Background
Whistleblowing in the IT context has become challenging. In part, due to the lack of an understanding of the elements that amount to security breach by employees. Also, due to the inadequate legal protections for the whistleblowers. At times, a whistleblower may notice employees who are carelessly exchanging passwords and unencrypted information and report them to the senior management (Pacella, 2016). Instead of addressing these concerns, the whistleblower may be perceived as non-conformant and, thus, may be punished or fired. This scenario is called internal whistleblowing. Due to the rise in data breaches over the past few years, it is vital to analyze the context of whistleblowing in IT.
Legal Protections for Whistleblowing in IT
The federal government has made steps to discourage the punishment of whistleblowers. For example, the Sarbanes-Oxley Act (SOX) defends the employees who report the public corporations that encourage misconduct, such as violation of security laws (Pacella, 2016). Cybersecurity issues fall within this jurisdiction. A whistleblower has to file a complaint before the Secretary of Labor. If the allegations are ascertained, then they will obtain compensatory damages, including returning to their jobs and being paid their salaries with interest (Pacella, 2016). This rule enables whistleblowers working in public corporations to report cybersecurity issues without facing retaliation. Meanwhile, the Dodd-Frank Act (DFA) protects the whistleblowers in private firms provided they provide information to the US Securities and Exchange Commission (SEC), testify in the investigations, and before hearings, and make necessary disclosures under SOX regulations (Pacella, 2016). However, these guidelines have not been effective in protecting the whistleblowers from retaliation.
Delegate your assignment to our experts and they will do the rest.
In most cases, the administrative bodies rule in favor of the employers since the reports from cybersecurity whistleblowers do not fall within categories eligible for protection. For instance, the Dodd-Frank statute dictates that whistleblowers are individuals who report the misconduct linked to the violation of federal securities law or the regulations put forth by the SEC (Pacella, 2016). This law excludes the whistleblowers who provide findings on the violation of state and foreign laws. Besides, one has to demonstrate that the report amounts to “protected activity.” Courts are likely to rule in favor of employers since the SEC can determine what amounts to a security breach. As a result, most cybersecurity whistleblowers resort to anonymous whistleblowing to hide their identity.
References
Pacella, J. M. (2016). The cybersecurity threat: Compliance and the role of whistleblowers. Brooklyn Journal of Corporate Finance & Commercial Law , 11 , 39. Retrieved from https://brooklynworks.brooklaw.edu/bjcfcl/vol11/iss1/3
