Legislation recently introduced in the US Congress would compel publicly-traded companies to disclose in their filings with securities regulators whether any member of their board of directors was a ‘cybersecurity expert’.
Does this make sense to you? It does not to this commentator from the law firm Jones, Day. He says the role of the board is not to *be* the expert but to ensure that expertise is sought and its advice considered properly.
The comment notes that the SEC “has already made it clear that companies must disclose material cybersecurity risks and incidents to investors in their public filings.”
Is that the law in Canada as well? If not, should it be? Do we need laws as in the US to permit companies (and perhaps law firms) to share cybersecurity information, without the threat of accusations of anti-competitive conduct?