SEC's data breach probe of Yahoo could set precedent.
According to LegalTechNews. com and the Wall Street Journal, the Securities and Exchange Commission (SEC) is investigating whether Yahoo Inc. should have disclosed its data breaches to investors earlier. Any resulting penalties would be the agency's first ever for such a charge.
The SEC is checking whether Yahoo broke securities laws when it waited until 2016 to disclose the two breaches, which together compromised the data of more than a billion users. The incidents occurred in August 2013 and in late 2014.
Last September, U.S. Sen. Mark Warner (D-Va.) wrote to former SEC Chair Mary Jo White asking her to investigate.
Robert Cattanach of Dorsey & Whitney in Minneapolis, which represents companies in cybersecurity matters, said it can take weeks or months to gather enough information about a breach and the data that was compromised to disclose an incident accurately.
"I can promise you that there are so many different open questions when you are in the middle of one of these [data breaches], your head is just swimming," he said. "So the fact that [Yahoo] waited a while before [disclosing] is in many ways understandable, but from the SEC perspective: you don't get forever."
Craig Newman of Patterson Belknap Webb & Tyler in New York, which represents clients in financial and cybersecurity matters, said companies are in a tough spot because "they don't want to jeopardize law enforcement efforts, they don't want to jeopardize investigations, but at the same time, securities laws require them to be transparent with their own investors."
According to Newman, SEC guidance on disclosures provides no direction on how long companies should take. Most states have data breach laws that include a time frame, some giving companies 45 days to disclose.
Yahoo declined to comment on this particular SEC investigation.
|Printer friendly Cite/link Email Feedback|
|Publication:||Information Management Journal|
|Date:||Mar 1, 2017|
|Previous Article:||Internet Titans will team to detect terrorist content.|
|Next Article:||The next frontier for RIM Pros.|