Photo of Kathryn Campbell

Kathryn Campbell represents large and mid-sized clients in complex commercial litigation matters in state and federal court on a variety of business disputes and white-collar issues. Her experience includes representing clients in contract disputes, healthcare litigation, internal investigations, business torts, False Claims Act violations, trade secret and unfair competition claims, as well as products liability claims.

At the recent 2023 Garrett Securities Law Institute Conference SEC panelists, including Erik Gerding, Director of the Division of Corporation Finance, reinforced how important it is for companies to assess emerging risks for materiality—particularly those risks stemming from Environmental, Social and Governance (ESG) issues and cybersecurity issues—and to ensure that those risks are appropriately disclosed to investors.

The SEC panelists further cautioned that disclosures related to emerging risks should not be generic disclosures based on industry-wide trends or risks, but instead should focus on the particular ESG or cybersecurity risk faced by the disclosing company. The SEC reiterated that disclosures regarding emerging risks must be specific enough for investors to appreciate the risks that the company is actually facing. Continue Reading Disclosing Emerging Risks Top of Mind for the SEC

The U.S. Securities and Exchange Commission’s focus on cybersecurity continues in its most recent effort to modernize financial privacy rules and emphasize transparency between SEC-regulated entities who suffer from a cyber breach and the individuals impacted by the breach. The SEC’s latest proposals focus on registrants including broker-dealers, investment advisors, and investment companies, and seek to impose cyberbreach disclosure requirements similar to those the SEC previously proposed for public companies.

On March 15, 2023, the SEC proposed amendments to current data privacy rules that would require covered firms to adopt written policies and procedures for incident response programs. Under the proposed amendments, such policies and procedures must address unauthorized access to or use of customer information, including procedures for providing timely notification to individuals affected by an incident involving sensitive customer information with details about the incident and information designed to help affected individuals respond appropriately. The proposed changes would come through amendments to rules under Regulation S-P.

Regulation S-P currently requires covered registrants to notify customers about how they use their financial information, but it does not require them to notify customers about breaches. The proposed amendments would also ensure that breaches are properly identified, and that sensitive customer data is monitored to determine whether it was accessed.

In announcing the proposed amendments, Chairman Gensler explained that investors would benefit from a financial privacy rule “more modern than the AOL era.” Continue Reading Highlighting Enforcement Focus on Cybersecurity, SEC Proposes New Disclosure & Incident Response Rules