image credit: Pexels

Avoiding the snags and snares in data breach reporting: What CISOs need to know

October 20, 2020

Failing to report sensitive data breaches to US regulatory and law enforcement agencies just got more dangerous and confusing for CISOs and their organizations. If that failure is seen as a coverup, such as paying ransoms for retrieving sensitive data, it could lead to steep fines or jail time.

In a case that is playing out now, Joe Sullivan, former Uber CISO, was recently charged under an ambiguous, arcane law that goes back to 1789 called misprision of a felony. In the charging documents, the FBI claims Sullivan’s actions of paying off the attackers to retrieve the data are akin to aiding and abetting a crime. If this case wins, it will grind businesses to a halt as they feel compelled to report anything that might appear to be a data-related crime against their organizations.

Read More on CSO Online