Recent data breaches at Equifax and the Securities and Exchange Commission have renewed the spotlight on all aspects of cybersecurity, including disclosure. In this paper, Wolters Kluwer analyst Anne Sherry reminds companies that responding to a cyber incident requires careful study of the law of all the jurisdictions in which they do business. Recent changes to Delaware’s data breach notification law are addressed, as is guidance from the SEC that fits cyber incidents into the existing regime requiring disclosure of material events. While noting that there is no equivalent federal data breach notification law, the author addresses increasing pressure on the Commission from lawmakers and investor advocates to shore up its disclosure requirements for cyber breaches.
Complete the form to download After Equifax, a renewed focus on state and federal cybersecurity disclosure.