Akin Gump Quartet Publishes Article on Data Breach Disclosure

“Cybersecurity Update: Are Data Breach Disclosure Requirements On Target?” an article by Akin Gump partners Alice Hsu, Francine Friedman, Karol Kepchar and senior counsel Tracy Crum, was published by The Metropolitan Corporate Counsel in its February issue.

The article, adapted from an alert sent to firm clients and readers, outlines the authors’ belief that “cybersecurity and data privacy are indeed among the hottest topics in the boardroom this year due to the dramatic rise in cyber attacks and data breaches.”

Among the topics covered are:

  • risk disclosure obligations and the federal government’s focus on cybersecurity risks and incidents: “In 2011 the SEC advised companies to approach cybersecurity as they would any other part of the business…[while] FINRA has reiterated to broker-dealers that cybersecurity will remain a regulatory priority with a primary focus on firm policies, procedures and controls.”
  • recent high-profile cybersecurity breaches: “Whether or not Target’s risk factor disclosure is sufficient to ameliorate government action and private lawsuits and whether or not Target’s handling of the breach can preserve its brand and reputation as well as manage the potentially substantial costs associated with the incident remain to be seen.”
  • recent cybersecurity-related legislation: “Citing the Target data breach, earlier this month Senate Judiciary Committee Chairman Patrick Leahy (D-VT) introduced the Personal Data Privacy and Security Act (S. 1897). The bill would create a national standard for data breach notification, require that companies engaging in interstate commerce keep consumer data they collect secure from outside intrusion or public release and allow the assessment of potential criminal and civil penalties….Sens. Tom Carper (D-DE) and Roy Blunt (R-MO) have also introduced similar legislation (the Data Security Act of 2014, S. 1927) that would create a national reporting standard for data breaches that would apply to both retailers and financial institutions.”