The SEC Guidance on Cybersecurity Measures for Public Companies
Data breaches involving the personal information of consumers have recently appeared prominently in headlines. In California, for example, it is estimated that over 2.5 million residents were put at risk by data breaches in 2012, including five major breaches that each affected the personal information of 100,000 or more people. California businesses, which must give notice when a data breach results in unauthorized access to the unencrypted personal information of consumers, are under siege. As recently highlighted by an SEC roundtable, cybersecurity— including the issue of whether and how to disclose a breach— is receiving considerable scrutiny from legislators and regulators.