December 4, 2021

Volume XI, Number 338

Advertisement
Advertisement

December 03, 2021

Subscribe to Latest Legal News and Analysis

December 02, 2021

Subscribe to Latest Legal News and Analysis

December 01, 2021

Subscribe to Latest Legal News and Analysis

Does The SEC Have A Duty To Correct Its Cybersecurity Statement?

Law firms and legal commentators have been churning out discussions of the Securities and Exchange Commission's Statement and Guidance on Public Company Cybersecurity Disclosures.  Rather than simply regurgitate the statement, I will take issue with the SEC's reminder that issuers owe a duty to update:

We remind companies that they may have a duty to correct prior disclosure that the company determines was untrue (or omitted a material fact necessary to make the disclosure not misleading) at the time it was made (for example, if the company subsequently discovers contradictory information that existed at the time of the initial disclosure), or a duty to update disclosure that becomes materially inaccurate after it is made (for example, when the original statement is still being relied on by reasonable investors).  Companies should consider whether they need to revisit or refresh previous disclosure, including during the process of investigating a cybersecurity incident.  (footnotes omitted)

The SEC locates this duty to update in Backman v. Polaroid Corp., 910 F.2d 10 (1st Cir. 1990) which it cites in a footnote.  The same footnote acknowledges that other Circuits have found no duty to update:

"But see Higginbotham v. Baxter Intern., Inc., 495 F.3d 753, 760 (7th Cir. 2007) (rejecting duty to update before next quarterly report); Gallagher v. Abbott Laboratories, 269 F.3d 806, 808-11 (7th Cir. 2001) (explaining that securities laws do not require continuous disclosure).  

Surprisingly missing from the SEC's Statement is any mention of the Private Securities Litigation Reform Act.  The PSLRA expressly disclaims any duty to update.  15 U.S.C. §§ 77z-2(d) and 78u-5(d) ("Nothing in this section shall impose upon any person a duty to update a forward-looking statement."). 

Granted the PSLRA safe harbor applies to "forward-looking statements" as defined and the case law involving the duty to update is at best unclear.   Nonetheless, I find the SEC's statement to be misleading.  A more forthright statement would be that the Courts have reached opposite conclusions as to the existence of a duty to update and that no such duty exists with respect to forward-looking statements within the meaning of the PSLRA.  

This is more than a mere cavil.  Implying a duty to update is a dangerous proposition as it would seemingly require issuers to continuously review all prior statements no matter how long in the tooth.  

© 2010-2021 Allen Matkins Leck Gamble Mallory & Natsis LLP National Law Review, Volume VIII, Number 57
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Keith Paul Bishop, Corporate Transactions Lawyer, finance securities attorney, Allen Matkins Law Firm
Partner

Keith Bishop works with privately held and publicly traded companies on federal and state corporate and securities transactions, compliance, and governance matters. He is highly-regarded for his in-depth knowledge of the distinctive corporate and regulatory requirements faced by corporations in the state of California.

While many law firms have a great deal of expertise in federal or Delaware corporate law, Keith’s specific focus on California corporate and securities law is uncommon. A former California state regulator of securities and financial institutions, Keith has decades of...

949-851-5428
Advertisement
Advertisement
Advertisement