The U.S. Securities and Exchange Commission announced the adoption of new rules pertaining to how public companies report cybersecurity incidents. The SEC will now require disclosures related to "material cybersecurity incidents (companies) experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance." SEC Chair Gary Gensler said the aim is to make disclosures "consistent, comparable, and decision-useful" for investors. Editor's note: The IAPP and KPMG released the Privacy Risk Study 2023 in June.
27 July 2023
SEC adopts rules to update cybersecurity incident reporting
Related stories
A view from Brussels: Putting AI to the test on EU privacy, data protection developments
Why organizations should prioritize employee data protection to combat spear phishing
Notes from the Asia-Pacific region: Santa's on his way, bringing guidance from Singapore's PDPC, adoption of Vietnam's Data Law and more
EDPB weighs in on key questions on personal data in AI models
New tools aim to improve data activity monitoring, compliance efficiency
