Jessica Lyons Hardcastle reports: Public companies that suffer a computer crime likely to cause a “material” hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission. The SEC proposed the changes last March, and on Wednesday the financial watchdog voted…
Category: Breach Laws
Leaking Someone’s Personal Data Will Cost You Up to $2 Million in Pakistan
ProPK reports: A fine which may extend to $2 million or an equivalent amount in Pakistani rupees would be levied on those who process or cause to be processed, disseminate, or disclose personal data in violation of any of the provisions of the “Personal Data Protection Bill, 2023”. The Ministry of Information, Technology and Telecommunication…
SEC to Consider Cyber Rules Next Week
Micaela McMurrough, Ashden Fein, David H. Engvall, Caleb Skeath, Kerry Burke, and Shayan Karbassi of Covington and Burling write: According to a recently-released meeting agenda, the Securities and Exchange Commission’s (“SEC”) upcoming July 26, 2023 meeting will include consideration of adopting rules to enhance disclosures regarding cybersecurity risk management, governance, and incidents by publicly traded companies….
I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person.
On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously…
FTC Says Genetic Testing Company 1Health Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
The Federal Trade Commission charged that the genetic testing firm 1Health.io left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected. As part of a proposed settlement with the…
SEC Delays Cybersecurity Rules
Micaela McMurrough, Ashden Fein, Caleb Skeath, and Shayan Karbassi of Covington & Burling write: Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed…