Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Look Out for New Data-Breach Notification Laws

By William Vogeler, Esq. on January 10, 2018 | Last updated on March 21, 2019

The Securities and Exchange Commission is tightening rules on cybersecurity, but in a way it's like that horse already left the barn.

The SEC announced its plans after the massive Equifax data breach, which compromised the personal information of 145 million Americans last year. But what was worse, the SEC failed to disclose that it was hacked a year earlier.

Now the agency wants us to increase cybersecurity?

Breach Notification

According to reports, the SEC is updating its guidelines regarding breach notification and disclosure. SEC Chairman Jay Clayton told the Senate banking committee that companies will be required to disclose information to investors in a more timely manner.

"Unfortunately, in the reality that we live in now, cyber breaches are going to be increasingly common, and this is in part why the SEC is so fully focused on cybersecurity," said Matt Rossi, former chief litigator for the SEC.

Rossi said businesses will have to notify consumers of breaches promptly, improve insider trading policies and prove they are improving cyber security. He said the SEC will issue guidelines first, and start enforcing them later.

"Typically they'll issue guidance, say what they want to see and that often is a precursor to enforcement action when they don't see companies or firms living up to their guidance they issued," he said.

In-house counsel will be at the forefront of the action. They will be expected to advise companies of the rules and will be accountable to regulators.

John Kelley, chief legal officer at Equifax, was caught in the eye of the cyber storm. He was involved in the sale of $1.8 million in stock by executives just before the company disclosed the breach.

The Wall Street Journal reported that security staff discovered the breach on July 29, and the executives sold their shares on Aug. 1 and Aug. 2.

Kelly oversaw security and was responsible for approving the sales.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard