Alaap B. Shah and Robert J. Hudock, Members of the Firm in the Health Care and Life Sciences practice, in the firm’s Washington, DC, office, co-authored an article in Pratt’s Privacy & Cybersecurity Law Report, titled “Cybersecurity Show and Tell: SEC Guidance on Cybersecurity Disclosures.”
Following is an excerpt (see below to download the full version in PDF format):
The authors of this article explain the recently issued interpretive guidance on cybersecurity related disclosures and controls issued by the U.S. Securities and Exchange Commission, which discusses obligations under current laws and regulations and the need for robust cybersecurity policies and procedures governing disclosures and prohibiting insider trading.
The U.S. Securities and Exchange Commission (“SEC”) recently issued interpretive guidance on cybersecurity related disclosures and controls. This guidance reaffirms, and expands upon, prior staff guidance from 2011 as well. This guidance also adds emphasis to the prior staff guidance by constituting a statement of the Commission. Collectively these documents provide guidance to publicly-traded companies about how to factor cybersecurity risk and cybersecurity incidents into policy development and decision-making related to public disclosure, prohibition on insider trading and selective disclosure under Regulation FD. Specifically, this interpretive guidance discusses obligations under current laws and regulations and the need for robust cybersecurity policies and procedures governing disclosures and prohibiting insider trading.