The Department of Justice (DOJ) has proposed a Safe Harbor policy aimed at encouraging companies involved in mergers and acquisitions to disclose any previous or ongoing cyber misconduct within the acquired company. This disclosure would be made to the DOJ in order to avoid potential criminal charges for the acquiring company. The policy is designed to incentivize transparency and cooperation in cases of cyber misconduct during mergers and acquisitions.
Here’s a summary of how the Safe Harbor policy works:
1. Disclosure of Cyber Misconduct: The acquiring company is given a specific period of time to disclose any cyber misconduct that occurred in the acquired company before or during the merger process.
2. Cooperation with DOJ Investigation: The acquiring company is expected to cooperate with the DOJ’s investigation into the cyber misconduct, sharing information and assisting in the investigation process.
3. Legal Consequences for Non-Disclosure: Failure to disclose the cyber misconduct or cooperate with the DOJ investigation may result in criminal charges for the acquiring company.
4. US Deputy Attorney General’s Announcement: The policy was publicly disclosed by US Deputy Attorney General Lisa Monaco, who mentioned that it includes additional conditions to benefit companies involved in acquisition activities.
5. Restitution Period: The Safe Harbor policy does not guarantee immunity from prosecution for the acquired entity that committed the cyber misconduct. Instead, it offers a period for the acquiring company to make necessary disclosures and cooperate. The outcome for the acquired entity will depend on the specific circumstances and the results of the investigation.
While the Safe Harbor policy may reduce legal risks for acquiring companies, it does not guarantee immunity from prosecution for the acquired entity. The effectiveness and implementation of the policy would depend on the details of its execution and how well companies comply with its requirements.
– The Safe Harbor policy aims to encourage transparency and cooperation in cases of cyber misconduct during mergers and acquisitions.
– Acquiring companies are given a specific period of time to disclose any cyber misconduct in the acquired company.
– Cooperation with the DOJ’s investigation is expected from acquiring companies.
– Non-disclosure or lack of cooperation may result in criminal charges for acquiring companies.
– The policy does not guarantee immunity from prosecution for the acquired entity.