Tuesday, April 5, 2016

A (Risky) Man, a (non-compliant) Plan, a (Perilous) Canal – Panama

Read any interesting articles lately about law firms, leaks and information security?

The legal community is clearly abuzz at the revelations coming out of the leak from law firm Mossack Fonseca, described as the world’s fourth-largest offshore services provider.

Upon hearing the news this weekend, my immediate thought was: Was this an external hacker? Or an internal leaker? As we've covered many instances of incidents like these (on much smaller scales) origination from within and without. Facing surprising sunlight into is operations and client roster, the firm said:

  • "We are responsible members of the global financial and business community. We conduct thorough due diligence on all new and prospective clients that often exceeds in stringency the existing rules and standards to which we and others are bound. Many of our clients come through established and reputable law firms and financial institutions across the world, including the major correspondent banks, which are also bound by international 'know your client' protocols and their own domestic regulations and laws."
We're actively reviewing several interesting stories and developments highlight the emerging facts, unfolding impact,  underlying issues, and continuing industry discussions about this shocking development. Here's one via the American Lawyer: "'Panama Papers' Put Spotlight on Law Firm Data Security" --
  • "The Panama Papers leak is reportedly the biggest ever data breach and calls into question the ability of law firms to protect clients' data. Some 11.5 million leaked documents reveal information on the offshore fortunes of public figures such as Icelandic Prime Minister Sigmundur Gunnlaugsson as well as information on individuals associated with Russian president Vladimir Putin."
  • "Benedict Hamilton, Europe, Middle East and Africa managing director of risk consultant Kroll Experts, said that although firms are already taking security measures to protect private data, much more still needs to be done. ‘I definitely think they need to up their game on data security... I don't think they are doing nearly enough,’ said Hamilton. ‘No company can totally protect itself against an employee abusing trust, but there are things you can do that make it harder for people to leak documents.’"
  • "Ropes & Gray privacy and data security partner Rohan Massey said: ‘The risk we have is incredibly real and we are now as a sector being targeted because of the sensitivity of the information we hold. As a profession we do need to ensure that our houses are safe and maybe we lag behind because we focus on clients.’"

No comments:

Post a Comment