Bug Bounties and Ransomware Demands: Storm Clouds Ahead for In-House Counsel
Michael Ward, Matthew Baker, and Jessica Wu of Baker Botts write about the conviction of Uber’s former security chief for felony violations of obstructing a Federal Trade Commission investigation and “misprision of felony” for failing to disclose a 2016 data breach. They then discuss issues for in-house counsel that the case raises, beginning with:
Action Items for In-House Counsel
A duty to disclose? This case compels a reexamination of the perception that there is no general duty to disclose a crime. Certainly, in the case of data breaches, the obligation to disclose may well be clearly defined by statute. Further, any company that is under active investigation for a data breach should carefully consider its obligation to disclose additional security incidents to regulators, particularly if the company has not yet certified substantial compliance with a subpoena or civil investigative demand. But even apart from those circumstances, in-house counsel should also consider whether the company has made any factual representations in litigation, investigations, or compliance certifications that have now become false or misleading because of evolving events.
Read more at Law.com