Sign In

Communications of the ACM

ACM Opinion

The DOJ Wants Companies to Admit Their Cybersecurity Problems


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Nighttime photo of Lincoln Memorial in Washington, D.C.

"I'm no lawyer, but I feel pretty confident that Honest Abe didn't intend this law to force companies to disclose they've been hacked." Kevin T. Dugan, Fortune

Getty Images

The Department of Justice (DOJ) is preparing to apply the 19th century "Lincoln Law," officially called the False Claims Act, to require that companies disclose "cybersecurity incidents and breaches." The idea is that businesses serving as government contractors must disclose everything about any incidents—to the government and, potentially, to the public at large.

Will it work? Who knows? The DOJ has to actually enforce it, and that may be too big of an ask. There is a whistleblower component, which could be the kind of whipping stick needed to actually get companies to comply. But a lot of companies will probably take their chances and ignore it, and probably get away with it, until they're exposed after the fact.

From Fortune
View Full Article (May Require Paid Registration)


 

No entries found