This article appeared in Cybersecurity Law & Strategy (August 2018), an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel.
Colorado recently adopted a new law expanding companies’ obligations in the event of a cybersecurity incident, and establishing new data security and disposal obligations. Recent announcements by the SEC likewise emphasize important responsive points for both companies and their personnel in the wake of an incident. Five key takeaways from these developments are highlighted below. In brief, proactively updating company policies, remediation plans, and disclosure and trading practices before a cybersecurity incident arises can go a long way towards efficiently working through a situation when it arises.
To read the full article, click here (subscription required).
Brian Neil Hoffman is of counsel with Holland & Hart LLP. A former SEC enforcement attorney, Brian defends clients in government and SRO investigations and litigates shareholder disputes.