Categories
Life with GDPR

Sullivan Conviction from GDPR Perspective

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recent conviction of Joe Sullivan, former CISO at Uber, for his role in hiding a data breach that hit the company. Sullivan was convicted in the US in October 2022 in connection with an investigation into a ransomware attack on Uber in 2016. However, we look at the conviction from the GDPR and UK perspective and ask whether it portends potential liability for CISOs and CCOs in the EU and UK. For instance, does this mean there are likely to be more prosecutions against executives? And could we see similar prosecutions in Europe? For a more detailed discussion and links to the case, check out the Cordery Compliance News Alert on the case, which you can find in the link below.

Some of the highlights include:

1.     What were the facts?

2.     Was Sullivan guilty of negligence or intentional conduct?

3.     Why were prior Uber convictions so significant?

4.     What happens next?

5.     Could this lead to more prosecutions of executives?

6.     What does this mean under GDPR and in the UK?

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.