![Sample our Information Science journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5940/TOC-Subject-Sample-2021-Communication-Studies.jpg"})
Abstract
Turn on any news channel or open a multitude of websites and one topic appears on the forefront—cybersecurity. Whether it is attacks, breaches, compliance, or fines, cybersecurity transcends every sector and every corporation—public or private. This article details recent actions by the U.S. Securities and Exchange Commission and addresses how various entities can be better prepared to deal with both compliance, attacks, and breaches.
Notes
1. Health Insurance Portability and Accountability Act, Pub. L. 104-191 (August 21, 1996).
2. The Stored Wire and Electronic Communications and Transactional Records Access, 18 U.S.C. Chapter 121 §§ 2701–2712).
3. The Securities Act of 1933, Rule 30(a) of Regulation S-P.
4. The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, Pub. L. 106–102, 113 Stat. 1338 (November 12, 1999).
5. See FTC v. Wyndham Worldwide Corporation, https://www.ftc.gov/news-events/blogs/business-blog/2015/08/third-circuit-rules-ftc-v-wyndham-case (accessed November 10, 2015).
6. U.S. General Services Administration, Rules and Policies—Protecting PII—Privacy Act, http://www.gsa.gov/portal/content/104256 (accessed November 13, 2015).
7. www.whatis.techtarget.com/definition/cybersecurity (accessed November 10, 2015).
8. U.S. Securities and Exchange Commission, IM Guidance Update—No. 2015-02 (April 2015), http://www.sec.gov/investment/im-guidance-2015-02.pdf (accessed November 13, 2015).
9. Ibid.
10. Ibid.
11. U.S. Securities and Exchange Commission, Final Rule: Compliance Programs of Investment Companies and Investment Advisers [Release Nos. IA-2204; IC-26299; File No. S7-03-03], https://www.sec.gov/rules/final/ia-2204.htm (accessed November 13, 2015).
12. Rule 206(4)-7(a). See also section 202(a)(25) of the Advisers Act [15 U.S.C. 80b-2(a)(25)] [defining “supervised person” as “any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of an investment adviser, or other person who provides investment advice on behalf of the investment adviser and is subject to the supervision and control of the investment adviser”].
13. See http://www.sec.gov/rules/final/2013/34-69359.pdf (accessed November 13, 2015).
14. See http://thelawdictionary.org/full-disclosure/ (accessed November 13, 2015).
15. U.S. Securities and Exchange Commission, Certification of Disclosure in Companies’ Quarterly and Annual Reports, https://www.sec.gov/rules/final/33-8124.htm (accessed November 13, 2015). “As directed by Section 302(a) of the Sarbanes-Oxley Act of 2002, we are adopting rules to require an issuer’s principal executive and financial officers each to certify the financial and other information contained in the issuer’s quarterly and annual reports. The rules also require these officers to certify that: they are responsible for establishing, maintaining and regularly evaluating the effectiveness of the issuer’s internal controls; they have made certain disclosures to the issuer’s auditors and the audit committee of the board of directors about the issuer’s internal controls; and they have included information in the issuer’s quarterly and annual reports about their evaluation and whether there have been significant changes in the issuer’s internal controls or in other factors that could significantly affect internal controls subsequent to the evaluation.”
16. See https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf (accessed November 13, 2015).
17. U.S. Securities and Exchange Commission, SEC Charges Investment Advisor with Failing to Adopt Proper Cybersecurity Policies and Procedures Prior to Breach (September 22, 2015), http://www.sec.gov/news/pressrelease/2015-202.html (accessed November 13, 2015).
18. See http://blogs.reuters.com/financial-regulatory-forum/2014/06/03/sec-bars-fines-advisory-owner-for-misrepresenting-gips-compliance/ (accessed November 13, 2015).
19. See https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm#_edn2, fn. 2 (accessed November 13, 2015). “The information in this disclosure guidance is intended to assist registrants in preparing disclosure required in registration statements under the Securities Act of 1933 and periodic reports under the Securities Exchange Act of 1934. In order to maintain the accuracy and completeness of information in effective shelf registration statements, registrants may also need to consider whether it is necessary to file reports on Form 6-K or Form 8-K to disclose the costs and other consequences of material cyber incidents. See Item 5(a) of Form F-3 and Item 11(a) of Form S-3.”
20. See https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm#_edn2 (accessed November 13, 2015).
21. Cybersecurity Should Be A Compliance Issue, Says Expert, http://blogs.reuters.com/financial-regulatory-forum/2013/08/27/cybersecurity-should-be-a-compliance-issue-says-expert/ (accessed November 13, 2015).
Additional information
Notes on contributors
Rachel V. Rose
Rachel V. Rose, JD, MBA is the founder of Rachel V. Rose–Attorney at Law, PLLC, Houston, TX. She advises on a variety of health care and securities law issues including HIPAA/The HITECH Act, Dodd-Frank, and compliance. She is the Policy Liaison for the American Bar Association’s Fraud and Compliance IG and the Chair of the Federal Bar Association’s Corporate and Association’s Counsel Division. Ms. Rose is an affiliated member of Baylor College of Medicine’s Center for Medical Ethics and Health Policy, where she teaches bioethics. She has also co-authored two books, including What Are International HIPAA Considerations? She can be reached at [email protected]