The SEC has recently brought several noteworthy actions underscoring privacy and data safeguards for investors. Last year, for example, the agency brought the first-ever enforcement action under Regulation S-ID’s Red Flags Rules on identity theft. While the SEC has sued public companies for a failure to disclose material data breaches to investors, as in Yahoo!’s case, public companies may soon face more scrutiny — in its recent report under Section 21A of the Exchange Act, the SEC warned publicly-traded companies to take “reasonable measures” to protect against cyberattacks, or risk internal controls violations. It’s critical for businesses to understand what’s reasonable from a regulatory perspective, but also practical to implement. This session will explore recent enforcement trends, examine what steps SEC-regulated entities and public companies should take to comply with applicable regulations, and consider when to report data breaches.
Doug Davison, Partner, Linklaters