The Sony Hack -Trust

The hackers allowed many people to view Spider-Man a little early, but what is the connection between this and FinTech?  

This case leads to broader questions about data and security, which are the main topics that we want to discuss in this chapter. 

We like to think if something has “crypto” in front of it, somehow it’s more secure than other forms of finance that we may be involved in. The basic rationale may be that we don’t understand it, so we assume other people don’t, either. Yet even participants related to the cryptocurrency market have had experiences of being hacked.  

The foremost example of that is a cryptocurrency exchange called Mt. Gox that was based in Japan. At the time it handled most of the cryptocurrency transactions of the world. In 2014, the company was hacked, losing bitcoins valued at billions of dollars and eventually went bankrupt. So even to things in FinTech that we think may be secure, cybersecurity is still very relevant. 

Another broader implication of this case is that FinTech and its different types of FinTech applications become much more widespread, and populations who may not have access to traditional forms of finance are now doing so by accessing banking services on their phones. And we would assume that a lot of them may not be as technologically sophisticated. As they get exposed to these new technologies, their concept of cybersecurity and how to protect their data will become an issue, leaving them potentially a population at risk in terms of hacking and cybersecurity.  

Back to our key question: who owns the data and who’s responsible for this? In this case, what happened to Sony? Did they get in trouble for this at all? Was there any liability on their part? 

Well, there’s no criminal liability that we know of, but from a civil liability standpoint meaning somebody filing lawsuits, there were a number of lawsuits against Sony saying they should have been more responsible for how they protected that data than they were. 

The majority of the cases that were brought against Sony were former employees who had their employee records and different personal information that ended up getting exposed. But if you think about it, that information is about individual people, but it’s being held by somebody else, so who actually owns that data? Does Sony own that data? Do you own that data if it’s about you?  

Because that idea of ownership then links to the idea of responsibility, which then links to the idea of protection. And understanding that gives us a more comprehensive approach to trying to figure out who actually has a responsibility to protect all of this data. 

In terms of ownership and liability, it’s very interesting that in many situations, social media and social networking services providers actually say they don’t own the data. When users post different types of personal data, be it pictures, stories, or videos, frequently the companies will say that they are licencing the data and the users still own their own data. And in that situation, they can use it like they have owned it, but maybe they don’t have the same responsibilities as protecting it. 

This type of claim then raises a whole series of other questions. For example, if Facebook is monetizing the data we licenced to them, do we get paid for what they make out of the data? We don’t know about you, but we certainly haven’t received any check from Mark Zuckerberg yet.