On February 21, 2018, the Securities and Exchange Commission (the “Commission”) published interpretive guidance to assist public companies when considering, drafting and issuing disclosure about cybersecurity risks and incidents (the “interpretive guidance”). The interpretive guidance became effective immediately upon issuance.

The Commission’s interpretive guidance reaffirms and expands upon guidance issued by the Division of Corporation

On October 11, 2017, President Trump nominated Kirstjen Nielsen, the current White House Deputy Chief of Staff, to be Secretary of the Department of Homeland Security (“DHS”).  Ms. Nielsen has significant cybersecurity experience, including through her prior roles at the Center for Cyber and Homeland Security at George Washington University and the National Cybersecurity Center. 

Yesterday, Yahoo announced that the data breach it suffered in August 2013 was much broader than previously believed, affecting all three billion of its users.  This announcement comes on the heels of a federal judge refusing to dismiss a consumer class action against the company.  Our recent memorandum discussing that decision and other recent decisions

On September 20, 2017, SEC Chairman Clayton issued a statement after reports circulated that the SEC’s EDGAR filing system had been hacked.  Chairman Clayton disclosed that the SEC learned in August 2017 that a breach previously detected in 2016 may have resulted in illicit trading based on the hacked information.  The SEC’s statement sought to

Several regulators have promptly announced investigations into the circumstances surrounding the Equifax breach. The New York Attorney General was the first to announce his office was launching an inquiry.  Since then, the FTC announced it was also conducting an investigation and the Massachusetts Attorney General brought an enforcement suit against Equifax alleging that the

New York Governor Andrew Cuomo announced that in response to the Equifax breach he was proposing a new NY Department of Financial Services (“DFS”) regulation that would give DFS oversight over credit reporting agencies for the first time.  To date, DFS’s cybersecurity regulations, some of the toughest in the country, have applied to financial institutions

Speaking on a panel at NYU, SEC Chairman Clayton reiterated prior statements by agency officials that cybersecurity is one of the agency’s top priorities.  In the remarks reported by Law360, Chairman Clayton stated that he believed that disclosures by regulated entities concerning cyber risks could be improved.  One of the agency’s Enforcement Directors, who was

Cybersecurity and hacking incidents continued to dominate headlines in 2016—not only did they continue to impact corporations but they also played a role in the U.S presidential election. At the same time, various states have introduced, considered or adopted cyber-related legislation, including legislation applicable to certain industries that are more sensitive to cybersecurity breaches (e.g.,  New York proposed a cybersecurity regulation that applies to financial institutions licensed or regulated by the New York State Department of Financial Services). Federal agencies, including the U.S. Securities and Exchange Commission (“SEC”), the Federal Trade Commission and the U.S. Department of Justice (“DOJ”), are also playing key roles in regulating the area of cybersecurity.
Continue Reading Recent Developments in Cybersecurity