It seems as though Congress is working on passing legislation to clarify breach disclosure requirements, reports a recent article in Compliance Week. The article, titled “Suddenly, Washington is Back at Cybersecurity Discussion,” discussed the last time that the SEC addressed cybersecurity, which was in 2011 when they offered staff guidance hoping to push companies to disclose information regarding cyber-attacks to current and potential investors.

“Beyond industry-specific requirements for healthcare and banking, most disclosure requirements have been dictated by state governments, leaving compliance departments stuck in a patchwork of various disclosure regimes across the nation,” reports the article.

Buchanan Ingersoll & Rooney's Director of Federal Government Relations James C. Wiltraut tells the publication that the SEC and other regulators should focus on clearly defining what constitutes “reasonable security measures.”

In the article, he notes “If you weigh the amount of risk versus the preemptive actions you took, you can compare and contrast,” he says. “Was that approach reasonable given that you had a billion in assets you were trying to protect?” 

Read the full article - "Suddenly, Washington is Back at Cybersecurity Discussion” (Compliance Week, May 12, 2015). Subscription required.