The recent “Panama Papers” scandal is a timely example of the impact that a data breach can have on high net worth individuals, businesses and law firms.
The scandal, which involved the leak of more than 11.5 million documents from the Panamanian law firm Mossack Fonseca, has implicated numerous lawyers, accountants, financial professionals and individual clients, through the involuntary disclosure of confidential information, in alleged efforts to escape income tax obligations.
The information leaked included emails, contracts, transcripts, scanned documents, PDFs and photos. These documents publicly disclosed thousands of transactions, many legal, but also many which revealed ties to offshore accounts used for tax evasion, fraud or financial misconduct. The data cover almost 40 years and nearly 214,000 offshore entities in 21 jurisdictions around the world.[1] The data breach highlights the significant risks that exist for companies in possession of sensitive client information.
Regulators around the world, including the US Department of Justice and various European financial watchdogs, are investigating certain individuals and companies now that such information has come to light. The breach has implicated business people, athletes, celebrities, and political leaders, including UK Prime Minister David Cameron, certain Bollywood film stars, and the Prime Minister of Iceland, who stepped aside as a result of the scandal. Closer to home, the Canada Revenue Agency recently sought a court order to obtain information from the Royal Bank of Canada regarding its clients that have a connection to Mossack Fonseca. RBC or its affiliates registered 429 offshore corporations through the Panamanian law firm.[2]
Although many of the stories in the media surrounding the scandal have focused on the tax evasion implications of the data breach at Mossack Fonseca, it is important that Canadian businesses re-examine their information security practices in order to reduce the associated liabilities that can occur when private information is disclosed involuntarily.
