The United States Senate convened for the first time on March 4, 1789, which means that on March 4 of 2017 it will celebrate its 228th birthday. Since its inception, more than 1800 people have served as senators, some remembered as political giants, many lost in the shrouds of history. But even those not destined to be remembered as giants of the Senate may have taken actions that ultimately had profound consequences for many Americans.
Note, for example, a letter sent by Virginia Senator Mark Warner asking the Securities and Exchange Commission to investigate whether Yahoo’s senior executives improperly failed to disclose its initial 500-million-customer breach in timely fashion. The issue warranted attention because the SEC, in 2011, issued a “guidance” to companies mandating that they notify the agency if a breach occurred that could have a “material adverse effect on the business.” But the SEC subsequently had failed to act against a single company for non-disclosure of a cyber incident, apparently rendering the guidance meaningless, until now.
Against all odds it appears Senator Warner’s letter was taken to heart and the SEC may have Yahoo in its sights. It is widely thought that the SEC has been looking for the right case to make clear what the guidance it issued really means. A recent Wall Street Journal article points out, “Former SEC lawyers said the Yahoo scenario appears to provide a clearer set of circumstances than past scenarios provided. If the SEC brought a case, it could make clearer to other companies what type of disclosures it views as potentially violating the law in this area. Experts also say such a case could help clarify rules over timing because the guidance doesn’t lay out detailed requirements.”
The legal problems for Yahoo extend well beyond the SEC. In its November 2016 SEC filing, Yahoo said it was cooperating with the SEC, Federal Trade Commission and other federal, state, and foreign governmental officials and agencies including “a number of State Attorneys General, and the U.S. Attorney’s office for the Southern District of New York.” With its pending sale to Verizon in limbo, and subject to multiple investigations and adverse publicity, this is not a good moment for Yahoo’s senior management. But it could get far worse if the SEC does bring an action against Yahoo, for that likely would give rise to additional litigation. Stay tuned.
By Tom Davis, SDI Cyber Risk Practice
January 24, 2017