Data Privacy & Security


Joseph D. Masterson quoted in article “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One of Two)”

The Cybersecurity Law Report

Below is an excerpt:

In the wake of a material incident, companies should issue a supplemental disclosure right away, Joseph Masterson, a partner at Quarles & Brady, said. “The minimum responsibility is the annual obligation to disclose in the 10-K material information about special risks and then to update that information quarterly if it’s changed,” Masterson said. “If there is a major breach, they file an 8-K special report and not wait for the next cycle the way they would normally do it with an SEC filing.”

In other circumstances, the nature of the incident may not require an immediate supplemental disclosure, and the company may decide to instead include updated language in the next scheduled disclosure.

In addition, notes to the financial statements should include a management discussion and analysis of the cyber program, Masterson said.

Originally published in The Cybersecurity Law Report, August 12, 2015

Payment Portal

You are leaving the Quarles & Brady website and being directed to the bill presentment and paying service offered by a third party provider. If you do not wish to continue to the site, click Close or use the Back button on your web browser to return the Quarles & Brady website.