Every year after Labor Day, I take a step back and survey the most important current trends and developments in the world of Directors’ and Officers’ liability and insurance. This year’s review is set out below. As the following discussion shows, this is a particularly eventful time in the world of D&O.
Continue Reading What to Watch Now in the World of D&O
Title Insurance Company Settles SEC Cybersecurity Disclosure-Related Charges
On June 15, 2021, the SEC announced that that it had settled charges that a title insurance company’s cybersecurity disclosure controls and procedures violated the agency’s public company reporting requirements. The title insurance company, First American Financial Corp., which neither admitted or denied the charges, agreed to a cease-and-desist order and to pay a penalty. The charges do not represent the first time the SEC has pursued actions against a company for cybersecurity-related disclosures, but they do underscore the agency’s focus on cybersecurity disclosure-related issues, a topic that may be a source of increased focus ahead.
Continue Reading Title Insurance Company Settles SEC Cybersecurity Disclosure-Related Charges
Cybersecurity Disclosure Practices and Standards
In February 2018, the SEC updated its cybersecurity disclosure guidelines for reporting companies, emphasizing the importance to investors and markets for prompt and robust disclosure relating to cyber issues. Indeed, in April, the agency brought its first enforcement action relating to cybersecurity enforcement issues. In its recent annual report, the agency’s enforcement division emphasized that cybersecurity disclosure is a priority issue. Clearly, public company’s cybersecurity-related disclosure practices are receiving a great deal of attention and scrutiny.
But what are public companies actually doing in terms of cybersecurity disclosures? A recent study by EY took a look at the actual cybersecurity disclosure practices. Their analysis shows that cybersecurity-related disclosure practices “vary widely,” suggesting there is an “opportunity for enhancement.” The October 22, 2018 report, entitled “Cybersecurity Disclosure Benchmarking,” can be found here.
Continue Reading Cybersecurity Disclosure Practices and Standards
Guest Post: Ten Questions the SEC Will Probably Be Asking Google
Earlier this week, media reports circulated that this past spring Google had exposed the private data of thousands of the Google+ social network users and then opted not to disclose the issue, in part because of concerns that doing so would draw regulatory scrutiny and cause reputational damage. In the wake of these revelations, one question is whether the SEC will look into these circumstances. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at what he regards as a likely SEC investigation and the questions that the SEC likely will be asking. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit an article. Here is John’s post.
Continue Reading Guest Post: Ten Questions the SEC Will Probably Be Asking Google