Information Technology security professional (CISA, CISSP) dedicated to protecting the consumer. I am also a Sarbanes Oxley Whistleblower – I filed both a Department of Labor complaint as well as a federal lawsuit against my former employer, NOVA Information Systems (now called Elavon) - the 3rd largest credit card processor in the US – which included proof of the company’s failure to protect consumer and merchant data. The complaint was dismissed on the grounds that as an Information Technology professional (rather than an accountant) I could not have a “reasonable belief” that my employer was breaking the law. In light of the fact that an appeal of this would cause me to incur even more thousands of dollars in legal expenses, I dropped the case. But, now I am finally free to talk about things I have had to keep quiet about all these years. Politically, I am a fiscally conservative moderate who is really tired of the way big corporations are running America thanks to their puppet, George W. Bush. My SOX experience really made me feel the pain of this phenomenon up close and personal.
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Oct | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
Nell, I’m sorry the system let you down and I understand your frustration. I am days away from my hearing and representing myself since I couldn’t find an attorney with the time and motivation to help me – even though I was fully willing to pay.
I tried posting on your 101 page, but kept getting booted – but here’s my input:
To your comments above, I would add – talk with every finance and CPA friend you have and understand how the work you do fits into the finance side using ‘finance speak’. Research auditing standards and COSO guidelines, and get internal SOX flowcharts. Be able to map how the IT issue would hit the financial statements – whether that’s through reporting errors internally or an external threat.
Find out what kind of IT insurance products your company carries. Many policies have line item descriptions of what they do and don’t cover, and the newer the IT issue, the more likely its a separate product or a policy exclusion. (i.e. Data privacy can be an ‘add-on’.) Does the company represent in its financials that its adequately insured? Could the company argue successfully that it’s an insured risk, so complaints aren’t ‘reasonable’. If you can go so far as to get the annual applications where the company represents its forms of security – are they accurate?
I don’t know if this will help anyone, but the possibility is a good stress reliever for me right now.
Thanks for the info. I’m hoping a whistleblower will turn up to provide add’l info regarding the extent of the TD Ameritrade breach.
Ameritrade is hiding behind ’security by obscurity’ claims and admittedly brilliant PR.
(If only their Security folks were half as good as their PR folks…)
I’m the guy that is suing them over it (see my blog, http://caringaboutsecurity.wordpress.com/). I’m the lead plaintiff in a class action case.