Tagged: cybersecurity

New SEC Cybersecurity Disclosure Rules

Canadian issuers that are reporting issuers with the Securities and Exchange Commission should be aware of new rules that impose disclosure requirements regarding cybersecurity risk management, strategy, governance and incidents. The new rules have two basic components.   First, certain issuers will have new disclosure requirements regarding the registrant’s processes and policies for cybersecurity risk management, strategy and governance.  These disclosures (which we refer to as “risk management disclosures”) will be required in the registrant’s annual report. The new risk management disclosures apply to nearly all domestic SEC reporting issuers (including Canadian issuers that report on domestic forms) and those foreign private issuers that report on Form 20-F. Second, in the event of a material...

SEC Guidance on Cybersecurity Disclosure and Policies – Recap of Dorsey Webinar Presentation

Earlier this week, a panel of Dorsey attorneys presented a webinar on the SEC’s recent guidance on cybersecurity disclosures and policies, which included a detailed walk-through of the SEC’s 2018 guidance, including issues related to enhanced disclosure, insider trading, and Reg FD policies. The panel also discussed the impact of the SEC’s guidance within the changing landscape of cybersecurity and current developments in shareholder litigation, SEC enforcement actions, and other regulatory and legislative initiatives such as the GDPR. The Equifax data breach is used as a case study to illustrate how the SEC’s guidance might play out in this broader context. The webinar recording and presentation materials are available on our website at...

SEC Issues New Cybersecurity Guidance

On February 26, the SEC published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The SEC’s new guidance reinforces and expands on its October 2011 guidance, emphasizing the importance of adopting sound cybersecurity policies and procedures and safeguards against insider trading in the event of a potentially material cybersecurity breach. Read more about the new guidance in our recent eUpdate: www.dorsey.com/newsresources/publications/client-alerts/2018/03/sec-issues-new-cybersecurity-guidance.

Equifax Data Breach: Preliminary Lessons for the Adoption and Implementation of Insider Trading Policies

The recent data breach at Equifax, a major credit rating agency, has provided an unexpected reminder of the importance of well-structured insider trading policies. Following last week’s announcement of the data breach, it was disclosed that certain Equifax executives, including its Chief Financial Officer, sold a portion of their holdings after the cyberattack was discovered, but before the news was publically announced. While Equifax has stated that the executives had “no knowledge of the intrusion at the time they sold their shares,” the developing story illustrates some of the risks attendant to sales of securities by insiders of public companies. Canadian issuers registered with the SEC or trading in the U.S. markets will...