Senators Introduce Bill Requiring Cybersecurity Expertise Reports to SEC
Wednesday, January 20, 2016
Senators, Privacy, Cybersecurity Disclosure to SEC

Related Practices & Jurisdictions
Print Mail Download i

On December 17, 2015, Senators Reed (D-RI) and Collins (R-ME) introduced the Cybersecurity Disclosure Act of 2015 (S. 2410), which has been referred to the Committee on Banking, Housing, and Urban Affairs.  According to the press release accompanying the bill, it “seeks to strengthen and prioritize cybersecurity at publicly traded companies by encouraging the disclosure of cybersecurity expertise, or lack thereof, on corporate boards at these companies.”

The bill applies to “reporting companies,” defined as companies that issue registered securities under 15 U.S.C. § 78l or companies that are required to file reports with the Securities and Exchange Commission (“SEC”) under 15 U.S.C. § 78o(d).  It requires the SEC to issue rules within one year of enactment that require reporting companies to include disclosures relating to the cybersecurity expertise of their corporate boards in their annual reports.

Specifically, reporting companies must disclose whether any member of their board “has expertise or experience in cybersecurity,” with sufficient detail to “fully describe the nature” of that experience.  If no member of the board has such experience, reporting companies must “describe what other cybersecurity steps” were taken into account by those responsible for identifying and evaluating nominees to the board.

Finally, the SEC must coordinate with the National Institute of Standards and Technology to “define what constitutes expertise or experience in cybersecurity, such as professional qualifications to administer information security program functions or experience detecting, preventing, mitigating, or addressing cybersecurity threats.” Cybersecurity threats are defined identically to the Cybersecurity Act of 2015, which was enacted into law on December 18, 2015, as actions “through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.”

© 2024 Covington & Burling LLP

Current Public Notices

Current Legal Analysis

More from Covington & Burling LLP

Standing Issues in Data Breach Litigation: An Overview
by: Priscilla Fasoro , Lauren Wiseman
Financial Agencies Release Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing
by: Lucille C. Bartholomew
Senate Confirms Kraninger as BCFP Director
by: Luis Urbina
FTC Solicits Public Comment on Identity Theft Detection Rules
by: S. Burr Eckstut
Significant FDA Digital Health Policy Development for Prescription Drug Sponsors
by: Mingham Ji , Christina G. Kuhn
First Significant Pay-to-Play Legislation for the District of Columbia Approved by D.C. Council
by: Kevin Glandon
FTC Settles with PR Firm and Publisher Over Social Media Endorsements
by: Inside Privacy Blog at Covington and Burling
Senate Testimony Highlights Tensions in BSA/AML Reform Efforts as Lawmakers Consider Bipartisan Legislation
by: Sam Adriance
Reprieve in U.S.-China Trade Tensions: U.S. Tariffs on $200 Billion in Chinese Imports to Stay at 10 Percent for 90 Days; China to Purchase U.S. Goods
by: Christopher Adams , John Veroneau
AI Update: FCC Hosts Inaugural Forum on Artificial Intelligence
by: Thomas Parisi

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins