David S. Wolpa

David concentrates his practice on securities, mergers and acquisitions and general corporate matters, representing clients in a wide variety of industries. His experience includes representing public and private companies in offerings of securities and mergers and acquisitions transactions.

Contact:

SEC Adopts Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rules

By David S. Wolpa, Andrew Konia, Latasha James & Elizabeth Jones on July 27, 2023

Posted in Cybersecurity, Financial Information

On July 26, the U.S. Securities and Exchange Commission adopted new rules regarding public companies’ reporting of (i) cybersecurity incidents, (ii) policies and procedures for identifying and managing cybersecurity risks and (iii) management and board roles in implementing cybersecurity policies and procedures. Read on for details about the new rules and recommended next steps for…

SEC Proposes New, Formal Cybersecurity Disclosure Rules

By David S. Wolpa & Andrew Konia on March 16, 2022

Posted in Cybersecurity

On March 9, the U.S. Securities and Exchange Commission proposed new rules that would fundamentally change how public companies treat the reporting and management of cybersecurity incidents and risk.

Read on for details about these proposed rules, which build significantly upon prior guidance by creating express, mandatory disclosure obligations.

SEC Report Reiterates Cybersecurity Implications for Internal Control Requirement

By David S. Wolpa on October 17, 2018

Posted in Enforcement - Federal Agency and State AG Action

On October 16, 2018, the Securities and Exchange Commission (SEC) issued a report on the results of investigations made by the SEC’s Division of Enforcement into nine public companies that were victims of cyber-related frauds. In each case, the SEC investigation focused on whether the target companies had complied with the applicable requirements of the Securities Exchange Act of 1934, as amended (Act). The Act requires public companies to devise and maintain a system of internal control over financial reporting designed to provide reasonable assurance that, among other things, transactions are executed in accordance with company management’s authorization, that transactions are properly recorded and that access to assets is permitted only with management’s authorization.

Ultimately, the SEC did not pursue enforcement actions against any of these companies, but released the report to advise public companies that cyber-fraud incidents must be taken into account when designing and maintaining internal control procedures.
Continue Reading SEC Report Reiterates Cybersecurity Implications for Internal Control Requirement

Between a Rock and a Hard Place: SEC Disclosure Analysis in Light of Yahoo

By Andrew Konia, Alexander Madrid, David S. Wolpa & McGuireWoods LLP on May 8, 2018

Posted in Enforcement - Federal Agency and State AG Action

On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach.

This settlement demonstrates that companies in post-data breach environments must engage in a thorough, fulsome analysis of whether to disclose the cybersecurity incident in their…

Menu

Password Protected