Dave Lynn spoke to the Washington Post about the Securities and Exchange Commission (SEC) voting to require publicly traded companies to disclose within four days when they suffer a cyber incident significant enough to weigh into the decisions of prospective investors.
"The encouraging aspect is that they did listen to a commenters on a number of points," Dave said.
He's been tracking the long history of similar ideas at the SEC, going back to 2011, and overall isn't convinced yet that the latest rule will change much. "It takes away perhaps some last vestige of gray area around whether or not you had to do it," he added.
Read the full article (subscription may be required).
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Morrison & Foerster LLP. All rights reserved
