Uber’s former Chief Security Officer was charged with two federal felonies in connection with the company’s 2016 data breach. We’ll explore and explain the obstruction of justice and misprision of a felony charges brought in that case. When are organizations required to report to law enforcement, and when does an organization or its employees cross the line into criminal territory? The Uber case also raises questions about how organizations should run vulnerability disclosure programs; what it means for organizations without a formal disclosure program that receive unsolicited disclosures; and whether organizations should consider reporting to law enforcement in some circumstances. The session will end with recommendations for responsible disclosure requirements and bug bounty programs.
Andreas Kaltsounis, Partner, BakerHostetler