Share

Related Stories

Top 5 Stories

News

Senators ask SEC for national guidelines on data breach disclosures

13 May 2011

In response to recent data breaches at RSA, Epsilon, and Sony, a group of five Democratic senators is asking the Securities and Exchange Commission (SEC) to issue national guidelines regarding breach disclosure.

In a letter sent this week to SEC Chairman Mary Schapiro, the senators wrote: “Given inconsistencies in reporting, investor confusion, and the national importance of addressing cybersecurity, we request that the Securities and Exchange Commission issue guidance regarding the disclosure of information security risk, including material network breaches.”

The senators – Commerce, Science and Transportation Committee Chairman Jay Rockefeller (D-W.Va.), Robert Menedez (D-N.J.), Sheldon Whitehouse (D-R.I.), Mark Warner (D-Va.), and Richard Blumenthal (D-Conn.) – warned that many companies do not report information security risks to investors. They cited a 2009 survey by insurance underwriter Hiscox that found 38% of Fortune 500 companies did not mention privacy or data security exposure in their public filings.

“Beyond our concerns about material information security risk, we believe that once a material breach has occurred, leaders of publicly traded companies may not fully understand their affirmative obligation to disclose information on potentially compromised intellectual property or trade secrets. Federal securities law obligates the disclosure of any material network breach, including breaches involving sensitive corporate information that could be used by an adversary to gain competitive advantage in the marketplace, affect corporate earnings, and potentially reduce market share”, the senators stressed.

A review of recent corporate disclosures by the senators’ staff found that breach reporting is inconsistent and unreliable.

In addition to guidance on information security risk and breach disclosure requirements, the senators asked the SEC to examine how credit agencies and securities analysts include evidence of information security risk in their assessments of companies and investment products.

“We believe this guidance, undertaken using longstanding commission legal authority, will enhance investor and corporate awareness of information security risk, thus improving the national and economic security of the nation”, the senators concluded.

This article is featured in:
Compliance and Policy  •  Data Loss  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×