A Department of Justice (DOJ) official called the conviction of a former Uber Technologies chief security officer (CSO) on obstruction charges an “outlier” that should not discourage compliance officers from self-reporting violations.

In remarks made Dec. 6 at an American Bankers Association conference, Principal Associate Deputy Attorney General Marshall Miller said the agency’s pursuit of obstruction and concealment charges against former Uber CSO Joseph Sullivan “stemmed from an extreme set of actions that represent an acute outlier from regular compliance practice.”

Some in the compliance and cybersecurity community expressed concern following the October verdict that it could set a new standard for individual liability regarding company data breaches. Miller acknowledged this during his remarks.

“I’d like to address concerns expressed by some in compliance circles about the recent conviction of the Uber CSO as somehow suggesting that compliance officers may be in the department’s crosshairs even if they make honest mistakes—for example, if they make a good-faith effort to disclose something but unintentionally provide inaccurate information,” he said. “That couldn’t be farther from the truth.

“As a California jury ultimately determined, the Uber CSO deliberately and criminally obstructed justice by hiding and falsifying evidence and trying to cover his tracks. No one should take away from this case that good-faith compliance decisions will be the subject of criminal prosecution; rather, the message to CSOs and compliance officers is a simple one—don’t obstruct a government investigation through hush payments and cover-up actions because that will not be tolerated.”

Miller applauded Uber’s role in handling the matter. When a new chief executive took over at the company, management “came in and learned what had happened. They didn’t hide the ball; they did what good companies should do—they stepped up and owned up,” he said.

“As a result, the department successfully prosecuted the culpable corporate executive and entered into a no-penalty, non-prosecution agreement with the company,” Miller added.

The DOJ this year announced multiple policy shifts regarding the prosecution of white-collar crime, including renewed focus on individual accountability. Agency officials, including Deputy Attorney General Lisa Monaco, have made speeches extolling the benefits to firms that self-report violations, indicating doing so will be given greater emphasis than a company’s previous misconduct in penalty assessments.

Miller echoed those sentiments.

“Bottom line: The department’s view is that voluntary self-disclosures not only alert (the) DOJ to misconduct and assist in individual prosecutions, but such disclosures also can serve as indicators of strong compliance programs and responsible corporate leadership,” he said. “And we will reward that.”

Aaron Nicodemus covers regulatory policy and compliance trends for Compliance Week. He previously worked as a reporter for Bloomberg Law and as business editor at the Telegram & Gazette in Worcester, Mass.

Topics