Securities and Exchange Commission Chairman Mary Schapiro will “seriously consider” issuing additional guidance detailing when public companies should notify the public about cybersecurity breaches, Reuters reports.
“Although we are not aware that investors have asked for more disclosure in this area, I have asked the commission staff to provide me with a briefing on current disclosure practices,” Schapiro said in a letter to Sen. John Rockefeller, obtained by Reuters. “As we further analyze this issue, we will seriously consider your request for interpretive guidance.”
Although the law requires public companies to disclose risks and events that could be deemed important information for investors, Rockefeller said his concern was that many fail to notify about information security risks.
The West Virginia senator has asked the SEC to consider publishing interpretive guidance on publicizing breaches involving intellectual property or trade secrets.