Adding to the chorus (or cacophony) of regulatory voices on the cybersecurity front, the SEC has recently issued new interpretive guidance concerning cybersecurity-related disclosures that public companies are required to make under federal securities laws.

Last week, NYS DFS began sending out e-mail notices to individuals stating that they had failed to comply with the Certification of Compliance requirement under 23 N.Y.C.R.R. §  500.17(b), which mandates that a Covered Entity under the regulations certify compliance annually.  The deadline for certification was February 15, 2018.

On November 30, three Senate Democrats introduced the now third pending bill concerning data breach response and substantive data security requirements, all three of which came in the wake of the Uber and Equifax data breaches, and the stunning revelation that Uber hid the breach for over a year.  Indeed, as is now well known, Uber went so far as to pay a hacker or hackers to conceal the breach and delete the compromised data.

Like a rider hailing an overcrowded uberPOOL heading to O’Hare on a busy weekday, the City of Chicago has joined the feeding frenzy surrounding the recently disclosed and controversially handled Uber breach. 

At the recent 2017 GreyCastle Cybersecurity Symposium: Generation Cyber, I had the pleasure of presenting the “Top 10 Legal Pitfalls to Avoid in Relation to a Data Breach.”