Ignorance of Data...Is it Bliss?
Must protect my client's information, must protect patient information, and must protect credit card data. Ok, I think we have it all covered. Life is good ! Or is it?... How do we do business, what are our secrets, who are our partners. Take a look at the Mossack Fonseca Law Firm breach. Not only did it reveal who was skirting laws to hide offshore investments, but more importantly it exposed HOW they did it. Hackers and disgruntled insiders are not just after personal information any more. Inventions, designs, test results and processes are all fair game. Intellectual Property is enormously important and must be managed as a critical asset. Breaches involving intellectual property often cause irreparable damage to the businesses involved. How can any organization be made whole again when critical business secrets are exposed? Furthermore, this opens the possibility of manipulating governments, financial markets and the key individuals involved in setting policies.
In a NY Times article from March 27th, Citigroup admonished both the Legal profession and Auditors for being lax on Cybersecurity. Groups such as the International Association of Defense Counsel (IADC) and the American Bar Association (ABA) have also emphasized the need for Cybersecurity to their constituents. Data security must be a primary concern of any organization holding Intellectual Property. Law Firm clients rely on confidentiality for their businesses, personal investments and potential matters of illegality. Do the Law Firms, that they put their trust in, know where their most sensitive data assets are? All of them? In the event of a loss of data, is this a breach of confidentiality? Is this Negligence? It is often stated that ignorance of the law is no defense, can Ignorance of an organization's own data ever be a valid excuse?
Joe Santangelo Delphix Corp.