Data Breach Disclosure Plan

Posted on 05-11-2018 by
Tags: breach , SEC , data , Securities and Exchange Commission , Data Breach


Recent Decision And Guidance From SEC Provides Blueprint 

The SEC has been actively scrutinizing how public companies respond to data breaches. The recent decision in ALTABA and February’s interpretive guidance provide plenty of insight to help your clients avoid Yahoo’s administrative and civil fate.

SEC Enforcement

However, the Yahoo case should not be read as requiring public disclosure of every large data breach. Rather, as the SEC said in the Yahoo order and has said in past public statements, companies that have robust procedures to assess the materiality of breaches, and that in good faith make a determination about the need for disclosure, should not face an SEC enforcement action. Thus, companies should ensure that they have controls and procedures in place — including the right in-house and external legal advisers — to assess the materiality of cybersecurity incidents and whether disclosure is required by the securities laws.  Data Breach Disclosure Lessons From Yahoo’s $35M Settlement, Law360, May 9, 2018

Read ALTABA, the SEC’s recent guidance and a form for Cybersecurity Risk Factors below:

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close