As revealed by the Spectator, Harry Potter actress turned activist Emma Watson was named in the increasingly high-profile data leak of Panamanian law firm Mossack Fonseca. Mossack Fonseca is a Panamanian law firm with around 40 offices worldwide. An anonymous whistleblower acquired (or stole, depending on the media outlet reporting the information) about 11.5 million documents, totaling over 2.5 terabytes worth of data. An ICIJ database contains a good portion of the files and allows for easy mining for headlines.
The Panama Papers reveal how invested the world has become in the notion of “financial transparency”. In the wake of the financial crisis in 2009 and due to the increase in data-sharing technology, a new moral standard exists for public figures and public entities to publish their financial data as a means of good faith. In order to earn public trust, everything needs to be available for the public to scrutinize. Withholding information is tantamount to crime. At least, that’s how the media has been treating the case.
Mossack Fonseca itself has issued statements criticizing the anonymous person who stole their data, underemphasizing the thousands of shell corporations they set up for numerous public officials and celebrities. It can be argued that as a law firm, their first priority should have been protecting their clients which invites the retroactive criticism that they should have secured their information better. From the available media coverage, we can guess that an insider from within the firm seemed to have leaked the information out to the media, constituting an information security situation few companies can properly prepare for. While external data breaches and leaks can be dealt with using a myriad of tools, an insider using privileged access to take information is significantly harder to deal with, because no company wants to believe its employees will betray client information, no matter how sensitive the issue.
The biggest loser in this fiasco after Mossack Fonseca itself are its clients. The data itself tells little of the activities Mossack Fonseca helped transact, but being connected to an offshore shell company is damning enough to damage a public figure’s profile. Consumers of these financial services need to be more cautious and critical of corporate security practices. Likewise, companies need to ensure their clients’ data is protected.