… And what boards can do in a world of exponentially greater levels of data security breaches.
Picture over 100 organizations scattered around the world working together on an important new project. The team is 370 plus people across 80 countries. There are thousands of gigabits of data generated by the documents involved, so a web-based collaboration platform is created. Face-to-face meetings involve over 100 people. Then, the project launches worldwide, and it’s a great success.
A United Nations event? A G20 Summit? No, it’s the “Panama Papers.” Specifically, how the 107 news media outlets around the world worked together to mine the data hacked from law firm Mossack Fonseca. That resulted in a cascading series of stories and television broadcasts that shook world leaders, embarrassed global banks, and threw more fuel on the fire of rising popular criticism of wealth disparities.
And it’s not over. Less than half of the 11.5 million Mossack Fonseca files have been combed through so far.
A Biting Reminder
What this means for board directors is clear and present: a biting reminder that corporations, public or private, of any structure or legal domicile, are newly vulnerable. Herein, the seismic shifts created by the phenomenon of the Panama Papers:
We’re all acutely aware of the risk of cyber-attacks and the accompanying legal liability. The evolving meaning of “risk” post Panama Papers has changed. It is pulling the boardroom further out into the big debates on the global stage around corporate security and responsibility, the ability of governments to enforce the law, and whether there’s a global pitchfork rebellion gaining momentum.
This begins with the exponentially greater scale of the data security breach. By comparison, Wikileaks is almost quaint at 1.76 GB of data. The Panama Papers is 2,600 GB. Mossack Fonseca is also only one of 12 major law firms and other intermediaries that specialize in creating offshore corporate structures.
Also different is the journalistic “architecture” that’s evolved to weave what’s found in these massive data leaks into highly impactful news narratives with legal, political, regulatory, social policy, and corporate angles.
What’s New This Time
The Panama Papers coverage was produced by a collaboration orchestrated by the Washington, D.C.-based International Consortium of Investigative Journalists (ICIJ). In existence since the 1990s, the Panama Papers is its 25th major global investigative project.
Others in recent years were also notable: “Offshore Secrets”; “China Leaks”; “Luxembourg Files”; and the “Swiss—HSBC—Leaks.” They all share the same trademarks: data-driven investigations using sophisticated digital algorithms for mining “news,” encrypted platforms for collaboration, and utter secrecy.
What’s new this time is the far greater scale of the project. The ICIJ demonstrated that it can handle far more technological complexity, herd 107 news organizations, and shake the foundations of governments worldwide. That has never been done before.
But more important is how ICIJ defined and managed the issues in the coverage. All the politics and personal wealth stories aside, the Panama Papers fueled the rising global populist force decrying what it sees as the persistent failure of the super-rich and of many corporations to be “good” citizens. It’s not just companies and individuals using shell companies to break the law. It’s the perception that the “1%” is not paying their fair share of taxes and that, by implication, means causing the rest of the world to suffer more than necessary.
The Challenge for Boards
What can boards do in the new world of the Panama Papers?
First, plan for the fact that data-driven journalism will only get bigger. That means any company could find itself directly or indirectly dragged into a global avalanche of news managed by the ICIJ (or one of the other dozen or so similar organizations around the world) many times the size and impact of the New York Times, the Wall Street Journal, and Bloomberg combined. In fact, none of those publications was “invited” in the ICIJ network, which tells you something else about how the global news industry is evolving.
Second, have a multi-constituency communications plan (employees, investors, business partners, regulators) in place to address any such data-security breach that includes anticipation of it dragging the organization into a global news cycle.
Third, add to the corporate communications platform a “plank” that defines your position on issues around global corporate citizenship. Whether you like it or not, whether you’re private or public, more and more people will want to know where you stand on not just on environmental issues and socially responsible investing but also on whether you use offshore legal structures to arbitrage your tax obligations.