Senators call on SEC to mandate more breach reporting

Share this article:

Prompted by recent breaches of intellectual property belonging to U.S. corporations, federal lawmakers want the Securities and Exchange Commission (SEC) to clarify guidance around the obligation to publicly disclose these incidents to shareholders.

In a Wednesday letter to SEC Chairwoman Mary Schapiro, five senators said existing securities regulations require publicly traded businesses to reveal any "material network breach." That includes incidents leading to the loss of sensitive data, such as intellectual property and trade secrets, which could be used by adversaries to gain a competitive advantage, impact earnings or shrink market share.

Judy Burns, an SEC spokeswoman, said the agency hasn't specifically issued guidance related to breaches, but such incidents likely are covered under securities laws from the 1930s.

"If something is material to investors then they have to disclose it," she told SCMagazineUS.com. "If it's a big enough that the shareholders care about it and need to know about it, then you have to disclose it."

But many organizations fail to report data compromises to investors, particularly those involving corporate espionage, according to the five lawmakers who signed the letter. They are members of the Senate Committee on Commerce, Science and Transportation.

"Our review of recent corporate disclosures suggests that material breach reporting, like information risk, is inconsistent and unreliable," the letter said. "We are concerned that the lack of quality, public information in these matters enables an inefficient marketplace that devalues security and impairs investor decision-making."

But John Pescatore, vice president and research fellow at Gartner, said issuing new guidance will result in more paperwork, not necessarily better security or investor insight.

"Trying to say we want specific guidance on a specific type of risk usually results in more reporting burdens," Pescatore said. "We already have [SEC] disclosure requirements. Material impact is material impact. Risk is risk."

Burns said the agency likely will respond to Sen. Jay Rockefeller, D-W.Va., who heads the Commerce Committee.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.