Senators ask SEC for national guidelines on data breach disclosures

In a letter sent this week to SEC Chairman Mary Schapiro, the senators wrote: “Given inconsistencies in reporting, investor confusion, and the national importance of addressing cybersecurity, we request that the Securities and Exchange Commission issue guidance regarding the disclosure of information security risk, including material network breaches.”

The senators – Commerce, Science and Transportation Committee Chairman Jay Rockefeller (D-W.Va.), Robert Menedez (D-N.J.), Sheldon Whitehouse (D-R.I.), Mark Warner (D-Va.), and Richard Blumenthal (D-Conn.) – warned that many companies do not report information security risks to investors. They cited a 2009 survey by insurance underwriter Hiscox that found 38% of Fortune 500 companies did not mention privacy or data security exposure in their public filings.

“Beyond our concerns about material information security risk, we believe that once a material breach has occurred, leaders of publicly traded companies may not fully understand their affirmative obligation to disclose information on potentially compromised intellectual property or trade secrets. Federal securities law obligates the disclosure of any material network breach, including breaches involving sensitive corporate information that could be used by an adversary to gain competitive advantage in the marketplace, affect corporate earnings, and potentially reduce market share”, the senators stressed.

A review of recent corporate disclosures by the senators’ staff found that breach reporting is inconsistent and unreliable.

In addition to guidance on information security risk and breach disclosure requirements, the senators asked the SEC to examine how credit agencies and securities analysts include evidence of information security risk in their assessments of companies and investment products.

“We believe this guidance, undertaken using longstanding commission legal authority, will enhance investor and corporate awareness of information security risk, thus improving the national and economic security of the nation”, the senators concluded.

What’s hot on Infosecurity Magazine?