On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted its long-anticipated cybersecurity reporting rule (the “Final Rule”). The Final Rule applies to public companies subject to the reporting requirements of the Securities Exchange Act of 1934 and, in some cases, to foreign private issuers. As quoted in the SEC’s press release, SEC Commissioner Gary Gensler noted that many public companies already make cybersecurity disclosures to investors, and the Final Rule provides uniformity and structure for these future disclosures. The Final Rule also imposes a tight timeline for cybersecurity incident reporting and may include disclosure of an ongoing cybersecurity incident, as well as requiring periodic disclosures concerning organizational cybersecurity risk management processes and governance.
While the substantial backlog of decisions has many observers waiting for a flood of rulings, the Supreme Court is moving at its own pace. Thus, the Court has issued a single opinion today, but especially for readers who are involved in administrative law challenges to administrative agency determinations, it is an important one. And it might become even more significant to the extent that it augurs future limitations on agency autonomy.
- What Does the Upcoming Amendment to Federal Rule of Evidence 702 Mean for the Admission of Expert Testimony?
- Rare DOJ Criminal Indictment Related to Medicare Advantage Risk Adjustment
- What to Do When Your Distribution Checks Stop Arriving
- The Validity of More Than a Decade’s Worth of Federal Regulations Are at Stake as the U.S. Supreme Court Decides the Constitutionality of the Consumer Financial Protection Bureau’s Funding Structure
- What to Know About the New DOJ Mergers & Acquisitions (M&A) Safe Harbor Policy for Voluntary Self-Disclosures Made in Conjunction with Misconduct: Questions and Answers