What is non-GAAP?
The SEC continues to leave its mark as a federal cybersecurity enforcer and closed out the year by charging another company with making misleading statements about a cybersecurity attack and failing to maintain cyber-related...more
Cross Border Transfers of Data. UK Data Transfers. The UK government has published a U.S. “adequacy decision” which permits U.S. organizations that have certified to the EU-US Data Privacy Framework (DPF) and UK Extension...more
On July 26, 2023, the SEC adopted new cybersecurity rules, which have two top-line impacts. First, registrants must disclose material cybersecurity incidents promptly on Form 8-K. Second, registrants must disclose new...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted its long-anticipated cybersecurity reporting rule (the “Final Rule”). The Final Rule applies to public companies subject to the reporting requirements...more
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public companies. The rules, which will become effective thirty days after publication in...more
The Securities and Exchange Commission (“SEC”) has admonished companies to report material cybersecurity incidents in their public filings since 2011, but this week the SEC announced a new rule actually requiring disclosure...more
As part of the SEC's broader rulemaking initiative, on March 9, 2022, the SEC proposed amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by...more
The SolarWinds cyber-attack was devastating in scope and impact. If any lesson can be learned from this event, the SolarWinds case presents all the pitfalls, enforcement and reputational damage, rolled into one tragic series...more
The massive data breach of the United States Commerce and Treasury Departments that has roiled the federal government has resulted in federal securities litigation. On January 4, 2021, Plaintiff-Shareholder Timothy Bremer...more
One thing I appreciate about the SEC comment letter process is that it gives real life examples to what is often discussed hypothetically. Take, for example, cybersecurity and steps management should take when a data incident...more
On April 24, 2018, the United States Securities and Exchange Commission (“SEC”) instituted a settled administrative proceeding against Altaba Inc., f/d/b/a Yahoo! Inc. (“Yahoo!”) for allegedly failing to disclose a...more
On April 24, 2018, the Securities and Exchange Commission announced a settled enforcement proceeding against Altaba Inc. (formerly known as Yahoo! Inc.) arising out of data breaches suffered by Yahoo in 2014, 2015 and 2016....more
The SEC's new guidance on public company cybersecurity disclosures and Chairman Clayton's accompanying statement emphasize the SEC's expectations that public companies: (i) implement comprehensive cybersecurity policies that...more