs are Next to Get Caught up in the SEC’s ICO Dragnet?
One of the most interesting and arresting business stories of 2017 has been the astonishing proliferation of initial coin offerings (ICOs), as I discussed in a prior post (here). Readers who have been watching this story develop undoubtedly are aware that things have been moving very quickly recently on the regulatory front with respect to ICOs. ICOs suddenly are facing a very different regulatory environment. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look the recent regulatory developments and examines their implications. A version of this article originally appeared on Securities Docket. I would like to thank John for his willingness to allow me to publish his guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s guest post.
Continue Reading Guest Post: Which ICOs are Next to Get Caught up in the SEC’s ICO Dragnet?
Investors File Data Breach-Related Securities Suit Against PayPal
Commentators (including me) have long speculated about the possible future direction of data breach-related litigation. There have of course been a number of very high profile data breach-related consumer class action suits, but so far relatively few data breach related D&O lawsuits. Of course, more recently investors filed a securities class action lawsuit involving the high-profile data breach at Equifax. Now investors have filed another data breach securities class action lawsuit, in this case involving PayPal Holdings.
Continue Reading Investors File Data Breach-Related Securities Suit Against PayPal
Executive Liability for Data Breach Notification Delay?
The outrage that followed Uber’s revelation that hackers had accessed 57 million passenger and drive records was not about the breach itself. It was about the accompanying disclosure that the company had kept the news of the data breach secret after paying the hackers a ransom. The outrage at these disclosures was not lost on lawmakers in Washington. A measure was recently introduced in Congress that would impose new criminal penalties on anyone convicted of “intentionally and willfully” concealing a data breach, including fines and up to five years imprisonment, or both. This proposed provision is only one of several measure intended to ensure that companies quickly notify affected persons that a data breach has occurred.
Continue Reading Executive Liability for Data Breach Notification Delay?
Guest Post: What Corporate Directors Need to Know about Cybersecurity
Cybersecurity issues are currently at the top of the agenda for corporate boards. In the following guest post, David M. Furbush and David M. Lisi of the Pillsbury law firm review what corporate directors should understand about their companies’ cybersecurity risks and how boards can go about proactively participating in decisions about what to do to mitigate these risks. I would like to thank David and David for their willingness to allow me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is David and David’s guest post.
Continue Reading Guest Post: What Corporate Directors Need to Know about Cybersecurity
Cryptocurrencies and ICOs: Problems and Promise
Anyone who reads the business pages these days has to be aware that there has been a surge of interest and activity involving cryptocurrencies, and in particular involving initial coin offerings (“ICOs”). In third quarter 2017 alone, 105 ICOs raised over $1.3 billion. This level of activity has in turn attracted regulatory scrutiny and even enforcement activity. In addition, there is now a securities class action lawsuit pending in connection with an ICO earlier this year, as discussed in detail below. As problems have emerged, investors, regulators, and others understandably have become wary of ICOs. However, because of the opportunities involved, ICOs are likely to continue, and for that reason it remains important to try to understand the promise they represent.
Continue Reading Cryptocurrencies and ICOs: Problems and Promise