For the 2025 proxy and annual reporting season, there are a number of key issues to consider and keep an eye on for further developments as preparations commence. This alert provides an overview of these issues and updates in...more
The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more
1/7/2025
/ Chief Information Security Officer (CISO) ,
Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
Form 10-K ,
Form 8-K ,
Materiality ,
NIST ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC)
The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more
For the upcoming 2024 proxy and annual reporting season, there are a number of key issues to consider and keep an eye on for further developments as preparations commence. This alert provides an overview of these issues and...more
12/6/2023
/ Annual Reports ,
Climate Change ,
Corporate Governance ,
Cybersecurity ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
Proxy Season ,
Proxy Statements ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Securities Regulation
In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more
10/27/2023
/ Compliance ,
Compliance Dates ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Materiality ,
Popular ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On March 9, 2022, the SEC released proposed rules intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and cyber incident reporting by companies that are subject to the...more
3/14/2022
/ Comment Period ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 8-K ,
Policies and Procedures ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
Last month, as part of BakerHostetler’s “Look Back, Look Ahead: Advertising and Marketing Law in 2021 & 2022” webinar series, partners Craig A. Hoffman and Victoria Weatherford presented on recent trends and predictions on...more
Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives,...more
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more
On Oct. 25, 2019, BakerHostetler’s Financial Services industry team, in collaboration with the Ohio Bankers League, held its third Financial Services Summit in Columbus, Ohio. The speakers included Ohio Senator Sherrod Brown...more
Organizations across all industries, including government agencies, are facing a surge of ransomware attacks launched by cybercriminals. New types of ransomware principally causing this surge have the potential to cause...more
Ohio will soon have a law in place that provides a “legal safe harbor” from tort claims related to a data breach, to entities that have implemented and comply with certain cybersecurity frameworks. It remains to be seen...more
Axioms are common in the privacy and security space. One that has been popping up with more frequency is “privacy and security is an enterprise risk that requires an enterprise-wide effort to appropriately address.” It is...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack.
Join members of BakerHostetler’s...more
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued cybersecurity disclosure guidance for public companies (“SEC Guidance”) that, according to SEC Chair Jay Clayton, “reinforces and expands” on...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack....more
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to...more
4/19/2017
/ Chief Compliance Officers ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Hotlines ,
Incident Response Plans ,
Ransomware
BakerHostetler began publishing its Data Security Incident Response Report in 2015. Although we were the first law firm to do so, inspiration for the report came from similar reports that cybersecurity firms issue. We will be...more
Cue the year-end articles saying that this was the worst year to date for data breaches. Follow that with more dire predictions for 2017. Layer in one-size-fits-all recommendations to mitigate these risks. And finish with...more
Public companies that are proactively working to mitigate “cyber” risks and prepare to respond to potential incidents frequently ask whether a “breach” will lead to litigation, loss of customers, stock price decline, and...more
12/21/2016
/ Board of Directors ,
Breach of Duty ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Duty of Loyalty ,
Home Depot ,
Popular ,
Proxy Statements ,
Shareholder Litigation ,
Shareholders
We provided incident response and incident response preparedness services to hundreds of companies in 2015. The questions we answered were as unique and varied as the incidents companies faced....more
A forensic investigation by a security firm often does (and should) drive decision-making in response to an incident. Because the work of a security firm usually drives the critical path of a response, companies can become...more
The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more
Many have heard that “it is not a matter of if a company will be attacked, but when.” Statements like this used to be met with skepticism – companies would say we do not have information hackers want, we outsource our...more
On October 24, 2014, the Federal Communication Commission (“FCC”) took a big step into the cybersecurity regulatory space when it announced its intent to assess a $10 million fine against two telecoms, TerraCom and YourTel...more