SEC proposes companies report cybersecurity incidents within four days
By 
Aaron Nicodemus2022-03-09T23:04:00
Public companies would have to report material cybersecurity incidents no later than four business days after they occur if a rule proposed by the Securities and Exchange Commission takes effect.
Related articles
-
News Brief
SEC proposes Reg S-P updates on incident response, breach notifications
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
-
PremiumCongress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023
As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?
-
ArticleSEC to reopen comment on climate-related disclosure rule, data breach reporting after glitch
The Securities and Exchange Commission will reopen comment periods on 11 rulemaking releases put forward over the past year, including proposals regarding climate-related disclosures and reporting cybersecurity breaches, because of a glitch in its online comment system.
More from Regulatory Policy
-
ArticleFinCEN delays AML rules for realtors and investment advisors until 2028
The Treasury Department’s Financial Crimes Enforcement Network is delaying an upcoming requirement that investment advisors and realtors begin screening clients for money laundering and other illegal activity.
-
News BriefSEC’s Crypto Task Force hits the road with nationwide roundtables
The Securities and Exchange Commission is taking its pro-crypto messaging on the road, planning a series of events for its Crypto Task Force that will be held across the U.S. starting on Aug. 4.
-
Basic PageDOJ warns against using proxies for DEI in federally funded programs
The DOJ is warning that simply scrubbing DEI-related words from policy documents or training materials—and replacing them with thinly veiled proxies—will not protect federally funded organizations from legal scrutiny.