- EC’s Proposed Rule Regarding Cybersecurity Breach Notifications
On March 9, 2022, the United States Securities and Exchange Commission (“SEC”) has proposed a rule requiring publicly traded company to disclose “material” cybersecurity breaches within 4 days of the breach. Companies would report material breaches via Form 8-K if the breach occurs prior to annual or quarterly filing requirements. Among others, the proposed rule requires companies to disclose the materiality of the incident itself and whether company management has appropriate cybersecurity expertise and training. Notably, the proposed rule does not obviate a company’s reporting requirements even if there’s an ongoing concurrent criminal investigation. The proposed rule seeks to modernize the SEC’s current cybersecurity disclosures.
Finally, the SEC proposed rule does not alter or amend a state-based notification law (as many states have separate cybersecurity breach, or data breach, notifications which vary in timing.
2. The Trending Elimination of Non-Competition Agreements – “Freedom to Compete Act”
Pending before the US Senate is Senate Bill 2375 (entitled “The Freedom to Compete Act”)F which seeks to prevent employers from utilized non-competition agreements “in employment contracts for certain non-exempt employees.” The bill would amend the Fair Labor Standards Act of 1938 and evidences a wide scale trend to abolish non-competition agreements (with limited exceptions) by the federal government (President Biden and the Federal Trade Commission (FTC)). Earlier in the year, President Biden directed the FTC to undertake a review of all measures designed to prohibit competition in the employer-employee context. While the FTC is currently studying the impact of non-competition agreements as burdensome restrictions on trade for non-exempt employees, it has been unable to act due to a vacancy for a commissioner seat the current construct of the FTC has a total of 4 commissioners, with a fifth seat that is vacant due to political gridlock.
3. California’s New Proposed Biometric Privacy Law
Modeled after Illinois Biometric Information Privacy law, the California legislature has introduced Senate Bill 1189 which would prohibit all companies from “selling, leasing, trading, using of advertising purposes, or otherwise profiting from a person’s biometric data. The law would go into effect on January 1, 2023. Under the proposed law, biometric data would include physiological, biological, and behavioral characteristics utilized to establish an individual’s identity. Senate Bill 1189 would provide for a private cause of action against an offending company and would supplement the California Consumer Privacy Act.