Recent guidance from the U.S. Securities and Exchange Commission (SEC), as well as cases involving the agency and a Supreme Court ruling on whistleblower protections, have shown just how seriously the SEC takes cybersecurity. Now, the onus is on companies across the nation to treat potential cybersecurity whistleblowers properly.
In one recent case the SEC fined Altaba Inc., previously known as Yahoo Inc., $35 million for the way it improperly handled a 2014 data breach. The case marked the first time ever the SEC penalized the victim of a breach.
Whistleblower law experts say the case, as well as the guidance issued by the SEC in February, will both serve to incentivize people within agencies and organizations to step forward and disclose any information they have about cybersecurity issues, especially those that can compromise the personal information of employees and customers. In these cases, the SEC is essentially saying to these companies, “This is an issue you have to take seriously.”
Nothing is technically new
The SEC has emphasized the importance of cybersecurity for years, though there has certainly been some renewed vigor with this emphasis this year. In 2011, the SEC issued guidance that said while no rules explicitly addressed disclosures related to cybersecurity, there are more general requirements that oblige firms to release information. Companies began telling investors more about the potential dangers they faced from hackers, but that risk has grown as technology has evolved, prompting the SEC to push once again the importance of cybersecurity.
With recent events, whistleblowers have more reason to believe that by informing authorities about cybersecurity problems or companies’ failure to disclose them, they are reporting a securities law violation, which means they could potentially earn money for providing these tips.
To learn more about issues related to cybersecurity and securities laws, work with an experienced Dallas whistleblower attorney at Kardell Law Group.