Embedded in revisions to a proposed cybersecurity law are some provisions on mandatory breach notification. Richard Lardner reports:
The chairman of the Senate Commerce, Science and Transportation Committee, Sen. Jay Rockefeller, D-W.Va., is adding a provision to cybersecurity legislation that would strengthen the reporting requirement. The SEC’s cybersecurity guidance issued in October is not mandatory. It was intended to update for the digital age a requirement that companies report “material risks” that investors want to know.
Rockefeller’s measure would direct the SEC’s five commissioners to make clear when companies must disclose cyber breaches and spell out steps they are taking to protect their computer networks from electronic intrusions.
“It’s crucial that companies are disclosing to investors how cybersecurity risks affect their bottom lines, and what they are doing to address those risks,” Rockefeller said Friday.
Read more from AP.