Subscribe to LexTalk to stay on top of today’s legal issue and trends.
Catapult Your Career |
Industry Insights & Trends |
Product Training & Tips
Recent Decision And Guidance From SEC Provides Blueprint
The SEC has been actively scrutinizing how public companies respond to data breaches. The recent decision in ALTABA and February’s interpretive guidance provide plenty of insight to help your clients avoid Yahoo’s administrative and civil fate.
However, the Yahoo case should not be read as requiring public disclosure of every large data breach. Rather, as the SEC said in the Yahoo order and has said in past public statements, companies that have robust procedures to assess the materiality of breaches, and that in good faith make a determination about the need for disclosure, should not face an SEC enforcement action. Thus, companies should ensure that they have controls and procedures in place — including the right in-house and external legal advisers — to assess the materiality of cybersecurity incidents and whether disclosure is required by the securities laws. Data Breach Disclosure Lessons From Yahoo’s $35M Settlement, Law360, May 9, 2018
Read ALTABA, the SEC’s recent guidance and a form for Cybersecurity Risk Factors below: