The Criminal & Ethical Implications of the Uber CISO Conviction

The C-Suite, and all attorneys that work with C-Suiters, must be aware of the latest developments in cybersecurity criminal law. In what is believed to be the first criminal prosecution of a corporate executive based on a data breach, in October 2022, a jury convicted Joseph Sullivan, Uber's former Chief Security Officer, of two felonies in connection with his handling of a major 2016 data breach. Sullivan could be sentenced to eight years in prison. This verdict highlights the particular significance of cybersecurity and data protection concerns for the C-Suite, general counsel, and all involved attorneys. These matters are grounded in complex legal and ethical quagmires, such that corporate executives and their legal counsel need to prioritize cybersecurity and data protection or be prepared to face the consequences -- which could include criminal liability.

This program, presented by Leeza Garber and Gail Gottehrer, will discuss key takeaways from the Sullivan case, what the criminal conviction could mean for CISOs moving forward, and other important implications of the matter.

Learning Objectives:

1. Analyze the takeaways from the Sullivan case and what the conviction may mean for CISOs

2. Identify the implications of the views of the FTC, and other regulators, about the role the C-Suite and corporate boards should play in cybersecurity and data privacy

3. Break down New York Department of Financial Services' proposed amendments to cybersecurity regulations for financial services companies, including new requirements for CISO

4. Identify best practices regarding cybersecurity and handling the ethical decisions inherent in managing cybersecurity risk