The workplace is supposed to be an environment where an employee feels comfortable and is treated fairly. Even in an otherwise good work environment, an employee might become uncomfortable when they observe something unlawful occurring at a workplace. And because of this, he or she might decide to report these problems. While blowing the whistle is a legal action many brave employees to take, it is also a situation that could expose an employee to problems at work. For example, it could result in an unlawful termination of an employee as a form of retaliation for reporting illegal activities.
While whistleblowing rights are rather apparent, currently there exist no specific laws protecting cybersecurity professionals. It is the role of a cybersecurity to report serious and expensive cyber deficiencies; however, this fact of this type of business does not always result in problem resolutions. In fact, some companies decide to shoot the messenger, retaliating against a whistleblower.
Although there aren't any laws that specifically protect cybersecurity professionals that report an employer's vulnerabilities or breaches, whistleblowers in the cybersecurity community have the right to defend against retaliations taken against them for blowing the whistle. Even those these laws were not design with cybersecurity in mind; whistleblower protection laws are available to all employees in any work environment. This also includes specific regulations that regulate industries that employ cybersecurity professionals. Additionally, this also includes state laws that prohibit wrongful termination, deeming it a violation of public policy.
When an employee decides to blow the whistle, it is important that they do it in a proper and legal manner. This means that they have only reviewed, taken and dispersed documents they had legal access to. Additionally, whistleblowers, whether they face retaliation or not, should take steps to protect their rights in the situation. Their employee rights could be violated later down the line or they may need to take steps to protect their actions if they are later challenged.
When done properly, whistleblowers enjoy certain rights. No matter what industry a person works in, an employee enjoys the rights to report violations of illegal acts in the workplace. Despite these protections, employers may take steps to retaliate against an employee, such as firing them. This is unlawful and employees could file an action for wrongful termination.
Source: Securitymagazine.com, "Blowing the Whistle as a Cybersecurity Professional," Mathew LaGrande and Alexis Ronickher, May 31, 2017