In what is likely the first case of its kind, former Uber chief security officer Joseph Sullivan was found guilty on October 5, 2022, of obstructing justice for “covering up” a 2016 data breach, failing to report it to the FTC and of actively hiding a felony. Sullivan could face up to eight years in prison, though, on November 3, 2022, he filed a motion asking the United States District Court Northern District of California to enter a judgment of acquittal or grant him a new trial, arguing that the case rested on “flimsy evidence.” The Cybersecurity Law Report spoke about the case with Discernible founder Melanie Ensign, who was the former head of privacy and security communications at Uber at the time of the incident, and who testified at the trial, and Orrick partner Joseph Santiesteban. This article includes their commentary in connection with our review of the facts of the case as alleged, its implications and practical advice around individual liability and incident response plans. See “There Really Isn’t a Quarterback: Uber and Equifax Executives Share Insights on Incident Response Best Practices and the Lawyer’s Role
” (Jun. 12, 2019).