The Davis Polk Cybersecurity Team recently blogged about the breach of the SEC’s EDGAR database:

“…The SEC does not believe that personally identifiable information was exposed, but the investigation is still ongoing and raises questions regarding government agencies’ obligations to protect sensitive information, and the potential litigation challenges facing individuals who are impacted by hacks of government agencies.

[W]hile federal agencies have a duty to safeguard personal information, this duty has thus far appeared to be largely unenforceable in practice.  In a recent article on the SEC hack, Avi Gesser raises the question of whether the day will come when individuals and companies simply refuse to provide their most sensitive information to government agencies without first receiving some reasonable assurance that their information will be protected by these agencies.”

Read the rest of the post on Cyber Breach Center.

Law Clerk Alicia Robinson contributed to this post.