In late June, the staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance released five new compliance and disclosure interpretations regarding the disclosure of material cybersecurity incidents...more
12/2/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Disclosure Requirements ,
Encryption ,
Form 8-K ,
Information Technology ,
Materiality ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC)
By now, public companies are generally aware of the cybersecurity rules adopted by the U.S. Securities and Exchange Commission a year ago, requiring public companies to disclose material cybersecurity incidents under Item...more
10/21/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Form 8-K ,
Incident Response Plans ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
9/11/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Incident Response Plans ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On June 24, the staff of the U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance (Division of Corporation Finance) released five new Compliance & Disclosure Interpretations (C&DIs) relating to the...more
7/17/2024
/ C&DIs ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Ransomware ,
Regulation FD ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations
On May 21, 2024, Erik Gerding, the director of the Division of Corporation Finance of the Securities and Exchange Commission (SEC), released a statement containing guidance for public companies regarding the disclosure of...more
6/5/2024
/ Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Federal Breach Notification Standard ,
Final Rules ,
Form 8-K ,
New Guidance ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests...more
10/23/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
New Legislation ,
Personal Information ,
Registration Requirement ,
Regulatory Reform ,
State and Local Government ,
State Privacy Laws
On July 26, the Securities and Exchange Commission (SEC) adopted, by a 3-2 margin, a final rule to require more immediate disclosure of material cybersecurity incidents by public companies. In addition, the final rule...more
One key area where Virginia’s Consumer Data Protection Act (CDPA) differs from the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) is the law’s notice and disclosure...more