Block on Trump's Asylum Ban Upheld by Supreme Court
The Securities and Exchange Commission is tightening rules on cybersecurity, but in a way it's like that horse already left the barn.
The SEC announced its plans after the massive Equifax data breach, which compromised the personal information of 145 million Americans last year. But what was worse, the SEC failed to disclose that it was hacked a year earlier.
Now the agency wants us to increase cybersecurity?
According to reports, the SEC is updating its guidelines regarding breach notification and disclosure. SEC Chairman Jay Clayton told the Senate banking committee that companies will be required to disclose information to investors in a more timely manner.
"Unfortunately, in the reality that we live in now, cyber breaches are going to be increasingly common, and this is in part why the SEC is so fully focused on cybersecurity," said Matt Rossi, former chief litigator for the SEC.
Rossi said businesses will have to notify consumers of breaches promptly, improve insider trading policies and prove they are improving cyber security. He said the SEC will issue guidelines first, and start enforcing them later.
"Typically they'll issue guidance, say what they want to see and that often is a precursor to enforcement action when they don't see companies or firms living up to their guidance they issued," he said.
In-house counsel will be at the forefront of the action. They will be expected to advise companies of the rules and will be accountable to regulators.
John Kelley, chief legal officer at Equifax, was caught in the eye of the cyber storm. He was involved in the sale of $1.8 million in stock by executives just before the company disclosed the breach.
The Wall Street Journal reported that security staff discovered the breach on July 29, and the executives sold their shares on Aug. 1 and Aug. 2.
Kelly oversaw security and was responsible for approving the sales.