The U.S. Securities and Exchange Commission announced the adoption of new rules pertaining to how public companies report cybersecurity incidents. The SEC will now require disclosures related to "material cybersecurity incidents (companies) experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance." SEC Chair Gary Gensler said the aim is to make disclosures "consistent, comparable, and decision-useful" for investors. Editor's note: The IAPP and KPMG released the Privacy Risk Study 2023 in June.
27 July 2023
SEC adopts rules to update cybersecurity incident reporting
Related stories
Notes from the Asia-Pacific region: Looking back on an exceptional 2025 and the year to come
Notes from the IAPP Europe: Another piece of the EU Digital Package puzzle — the Data Union Strategy
Gaps in website opt-out functionality under the microscope in privacy enforcement
The case for differential privacy in the age of agentic AI
Santa Fe 4.0: la reforma constitucional que redefine derechos, tecnología y ciudadanía digital en Argentina
