People are, of course, focusing on the sensational aspect of the Ashley Madison data breach. But since this has really captured the attention of so many people, I should like to point out something about the data that was stolen and shared with the public (so far).
There are, of course, information about the members, their profiles, their login information, their credit card transactions, etc. But it also includes loan agreements, compensation records, corporate bank account information and corporate strategy plans, including domains registrations. Even if this was an isolated incident that had already been contained, the whole business is not at risk.
This data breach now may have breached the Chinese wall. Chinese wall is an information wall that protects firms by blocking employees from being able to access information about a client when their interests present a conflict. All the work that was done to create that wall now must be examined because the wall is still there but this breach has served the information on a silver plate, no effort needed by the employee. This isn’t to say that employees are trying to breach the Chinese wall, but they may do so inadvertently.
Some refresher notices and training should developed to remind people about conflicts of interest issues, including changes in policies and procedures being made to adapt to the post-AshMad world. There isn’t much more that can be done on the compliance front because the rest is a technology issue. Some new testing of controls might also be required, now that there was a leak.
Do you have an account on Ashley Madison?
Shhh… I won’t tell…
About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.