Failing to report sensitive data breaches to US regulatory and law enforcement agencies just got more dangerous and confusing for CISOs and their organizations. If that failure is seen as a coverup, such as paying ransoms for retrieving sensitive data, it could lead to steep fines or jail time.

In a case that is playing out now, Joe Sullivan, former Uber CISO, was recently charged under an ambiguous, arcane law that goes back to 1789 called misprision of a felony. In the charging documents, the FBI claims Sullivan’s actions of paying off the attackers to retrieve the data are akin to aiding and abetting a crime. If this case wins, it will grind businesses to a halt as they feel compelled to report anything that might appear to be a data-related crime against their organizations.

To read this article in full, please click here

You May Also Like

A database containing 800 million Chinese faces and vehicle license plates leaked

Millions of faces and car license plates were stored in a sizable…

Bipartisan bill could bring back the White House national cyber director role

Last week a bipartisan group of US House of Representatives legislators introduced…