Panama Papers affair has implications beyond tax affairs

The so-called Panama Papers affair has implications beyond tax affairs, to cyber security in business, warns Tayside solicitors Miller Hendry.

Businesses of all sizes should learn a lesson from the largest leak in history and treat their cyber security with the same stringency as their legal, regulatory, financial or operational functions, said Miller Hendry\'s legal team.

With some 2.6 terabytes of data involved in the Panama Papers leak, shockwaves have been felt around the globe. There are lessons to be learned for all businesses, regardless of size, said Miller Hendry.

Alan Matthew, employment law expert at Miller Hendry, said:

\"Protecting company data from attack is not just about keeping client data safe, it\'s just as much about protecting your reputation, your employees and your future competitive edge, as well as keeping inside the law. And it\'s not just protection from outside criminals. The risk is just as likely to come from current or previous employees or competitors.\"

Last year a UK manufacturing company had design blueprints stolen and shared with a competitor. The company launched an investigation when the competitor released equipment which was extremely similar to its own. The company established that it had been subject to a targeted cyber-attack, and that the stolen blueprints had been sold to Chinese-owned companies. The infiltration happened when hackers targeted a job-seeking chief design engineer who unwittingly downloaded malware through an email after responding to a fake online recruitment profile designed specifically to trap him.
Morrisons supermarket is being sued under a group litigation order involving more than 5000 of its employees after personal and financial details were posted online by a disgruntled former employee.

\"It\'s a really big issue for every business, large or small,\" added Matthew. \"Electronic data is a hugely valuable commodity and that value can be encashed when it falls into the wrong hands, so business leaders must make it a top priority.\"

Company directors need to ensure they are meeting the requirements of the Data Protection Act and the Communications Act in the UK. Those will shortly be joined by the EU Data Protection Regulation and EU cyber security rules under the Network & Information Security (NIS) directive. Alongside those regulations, directors have a duty to be informed on any issues that are relevant to the proper running of the company under the Companies Act 2006.

A new London-headquartered National Cyber Security Centre is due to begin operations in October 2016, bringing all the UK\'s cyber expertise into one place to address current problems with the digital defences of companies and organisations.

For further information visit www.millerhendry.co.uk