Data Security Law Journal Focusing on legal trends in data security, cloud computing, data privacy, and anything E

Monthly Archives: December 2011

Limitations of the SEC Guidance on Disclosure of Cyber Security Risks

Posted in Data Security

My previous post discussed the SEC’s Division of Corporation Finance’s recent Corporate Finance Disclosure Guidance which provides the Division of Corporation Finance’s views regarding disclosure obligations relating to cybersecurity risks and cyber incidents.  There are limitations to this Guidance, and this post attempts to address some of those limitations. One limitation is the legally binding… Continue Reading

Obligation to Disclose Security Risks

Posted in Data Security

What obligation does a publicly traded company have to disclose security breaches?  On October 13, 2011, the Securities and Exchange Commission took an important step towards answering this question when it issued a guidance that attempts to clarify a company’s obligations to disclose cybersecurity risks in registration statements and periodic reports required by the Securities… Continue Reading