After Equifax, a renewed focus on state and federal cybersecurity disclosure

Recent data breaches at Equifax and the Securities and Exchange Commission have renewed the spotlight on all aspects of cybersecurity, including disclosure. Shortly before the public revelations of these breaches, on August 17, Delaware’s governor signed the first major revision to the state’s data breach notification law since its 2005 enactment. Significantly, the new law, which will go into effect in April, requires “persons” (which includes individuals, business entities, and governmental entities) to notify Delaware residents whose information was compromised within 60 days of discovery—a significant departure from the “as soon as possible” standard of the previous law. Equifax’s disclosure six weeks after learning of the breach fits within that timeline, while the SEC has not made it clear when it learned of the 2016 EDGAR breach. Chairman Jay Clayton testified before a Senate committee that he was personally notified in…

Read more detail on Recent Law Student posts –

This entry was posted in Law Students and tagged , , , , , , . Bookmark the permalink.

Leave a Reply