http://ow.ly/7xUGs
An article By Ron N. Dreben, W. Reece Hirsch, Kenneth M. Kliebard, Gregory T. Parks of Morgan, Lewis & Bockius LLP.
The article states, "On October 13, the Securities and Exchange Commission (SEC) released guidance[1] relating to a covered business entity's obligations to disclose cybersecurity risks and data breach incidents within SEC registrants' already-required SEC disclosures and filings. The SEC provided this guidance in an effort to instruct business entities on what situations call for disclosure of information about potential and/or actual data security breaches in public filings, and what amount of detail should be provided.
Currently, 46 states plus the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have enacted laws requiring companies to notify individuals within their jurisdiction if their personal information has been implicated in a data security breach incident. While each state's threshold requirements for notification vary, notification is typically required when information such as a person's Social Security number, driver's license number, or bank account number, in conjunction with other personal identifying information, has been or is "reasonably believed" to have been breached."
Currently, 46 states plus the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have enacted laws requiring companies to notify individuals within their jurisdiction if their personal information has been implicated in a data security breach incident. While each state's threshold requirements for notification vary, notification is typically required when information such as a person's Social Security number, driver's license number, or bank account number, in conjunction with other personal identifying information, has been or is "reasonably believed" to have been breached."
The article also provides specifics regarding the new regulations in California and Illinois as well.
The article also further states, "Companies regularly collect and store personal information from both their clients and their employees, creating a risk that this sensitive information could be inadvertently disclosed or accessed without authorization. In the case of a data breach, companies should not only be prepared to follow each state's requirements regarding notification and remediation of the breach and their contractual obligations to their customers, but also consider the implications of the breach upon their SEC filing requirements."
No comments:
Post a Comment