Last August, there was an indictment that should run the chills down the spines of all in-house counsel, compliance officers, and other corporate officers. The DOJ indicted the chief security officer of Uber for misprision of a felony and obstruction of justice.
The case came about because the FTC was investigating a previous hack at Uber. At the time, Uber's chief security officer was cooperating in the hack investigation. Unfortunately, that chief security officer did not report a new hack and went to great pains to hide that new hack from the FTC. Now he faces five years in prison for obstruction of justice and three years in prison for misprision of a felony for not reporting the crime.
A Fortune 50 GC told me that he couldn't sleep at night because he was fearful that employees would do illegal things, thinking that they were benefiting the company. This case is a prime example of that. I'm sure the chief security officer wanted to spare Uber the embarrassment and the liability of a new breach. You should be aware out there that this could happen to almost anyone in your organization.
If you like to discuss this case or others, please reach out to me.
This case is more complicated than I can explain in 200 words. The DOJ press release can be found here https://www.justice.gov/usao-ndca/pr/former-chief-security-officer-uber-charged-obstruction-justice