Collecting, storing and using personally identifiable information (PII) is a very profitable enterprise. Companies such as Facebook Inc. and Alphabet Inc.’s Google have made billions off monetizing consumer information.
However, Yahoo! Inc. may be the poster child for how a consumer-facing company could potentially lose those earnings due to data breaches. Yahoo now faces multiple federal, state and international lawsuits stemming from the breach. Verizon Communications Inc.’s deal to buy Yahoo has also come into question post-breach.
Will Yahoo also face derivative shareholder litigation for not disclosing earlier the risk of a data breach, which the company knew about since 2014?
The U.S. Securities and Exchange Commission request most public companies to disclose risk factors through its annual filing, Form 10-K. In the annual report, public companies must disclose significant risk factors such as employment, logistical, infrastructure and other issues that may negatively impact the company.
Although not explicitly required, some companies have used their annual reports to disclose cybersecurity risk factors. The SEC has said in guidance that cybersecurity incident disclosures aren’t required by law, but it is advisable to put in this information if it impacts a company’s financial condition or anticipated legal proceedings. Companies have filed 140 annual reports that include “cyber, cybersecurity, data breach or data security” as risk factors, Bloomberg Law data show.
According to a recent study by the International Association of Privacy Professionals, companies that have disclosed perceived data security or privacy risks say that cybersecurity concerns (89 percent) and corporate espionage (54 percent) are the biggest threats to the company. The report went through 10-K filings for companies ranked in the Fortune 150 list.
However, companies are more worried about losing personal protected information (PII) rather than losing trade secrets, health data and other confidential information, the report said. The report found that 70 percent of companies cited PII as a major risk factor for investment, while only 11 percent of companies listed PHI as a concern for investors.
Yahoo’s fate is still unclear, but the company did release information on the data breach in its quarterly filing, Form 10-Q. As more cyberattacks become the norm for U.S. companies, it is almost certain that companies will be using the SEC’s Form 10-K to help avoid potential shareholder litigation.
To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)