Sen. Jay Rockefeller (D-W.Va.) has called on the Securities and Exchange Commission to clarify corporate obligations to publicize cybersecurity breaches.
In a letter to SEC Chair Mary Schapiro, Rockefeller said that "securing cyberspace is one of the most important and urgent challenges of our time. In light of the growing threat...it is essential that corporate leaders know their responsibility for managing and disclosing security risk."
Current law requires publicly traded companies to disclose to investors "material" risks and events including network breaches, but Rockefeller says a "significant" number of companies are not doing so.
He wants some "interpretative guidance" from SEC to clarify that responsibility.
The call comes the same week that Sen. Patrick Leahy (D-Vt.), chair of the Senate Judiciary Committee, said he would push a fourth time for a bill that would mandate online privacy breach notifications to the public and law enforcement. A Justice Department official said the administration would recommend that reporting requirement as part of an upcoming set of legislative recommendations.
That news came out in a Senate privacy subcommittee hearing this week in the wake of revelations about geolocation data collection by Apple iPhones and a couple of high-profile breaches of personal information involving Sony online gaming networks.
