Protections and Rewards for Cybersecurity Whistleblowers

February 16, 2016

With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues. Though no whistleblower retaliation statute deals directly with the topic, the Sarbanes-Oxley Act will often protect cybersecurity professionals who work directly for public corporations or those corporations’ service providers. Yet further, the Dodd-Frank Act could allow information security workers to receive a whistleblower reward for reporting cybersecurity concerns to the SEC or CFTC, in some cases.

However, the relationship among cybersecurity issues, SOX, and the Dodd-Frank Act is not yet clearly defined. Accordingly, information security professionals should educate themselves about whistleblower protections. Doing so could make the difference between being protected, receiving a whistleblower reward, or suffering retaliation without recourse.

- See more at: http://www.natlawreview.com/article/protections-and-rewards-cybersecurity-whistleblowers#sthash.Nu5uovJe.dpuf

 

What Does SOX Protect?

In relevant part, Section 806 of the Sarbanes-Oxley Act forbids a covered employer to “discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee” because of any lawful disclosure or act “regarding any conduct which the employee reasonably believes constitutes a violation of”:

  • Mail fraud;

  • Wire fraud;

  • Bank fraud;

  • Securities or commodities fraud;

  • any SEC rule or regulation; or

  • any provision of Federal law relating to fraud against shareholders.

18 U.S.C. § 1514A.

- See more at: http://www.natlawreview.com/article/protections-and-rewards-cybersecurity-whistleblowers#sthash.Nu5uovJe.dpuf

What Does SOX Protect?

In relevant part, Section 806 of the Sarbanes-Oxley Act forbids a covered employer to “discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee” because of any lawful disclosure or act “regarding any conduct which the employee reasonably believes constitutes a violation of”:

  • Mail fraud;

  • Wire fraud;

  • Bank fraud;

  • Securities or commodities fraud;

  • any SEC rule or regulation; or

  • any provision of Federal law relating to fraud against shareholders.

18 U.S.C. § 1514A.

- See more at: http://www.natlawreview.com/article/protections-and-rewards-cybersecurity-whistleblowers#sthash.Nu5uovJe.dpuf

With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues. Though no whistleblower retaliation statute deals directly with the topic, the Sarbanes-Oxley Act will often protect cybersecurity professionals who work directly for public corporations or those corporations’ service providers. Yet further, the Dodd-Frank Act could allow information security workers to receive a whistleblower reward for reporting cybersecurity concerns to the SEC or CFTC, in some cases.
However, the relationship among cybersecurity issues, SOX, and the Dodd-Frank Act is not yet clearly defined. Accordingly, information security professionals should educate themselves about whistleblower protections. Doing so could make the difference between being protected, receiving a whistleblower reward, or suffering retaliation without recourse.

What Does SOX Protect?
In relevant part, Section 806 of the Sarbanes-Oxley Act forbids a covered employer to “discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee” because of any lawful disclosure or act “regarding any conduct which the employee reasonably believes constitutes a violation of”:
    •    Mail fraud;
    •    Wire fraud;
    •    Bank fraud;
    •    Securities or commodities fraud;
    •    any SEC rule or regulation; or
    •    any provision of Federal law relating to fraud against shareholders.

18 U.S.C. § 1514A.

Read Full Article