US SEC updates cybersecurity incident reporting rules

26/07/2023 | US Securities and Exchange Commission

The US Securities and Exchange Commission (SEC) has implemented new rules to ensure public companies disclose any material cybersecurity incidents they experience, along with information on their cybersecurity risk management strategy and governance. This includes requiring foreign private issuers (overseas companies that do business in the US) to make comparable disclosures. Under the new rules, registrants must disclose any cybersecurity incident they determine to be material and describe its nature, scope, timing and impact on the registrant. The disclosure must be made on the new Item 1.05 of Form 8-K and generally be due four business days after the incident is deemed material. SEC Chair Gary Gensler believes that ensuring companies disclose material cybersecurity information consistently and in a comparable manner, it will benefit investors, companies and the markets connecting them.

Read Full Story
clocks, data breach reportning, notification

What is this page?

You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.

The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.

Freevacy has been shortlisted in the Best Educator category.
The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.