SEC Division Wants Breach/Risk Disclosures
DATA PROTECTIONOctober 14, 2011
The Securities and Exchange Commission's (SEC) Division of Corporate Finance has issued a Disclosure Guidance calling for risk assessments and disclosures, reports the Hogan Lovells Chronicle of Data Protection. The guidance "is not a rule, regulation or statement of the SEC," writes Christopher Wolf, adding that the commission has neither approved nor disapproved the document. "Still," writes Wolf, "companies that ignore the advice...and fail to assess and disclose material cybersecurity risks do so at their peril--risking regulatory and legal action." Wolf summarizes the guidance and predicts that it "is likely to result in public corporations engaging in a substantial and detailed assessment" of their risks and "may lead to a litigation trend of plaintiffs suing" over breaches.