Welcome to the November issue of Mayer Brown’s Privacy Posts, a newsletter on privacy, security and data protection law that will report and provide commentary on developments and trends that are significant to our clients’ business across the globe. As always, we welcome your thoughts and comments and invite you to contact us with any feedback.
On October 13, 2011, the Division of Corporation Finance of the Securities and Exchange Commission issued guidance regarding the disclosure obligations of public companies relating to cybersecurity risks and cyber incidents. The guidance seeks to balance the disclosure obligations of public companies against the potential for detailed disclosures to compromise cybersecurity efforts by providing a roadmap for those seeking to infiltrate a public company’s network security. The guidance, which is not intended to be exhaustive, focuses on six disclosure areas.
Continuing the recent proliferation of cases brought by consumers claiming various statutory and common law violations by companies involved in collecting and storing confidential personal information, the First Circuit recently has had an opportunity to consider the issue of whether consumers’ alleged damages were too speculative, and not reasonably foreseeable, to establish cognizable injuries. In Anderson v. Hannaford Bros., Co., the court determined that plaintiffs could recover certain mitigation costs, such as the cost of procuring identity theft insurance, under negligence and implied contract claims under Maine law where there was evidence that data was misused to commit identity theft against at least some of the affected parties.
Of Related Interest