With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues. Though no whistleblower retaliation statute deals directly with the topic, the Sarbanes-Oxley Act will often protect cybersecurity professionals who work directly for public corporations or those corporations’ service providers. Yet further, the Dodd-Frank Act could allow information security workers to receive a whistleblower reward for reporting cybersecurity concerns to the SEC or CFTC, in some cases.
However, the relationship among cybersecurity issues, SOX, and the Dodd-Frank Act is not yet clearly defined. Accordingly, information security professionals should educate themselves about whistleblower protections. Doing so could make the difference between being protected, receiving a whistleblower reward, or suffering retaliation without recourse.- See more at: http://www.natlawreview.com/article/protections-and-rewards-cybersecurity-whistleblowers#sthash.Nu5uovJe.dpuf