{"id":1291,"date":"2018-06-06T08:12:27","date_gmt":"2018-06-06T12:12:27","guid":{"rendered":"https:\/\/seci.wpenginepowered.com\/?p=1291"},"modified":"2018-06-06T08:12:27","modified_gmt":"2018-06-06T12:12:27","slug":"faulty-cybersecurity-disclosures-and-a-big-fine","status":"publish","type":"post","link":"https:\/\/seciblog.pli.edu\/index.php\/faulty-cybersecurity-disclosures-and-a-big-fine\/","title":{"rendered":"Faulty Cybersecurity Disclosures and a Big Fine"},"content":{"rendered":"<p>Here is an issue to focus on as we draw to the end of the second quarter and plan our periodic reporting.<\/p>\n<p>Rarely does a month pass without dramatic news stories about cybersecurity breaches.\u00a0 Targets include large companies such as Equifax, not-for-profits such as hospitals and even government agencies like the SEC.<\/p>\n<p>Earlier this year the SEC augmented their 2011 cybersecurity disclosure guidance in <a href=\"https:\/\/www.sec.gov\/divisions\/corpfin\/guidance\/cfguidance-topic2.htm\">CorpFin Disclosure Topic Two<\/a>with a formal <a href=\"https:\/\/www.sec.gov\/rules\/interp\/2018\/33-10459.pdf\">Commission Release<\/a>.\u00a0 As we <a href=\"https:\/\/seciblog.pli.edu\/?p=1230\">blogged<\/a>,the Release in large part reinforced the Disclosure Topic Two guidance and added guidance about control and insider trading issues.<\/p>\n<p>When the SEC issues new guidance one of the ways they sometimes emphasize its importance is with an enforcement case.\u00a0 And, that has happened here.\u00a0 Altaba, Inc, which was formerly Yahoo, has been fined $35 million for failure to make timely and accurate disclosures about their major cybersecurity breach.\u00a0As you may have read, there was a significant delay in disclosure of the breach on the part of Altaba (Yahoo), and the enforcement release highlights several other disclosure issues surrounding the breach, including the fact that Yahoo\u2019s disclosure controls and procedures were not effective.\u00a0 Here is a quote from Jina Choi, the San Francisco Regional Office Director:<\/p>\n<p>\u201cYahoo\u2019s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach.\u00a0\u00a0Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.\u201d<\/p>\n<p>You can <a href=\"https:\/\/www.sec.gov\/news\/press-release\/2018-71\">read details here<\/a>.<\/p>\n<p>As always, your thoughts and comments are welcome!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here is an issue to focus on as we draw to the end of the second quarter and plan our periodic reporting. Rarely does a month pass without dramatic news stories about cybersecurity breaches.\u00a0 Targets include large companies such as Equifax, not-for-profits such as hospitals and even government agencies like the SEC. Earlier this year &hellip; <a href=\"https:\/\/seciblog.pli.edu\/index.php\/faulty-cybersecurity-disclosures-and-a-big-fine\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Faulty Cybersecurity Disclosures and a Big Fine<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[14],"tags":[21],"coauthors":[154],"class_list":["post-1291","post","type-post","status-publish","format-standard","hentry","category-10-k10-q-tips","tag-cybersecurity"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts\/1291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/comments?post=1291"}],"version-history":[{"count":0,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts\/1291\/revisions"}],"wp:attachment":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/media?parent=1291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/categories?post=1291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/tags?post=1291"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/coauthors?post=1291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}