As Allison Handy noted on our Public Chatter blog, Erik Gerding, the Director of the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance, issued a statement on May 21 clarifying public companies’ obligations to disclose cybersecurity incidents under Item 1.05 of Form 8-K. The statement looks like a response to the potential—and actual—“abundance of caution” filings in which public companies disclose that an incident occurred but do not announce whether the incident met the SEC’s materiality threshold.

Read the full blog post here on Perkins on Privacy.