From: Bloomberg/BNA
Although the Securities and Exchange Commission doesn’t require companies to disclose cybersecurity risks and incidents, companies should establish a disclosure framework in light of the SEC’s cybersecurity guidance, attorneys said March 7 at the International Association of Privacy Professionals Global Privacy Summit.
General counsels have identified cybersecurity as their number one issue three years in a row in one survey, Mary Ellen Callahan, chair of the Privacy and Information Governance Practice at Jenner & Block LLP and former chief privacy officer at the Department of Homeland Security, said.
The Securities and Exchange Commission began to review public company disclosures on cybersecurity only two years ago, Elaine Wolff, partner at Jenner & Block and moderator of the session on the SEC and cybersecurity, said. In October 2011, the SEC’s Division of Corporation Finance released cybersecurity risk and incident disclosure guidance.
Leave a Reply