This article appeared in Cybersecurity Law & Strategy (August 2018), an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel.
Colorado recently adopted a new law expanding companies’ obligations in the event of a cybersecurity incident, and establishing new data security and disposal obligations. Recent announcements by the SEC likewise emphasize important responsive points for both companies and their personnel in the wake of an incident. Five key takeaways from these developments are highlighted below. In brief, proactively updating company policies, remediation plans, and disclosure and trading practices before a cybersecurity incident arises can go a long way towards efficiently working through a situation when it arises.
To read the full article, click here (subscription required).
Brian Neil Hoffman is of counsel with Holland & Hart LLP. A former SEC enforcement attorney, Brian defends clients in government and SRO investigations and litigates shareholder disputes.
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author(s). This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.