For much of 2023, it seemed like barely a week would pass by without a new data breach or privacy violation finding its way into the headlines, making it clear that the threat actors of the world have not given up. In response, last year saw several significant federal and state regulatory developments in the cyber and privacy landscape. Regulators will remain focused on these issues and how they might be addressed.
Federal Regulatory Developments
U.S. Securities and Exchange Commission
The U.S. Securities and Exchange Commission (SEC) took a number of aggressive regulatory and enforcement positions in 2023. The agency began the year by suing law firm Covington & Burling to obtain the names of almost 300 clients impacted by a 2020 cyberattack attributed to a nation-state actor. A district court ruling in July required Covington to disclose the identities of seven clients whose material nonpublic information was exposed through the hack. One of those clients has anonymously proceeded to contest the disclosure of its identity.
That same month, the SEC finalized new rules for disclosures regarding cybersecurity risk management, strategy, governance and incident response for public companies subject to the reporting requirements of the Securities Exchange Act of 1934. The new rules require companies to disclose material cybersecurity incidents under Item 1.05 on Form 8-K.
Read the full version here.
Information contained in this publication should not be construed as legal advice or opinion or as a substitute for the advice of counsel. The articles by these authors may have first appeared in other publications. The content provided is for educational and informational purposes for the use of clients and others who may be interested in the subject matter. We recommend that readers seek specific advice from counsel about particular matters of interest.
Copyright © 2024 Stradley Ronon Stevens & Young, LLP. All rights reserved.