Exploring Ethics and Leadership from a Global Perspective

The Sony Hack -Accountability

Transcript

Another challenge when it comes to data breaches is that it relates to time. You may have watched this type of scene from TV shows where people shout “I’ve been hacked!”, followed by warning signs and sounds flashing in the background. Suddenly, all the lights are gone and everyone’s typing on the keyboard at the same time. Well, that is unlikely to happen in real life. 

The reality is, that it’s often very difficult for the parties involved to know when they were hacked. In some cases, it may take years or decades, or they may never realise such a data breach. In the case of Mt. Gox that we discussed earlier, although the breach was exposed in 2014, people suspected that the hack was going on as early as 2011. So there’s a lot of uncertainty around this time element, particularly when it happens?  

But let’s assume the company has found out about the hack the same day or a day later, then how would they react? Studies have shown that on average, companies take at least six months to react and figure out what their next step is. 

One challenge in handling this type of data breach is that companies have very different capabilities. Certain companies may have good management processes, good leadership, and good operational control, and teams can follow strict protocols when an emergency situation arises. 

But the reality is, most companies are probably not really well managed and don’t know what to do when that happens. In the meantime, there are various incentives, or disincentives for executives to decide whether or when to publicise the information. This is especially true for listed companies, because such information would affect their share price, and even the jobs of the CEOs.  

Again back to our question: who’s in charge of protecting this data? If a company has aggregated or compiled this data, do they have responsibility or stewardship over that?  

From an ethical perspective, we would say, yes. If something has been left in your care, then you would assume that there’d be some level of responsibility to protect what has been left in your care. However, it seems that’s not always the case from the behaviour of business leaders. 

If we look at this at an even border level, this case brought home to us the idea that personal data is in many ways as important to national security as a border might be. We had never really thought about this before, but the reality is, personal data has much wider security implications than we had ever imagined.  

A lot of people are saying that data will be the fuel of not just FinTech but the fourth Industrial Revolution. Technological advances such as AI and machine learning will be empowered or further enhanced by large amounts of data. Large technology companies around the world are branching out and building very large platforms, where users are participating through various services that these companies offer. But at the heart of all of that, these companies now have the opportunity to get a fuller and more comprehensive view of usage and richer data that can be used to develop new products, as well as profiles of people.  

We already know that in China, for example, they’re trying to develop social credit. And natural questions arise in terms of how that credit or data may be used. Would it be used for national policies, determining visa rights, what jobs you can get, what you can study in university, et cetera? 

Related Videos

Quick Access