The Panama Papers: What does this data breach mean for IT and cybersecurity?

The Panama Papers were released by a hacker who broke into the servers of Mossack Fonseca.  So those papers are stolen property. The media does not seem to mind, but perhaps the members of the IT community should.

Information is our business. People look to us to secure their personal information, and if my personal data is stolen I certainly expect those who find it to still respect my privacy.

I once had a neighbour return some credit card statements that I had erroneously recycled. Apparently they had blown out of the recycle truck into his yard. He assured me he had not looked at the information on those statements. I think he was more upset than I was. He handled it all very well for me.

The CBC recently did a piece they called “The Age of Robin Hood Hackers” on its flagship national television news program The National. We can sympathize with Robin Hood or these hackers, but Robin Hood was an outlaw and people received stolen goods from him. Section 354 of the Canadian Criminal Code forbids possessing any property or thing obtained by crime.

So if you possess information that was obtained by an illegal hack, should you go to jail?

Information is a little different than the jewels that Robin Hood was stealing. If you have information, it does not preclude that the owner can keep the information, or that others might have gotten the information some other way that is not illegal. This week the police found many shredded documents at Mossack Fonseca that were bound for recycling.  Assembling those pieces would get you the same information as a digital copy. You don’t even need the copy. You can obtain information just by looking at it. Most different of all is the fact that Robin Hood can never just give these jewels back. Distributing information using our digital networks makes a breach of privacy a permanent worldwide event.

A 2014 RCMP report lists fraud, identity theft and intellectual property infringements as cybercrimes they need to focus on. This idea of crime motivated by the “right of the public to know” instead of the usual personal and monetary motivations is low on their radar. Or it was. You can bet the high profile people who were impacted by the Panama Papers will add their weight to the American government who were so impacted by Snowden.

We may secretly hope that private information about bad people gets found and the truth gets out. But we certainly do not want our own information posted where others can use it or question us about it. As this kind of “leak” gets more common, the persecution and the penalties will increase. So you may not want to be found in possession of stolen information. So what are you supposed to do the next time someone tries to show you the Panama Papers? Don’t Look?

I like that there is becoming a set of protocols when a privacy breach happens. Everyone who is affected is notified. They are told what the thieves found, and what steps the company is taking and what they as an individual should take. I’m thinking Mossack Fonseca will have their hands full doing that.

Can we, as the Information Management community, recommend anything else that would protect the good guys and not the bad guys?

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Donna Lindskog
Donna Lindskoghttp://www.cips.ca
Donna Lindskog is an Information Systems Professional (retired) and has her Masters degree in Computer Science from the University of Regina. She has worked in the IT industry since 1978. Most of those years were at SaskTel where she progressed from Programmer, to Business Analyst, to Manager. At one point she had over 48 IT positions reporting to her and she has experience outside of IT managing Engineers. As a Relationship Manager, Donna worked with executive to define the IT Principles so departmental roles were defined. As the Resource Manager in the Corporate Program/Project Management Office, she introduced processes to get resources for corporate priorities. In 2003 she was given the YWCA Woman of Distinction Award in Technology.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight