2007-05-15 Attorney's Competency Includes Technology
From The May 15 Issue of the Florida Bar News
Said Bar Ethics Counsel Elizabeth Tarbert: “Lawyers have an obligation of confidentiality, which requires that lawyers take reasonable precautions from inadvertently disclosing client information, as well as from purposefully disclosing client information. “Lawyers also have a duty of competence, which includes keeping current with technological changes that may affect the lawyers’ clients.”
Tuesday, May 15, 2007
2007-05-15 Materiality to Change to a Qualitative Test?
The latest issue of Compliance Magazine reports that the SEC is thinking about, if not formally considering, reviewing and changing the definition of materiality. The last revision to that definition was, according to the article, eight years ago, and the current question is whether to shift from a quantitative to a qualitative definition. This type of shift would actually align with the shift to "risk based" guidelines. My bet is that the SEC does shift to this, because it will appear to allow more wiggle room. If this shift does occur, it will open a litigation floodgate, because a failure to implement proper info-sec policies and processes, which only by extension could be argued to be material, now would be a component of materiality (what's info-sec if not qualitative)
I've had (rather loud) discussions as to whether info-sec policies and processes can be factored into current materiality criteria. A good argument can be made for content authentication technology, but PKI deployments such as identity authentication present more attenuated analyses.
Substituting, or even incorporating a qualitative test into a materiality analysis would, imo, remove the attenuation between info-sec and materiality. It would also open the litigation floodgates.
The latest issue of Compliance Magazine reports that the SEC is thinking about, if not formally considering, reviewing and changing the definition of materiality. The last revision to that definition was, according to the article, eight years ago, and the current question is whether to shift from a quantitative to a qualitative definition. This type of shift would actually align with the shift to "risk based" guidelines. My bet is that the SEC does shift to this, because it will appear to allow more wiggle room. If this shift does occur, it will open a litigation floodgate, because a failure to implement proper info-sec policies and processes, which only by extension could be argued to be material, now would be a component of materiality (what's info-sec if not qualitative)
I've had (rather loud) discussions as to whether info-sec policies and processes can be factored into current materiality criteria. A good argument can be made for content authentication technology, but PKI deployments such as identity authentication present more attenuated analyses.
Substituting, or even incorporating a qualitative test into a materiality analysis would, imo, remove the attenuation between info-sec and materiality. It would also open the litigation floodgates.
Subscribe to:
Posts (Atom)
