Securities and Exchange Commission

SEC Adopts Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures

Written by , and

The Securities and Exchange Commission (SEC) issued a press release announcing its unanimous approval of a statement by SEC Chairman Jay Clayton and interpretive guidance (the “2018 Guidance”) to assist public companies in preparing disclosures about cybersecurity risks and incidents. This is the first interpretive guidance published by the full Commission on the topic of cybersecurity for public companies, and it may foreshadow increased SEC action to protect investors from the potential negative effects of increasingly common large-scale data breaches. The 2018 Guidance formalizes and expands [...] Read more

SEC Chairman Jay Clayton Announces Data Breach of SEC Systems Which May Have Led to Insider Trading

Written by and

SEC Chairman Jay Clayton issued a public statement on Cybersecurity (the “Clayton Statement”) last week, disclosing a 2016 attack on the SEC’s database of corporate filings. The intrusion exploited a vulnerability in the test filing component of the EDGAR system, a document repository for disclosures from public companies and issuers, through which the intruder was able to gain access to nonpublic (and potentially sensitive) corporate information.  Though the intrusion was detected in 2016, Clayton stated that the agency learned only in August 2017 that the incident, “may have provided [...] Read more

SEC Continues to Focus on Cyber-related Disclosures

Written by

Participating in a panel at the “SEC Speaks” event on February 19, Deputy Director of the SEC’s Enforcement Division Stephanie Avakian expressed that the Commission continues to focus on cybersecurity as a top priority in 2016. Avakian discussed the Commission’s cybersecurity concerns in three contexts: (1) failure of registered entities to follow Rule 30(a) of Regulation S-P (the “Safeguards Rule”) in protecting customers’ records and information; (2) illicit securities trading following theft of material non-public information; and (3) cyber-related disclosures by public companies, [...] Read more

SEC Sanctions Investment Adviser Under the Safeguards Rule

Written by

The Securities and Exchange Commission (“SEC”) has sanctioned an investment adviser and fined it $75,000 for failing to “adopt written policies and procedures reasonably designed to protect customer records and information.”  The SEC alleges that this failure, which was a violation of its Safeguards Rule, contributed to a cyber attack against the investment adviser that put the sensitive personally identifiable information (“PII”) of more than 100,000 individuals at risk.  The Safeguards Rule, part of the SEC’s Regulation S-P, requires brokers, dealers, investment companies, and [...] Read more

SEC Confirms Plans To Issue New Cybersecurity Disclosure Rules

Written by

According to Smeeta Ramarathnam, Chief of Staff to SEC Commissioner Luis Aguilar, the SEC is currently engaging in a comprehensive re-work of its investor disclosure rules, including with respect to rules bearing on cybersecurity incident disclosure. The SEC, which is formally tasked with overseeing issues that concern market integrity and disclosure of material information, revealed its plan to overhaul its disclosure rules during an April 23 panel at the 2015 RSA Conference in San Francisco, during which Ramarathnam stated that the SEC was entering “a time of great change” with respect to [...] Read more