SEC Takes Aim at Cybersecurity Disclosures
In February of this year, the Securities Exchange Commission issued its updated Statement and Guidance on Public Company Cybersecurity Disclosures. In April, the SEC issued an Order that, among other things, levied a $35 million fine against Yahoo! Inc. for failing to properly report a 2014 data breach. These actions support the view that the SEC is consciously committing attention and resources to cybersecurity issues affecting public companies.
Here are some key takeaways from both the Guidance and from the Yahoo! Order:
Obviously, the SEC has its eye on the cybersecurity ball, and coordination among the Board, CEO, CFO, COO, and CIO/CTO/CISO/DPO is more important than ever in ensuring compliance with myriad disclosure requirements. Even for companies outside of industries directly subject to data security/privacy laws, regulations, and standards—e.g., healthcare (HIPAA), financial services (GLBA), retailers (PCI DSS and FTC Section 5)—efforts must be made to ensure that appropriate disclosure controls and procedures are adopted and implemented to avoid regulatory scrutiny and penalties.
- What the Dickens is Up With Audit Firms?
- ADGM Grows Up: Issues First Fines
- BVI Companies - Economic Substance Law
- The Bahamas: Economic Substance Legislation
WSG Member: Please login to add your comment.