On December 19, 2019, the Staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance issued guidance outlining the Staff’s views about disclosure obligations that companies should consider with respect to technology, data and intellectual property risks that could arise when operations take place outside the United States. Companies should consider this guidance when preparing risk factor and other disclosures included in upcoming periodic reports and registration statements.
The Staff notes that the SEC’s principles-based disclosure regime recognizes that new risks may arise over time, affecting different companies in different ways. For those companies that conduct business operations outside the United States, risks can arise for technology and intellectual property, particularly when operations take place in jurisdictions that do not provide protection that is comparable to the United States. The Staff observes that companies may be exposed to material risks of “theft of proprietary technology and other intellectual property, including technical data, business processes, data sets or other sensitive information.” Exposure to such risks can be heightened when companies conduct business in some foreign jurisdictions, house technology, data and intellectual property abroad, or license technology to joint ventures with foreign partners.