In this episode I visit with John Torres, the COO of Guidepost Solutions. We discuss the recent SEC enforcement action involving Yahoo and its failure to disclose data breaches in 2014, 2015 and 2016. As this was the first SEC enforcement action involving a public company for the failure to disclose to investors and shareholders information of a data breach which materially impacts an organization, Torres and I take a deep dive into the matter.

In this episode, we consider some of the following issues:

  • A discussion of the background facts in the Yahoo SEC enforcement action and why the matter is so important?
  • We consider what the SEC said was the obligation of a publicly listed company when it learns of a breach?
  • In Paragraph 9 of the SEC Order, there were a series of risk factors listed. We discuss their importance.
  • We consider when a publicly listed company must disclose a breach to outside auditors and/or outside counsel.
  • We consider the sufficiency of the penalty.

For a full copy of the SEC Order involving the Yahoo matter, click here.