Tag Archives: cyber disclosure

SEC 2018 FY Enforcement Report Shows Increased Activity, Recoveries

Both the volume of SEC enforcement activity and the level of financial recoveries increased in the fiscal year that ended September 30, 2018, according to the agency’s annual enforcement activity report. The increases came after activity had been down in the prior year, the first year under the current presidential administration. However, the agency’s enforcement … Continue Reading

SEC Releases Cybersecurity Disclosure Guidance

After a bit of last-minute drama, the SEC on Wednesday issued its guidance for public company cybersecurity disclosures. The Commission’s guidance document emphasizes companies’ disclosure obligations under existing law and requirements. The statement also underscores the Commission’s concerns about insider trading prohibitions and the obligation of reporting companies to refrain from making selective disclosures about … Continue Reading

Will Yahoo’s Data Breach Reporting Become the Test Case for the SEC’s Cyber Disclosure Guidelines?

Ever since the SEC released its cyber security disclosure guidelines in October 2011, commentators (including me) have been speculating whether the agency might try to nab a company whose disclosure practices the agency might use as sort of a test case on the guidelines’ requirements.  It now appears, at least based on media reports, the … Continue Reading

Federal Agencies Joining the Data Security Enforcement Action Bandwagon

Until now, the primary federal agency regulating data security has been the Federal Trade Commission. Indeed, in August 2015, the Third Circuit in the Wyndham Worldwide case affirmed the FTC’s regulatory enforcement authority against companies failing to take appropriate action to protect consumer financial information. However, other federal regulatory agencies are now increasing asserting their … Continue Reading

Senate Bill Would Require Disclosure Concerning Corporate Boards’ Cybersecurity Expertise

It is not news that cybersecurity is a serious corporate and domestic security concern. But despite continuing revelations of high-profile data breaches, cybersecurity is an area (OK, one of the many areas) where Congress has been slow to act. While there is still as yet no comprehensive Congressional attempt to tackle cybersecurity as an issue … Continue Reading

As Part of White House Cyber Security Initiative, President Proposes Uniform Data Notification Rules

As previously discussed on this blog (refer for example here), over the years there have been a number of different responses from the federal government to the threat of cyberattacks on U.S. companies and infrastructure, but overall the government’s track record on the issue is mixed. However, according to a January 12, 2015 Wall Street … Continue Reading

Thinking About the Chinese Military Officials’ Hacking Indictment and Data Breach Disclosure Issues

Cybersecurity has been a hot button issue for quite a while, but the U.S. Department of Justice ratcheted things up last week when it announced the indictment of five Chinese military officers for hacking into U.S. companies’ computers to steal trade secrets and other sensitive business information. U.S. prosecutors clearly believe the intrusions were serious … Continue Reading

Assessing U.S. Public Company Cyber Risk Disclosure Practices

It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure … Continue Reading
LexBlog