Estimated reading time: 1 minute, 37 seconds

Should Congress Protect Cybersecurity Whistleblowers?

Employees who blow the whistle about cybersecurity issues need a federal law that specifically protects them. That’s according to a new essay posted by the New York University School of Law’s Program on Corporate Compliance Enforcement.

Although both Democratic and Republican leaders have praised whisteblowers, and federal officials have recognized the severity of risks from cyber attacks, cybersecurity whistleblowers may fall through the gaps of existing laws, according to the essay. “If a company is handling sensitive customer data, we want to protect whistleblowers regardless of whether their employer is a public company or whether it does business with the government,” write whistleblower attorneys Jason Zuckerman and Dallas Hammer, the essay’s co-authors.

Zuckerman and Hammer call for a law that directs the Federal Trade Commission to implement both anti-retaliation protections and a potential rewards program for cybersecurity whistleblowers. This could be modeled on existing laws and should cover whistleblowers who report problems internally as well as whistleblowers who cooperate with authorities, they write.

Bruce Schneier, a special advisor to IBM Security and lecturer at Harvard's Kennedy School, posted an excerpt from the essay on his blog, Schneier on Security. “Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers,” he wrote.

A congressional panel recently took steps toward federal oversight of cybersecurity whistleblowers. Last month the Senate Intelligence Committee approved the Intelligence Authorization Act, which would mandate that the “appropriate congressional committees” receive “a report detailing the controls employed by the intelligence community to ensure that continuous evaluation programs, including those involving user activity monitoring, protect the confidentiality of whistleblower-related communications.”

A Supreme Court opinion last year in a case relating to Digital Realty Trust said that whistleblowers could enjoy anti-retaliation protections under the Dodd-Frank financial reform bill only if they shared information directly with the SEC. Lawyers worry that tipsters may be less likely to come forward to corporate compliance officers because of the ruling, reports The Wall Street Journal.

Read 4746 times
Rate this item
(0 votes)

Visit other PMG Sites: