SEC guidance about coming clean about data breaches

Emma Woollacott reports:

The Securities and Exchange Commission (SEC) has ordered companies to disclose security breaches, following a year in which several organizations have been criticized for revealing details late, if at all.

“Cyber incidents may result in losses from asserted and unasserted claims, including those related to warranties, breach of contract, product recall and replacement, and indemnification of counterparty losses from their remediation efforts,” says the SEC in its new guidance notes.

“Cyber incidents may also result in diminished future cash flows, thereby requiring consideration of impairment of certain assets including goodwill, customer-related intangible assets, trademarks, patents, capitalized software or other long-lived assets associated with hardware or software, and inventory.”

Read more on TG Daily.  If you read the guidance, you’ll see it’s not really an order….

Update:  Christopher Wolf provides an analysis of the guidance on Chronicle of Data Protection.

About the author: Dissent

Comments are closed.