SEC Reopens Comment Period on Proposed Data Breach Disclosure and Cybersecurity Governance Rules
Last Friday, the Securities and Exchange Commission reopened the comment period on eleven of its pending rulemakings because of a technological error that caused the SEC not to receive all of the comments submitted during the original comment period. One of the eleven proposals affected by the reopening is the SEC’s proposal from March of this year that would require all public companies to disclose (1) material cybersecurity incidents and (2) their cybersecurity risk management, strategy, and governance procedures. The current proposal, which has received dozens of comments already, would, among other things, require companies to file a public disclosure form when the company suffers a “material cybersecurity incident” within four business days after the company has determined the incident is material.
Anyone interested in submitting comments to the proposed rule will have at least 14 more days to submit comments to the SEC via the online form (file number S7-09-22), email, or regular mail. The SEC has advised that anyone who previously submitted comments between June 2021 and August 2022 “check the relevant comment file on SEC.gov to determine whether their comment was received.”