Ever since the SEC released its cyber security disclosure guidelines in October 2011, commentators (including me) have been speculating whether the agency might try to nab a company whose disclosure practices the agency might use as sort of a test case on the guidelines’ requirements. It now appears, at least based on media reports, the SEC is investigating Yahoo in what may yet become the long-anticipated test case. According to a front page January 23, 2017 Wall Street Journal article (here), the SEC has opened an investigation looking into Yahoo, Inc.’s disclosures of two massive data breaches the company reported last year.
Continue Reading Will Yahoo’s Data Breach Reporting Become the Test Case for the SEC’s Cyber Disclosure Guidelines?