SEC proposes companies report cybersecurity incidents within four days
By 
Aaron Nicodemus2022-03-09T23:04:00
Public companies would have to report material cybersecurity incidents no later than four business days after they occur if a rule proposed by the Securities and Exchange Commission takes effect.
Related articles
-
News Brief
SEC proposes Reg S-P updates on incident response, breach notifications
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
-
PremiumCongress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023
As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?
-
ArticleSEC to reopen comment on climate-related disclosure rule, data breach reporting after glitch
The Securities and Exchange Commission will reopen comment periods on 11 rulemaking releases put forward over the past year, including proposals regarding climate-related disclosures and reporting cybersecurity breaches, because of a glitch in its online comment system.
More from Regulatory Policy
-
News BriefFinCEN again delays U.S. ban on three Mexican financial institutions
The order barring three Mexican financial institutions from doing business with U.S. financial institutions has been delayed until October.
-
Basic PageSEC taps military judge as Enforcement Division Director
The SEC has named Margaret “Meg” Ryan, a senior military judge and Harvard Law lecturer, as its next Enforcement Division Director—an unconventional pick that could signal changes in enforcement strategy.
-
ArticleCalifornia privacy regulator unveils new cyber, risk, and automation rules
Businesses operating in California will need to meet new, first-in-the-nation privacy requirements for cybersecurity, risk assessments, and automated decision-making technology, under a large expansion of rules by the state.