Corporate Compliance Insights
MoFo partners Kristen Mathews, Mark David McPherson, and Janie Schulman authored an article for Corporate Compliance Insights that covers best practices for companies to prevent and defend against cybersecurity whistleblower claims.
“Employees and outsiders have a variety of incentives to raise cybersecurity concerns,” the authors wrote, adding that the consequences of cybersecurity whistleblowing “could prove substantial,” and detailing recent examples of fines and settlements for companies found to be noncompliant.
The authors recommend that companies consider several measures any time it learns of an employee raising cybersecurity concerns about the company’s products, data governance structures or practices, including “thoroughly investigating the concern, considering retaining an independent outside cybersecurity firm, considering revising the audit committee’s procedures for handling confidential complaints, considering revising the company’s incident response plan, and documenting any adverse employment actions carefully.”
They also share tips for companies that fail to avert a whistleblower suit, and note that “in this complex and evolving legal landscape, it will pay off for a company to take special care to navigate these decisions and their potential ramifications safely.”
Visit this link to read the article.