On Feb. 22, 2018, the Securities and Exchange Commission (SEC) issued its first interpretive guidance since October 2011 on public companies’ cybersecurity risk and incident disclosure obligations. Although public companies are not subject to an express obligation to disclose data security threats under federal law or SEC regulations, the latest guidance confirms that “companies nonetheless … Continue reading