In FinTech Law Report, DC Attorneys Analyze SEC Broad Theory of Required Disclosures of Security Incidents

In The News
October 25, 2021

In a FinTech Law Report article, data, privacy & cybersecurity partner Fran Faircloth (Washington, D.C.) examines a recent U.S. Securities and Exchange Commission settlement demonstrative of the Commission’s continued attention to public companies’ disclosures of cybersecurity incidents and its commitment to a broad notion of what constitutes such incidents. 

The author note that UK-based education publisher Pearson plc is the third data breach settlement from the SEC. In each settlement, the SEC has stressed the importance of adequate disclosure controls and procedures, which are necessary to enable public companies to make timely disclosure of cybersecurity incidents. According to the author, the SEC appears to be pursuing an approach to data breach disclosures that is significantly more aggressive than is required under state data breach laws.