In the wake of a cyber incident, a general counsel is confronted with a flood of questions that must be answered quickly. What are our obligations under the patchwork of state, federal and international laws and regulations that may require reporting, especially if financial services or health information are impacted? What is the risk-benefit analysis of disclosing an incident to law enforcement? For public companies, another question is: What, if anything, do we have to disclose in our Securities and Exchange Commission (SEC) filings?
via We’ve Been Hacked—What Do We Need to Disclose in Our SEC Filings? — Inside Counsel