Uber CSO ruling fallout: Individual liability extends to data breach response
By 
Aaron Nicodemus2022-10-20T15:07:00
Do compliance officers need to worry about individual liability regarding data breaches? Yes, said two former federal prosecutors.
Compliance officers have many concerns. They fret about whether their firm’s internal controls are working properly to prevent fraud and other misconduct. They wonder whether their fellow employees, despite regular training and reminders, understand those controls and apply them properly. And they hope they will have the genuine and unqualified support of their firm’s senior management should things go sideways.
The case of the Uber chief security officer found guilty by a jury earlier this month on two felonies for covering up a massive data breach and misleading federal regulators opens up another potential individual liability issue executives handling cyber incidents face, according to legal experts.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefEx-Uber security chief avoids prison in obstruction case
The former chief security officer of Uber Technologies was sentenced to probation by a federal court judge as punishment for his involvement in covering up a 2016 data breach that affected 57 million users.
-
OpinionAllianz case questions if DOJ encouraging scapegoating in individual liability push
Is the Department of Justice’s focus on individual accountability in white-collar crime cases encouraging companies to scapegoat their employees? A recent court filing in a $6 billion corporate fraud case could give company officers some sleepless nights.
-
ArticleDOJ official addresses liability concerns stemming from Uber CSO case
Principal Associate Deputy Attorney General Marshall Miller called the conviction of a former Uber Technologies chief security officer on obstruction charges an “outlier” that should not discourage compliance officers from self-reporting violations.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.