The Cybersecurity Threat: Compliance and the Role of Whistleblowers

Brooklyn Journal of Corporate, Financial & Commercial Law, Symposium Edition: "The Role of Technology in Compliance in Financial Services: An Indispensable Tool as well as a Threat?" Vol. 11, 2016

33 Pages Posted: 5 Jul 2016 Last revised: 4 Feb 2017

See all articles by Jennifer M. Pacella

Jennifer M. Pacella

Indiana University, Kelley School of Business

Date Written: 2016

Abstract

In today’s technologically dependent world, concerns about cybersecurity, data breaches, and compromised personal information infiltrate the news almost daily. The Securities and Exchange Commission (“SEC”) has recently emerged as a regulator that is keenly focused on cybersecurity, specifically with respect to encouraging disclosures in this arena from regulated entities. Although the SEC has issued non-binding “guidance” to help companies navigate their reporting obligations in this sector, the agency lacks binding cybersecurity disclosure regulations as they pertain generally to public companies. Given that the SEC has already relied on such guidance in threatening enforcement actions, reporting companies are increasingly pressured for compliance in this arena. This Article will address the importance of establishing effective internal reporting channels and other internal compliance mechanisms in meeting the SEC’s expectations and will highlight the role of “cybersecurity whistleblowers,” specifically those reporting internally, in building the type of improved corporate culture necessary to discover and remediate cybersecurity risks. Cybersecurity whistleblowers, like all whistleblowers, commonly experience retaliation for their efforts. Despite the SEC’s commitment to providing whistleblowers retaliation protections through statutes like the Sarbanes-Oxley and Dodd-Frank Acts, the absence of binding cybersecurity regulations translates into a direct problem for cybersecurity whistleblowers because their reports are likely to fall outside the scope of “protected activity” enumerated under these statutes. This Article will discuss this gap in protections in light of the SEC’s heightened cybersecurity focus, the feasibility of SEC adoption of binding cybersecurity disclosure regulations, and the broad contributions of whistleblowers to compliance systems generally.

Keywords: cybersecurity, technology, data, compliance, whistleblowing, SEC

Suggested Citation

Pacella, Jennifer M., The Cybersecurity Threat: Compliance and the Role of Whistleblowers (2016). Brooklyn Journal of Corporate, Financial & Commercial Law, Symposium Edition: "The Role of Technology in Compliance in Financial Services: An Indispensable Tool as well as a Threat?" Vol. 11, 2016, Available at SSRN: https://ssrn.com/abstract=2803995 or http://dx.doi.org/10.2139/ssrn.2803995

Jennifer M. Pacella (Contact Author)

Indiana University, Kelley School of Business ( email )

1309 East Tenth Street
Bloomington, IN 47405
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
153
Abstract Views
1,354
Rank
347,308
PlumX Metrics