Lessons Learned from the Panama PapersTues. Jan. 31st 2-3 p.m. EST

Moderator

Joe McMorris, Vice President and Chief Information Officer, Wolters Kluwer ELM Solutions Joe leads Information Technology for ELM Solutions and is responsible for driving

the global IT strategy and managing the IT infrastructure required to support the Enterprise Legal Management business. This includes providing world-class hosting infrastructure and services to ELM Solutions corporate clients and law firms. He has overall accountability for the operation of the ELM Solutions information security management system and oversees all internal and external third-party information security audits. His vision and direction drove the process to secure both ISO 27001 and FISMA certifications for the company.

2

Guest Panelists

Jeff Novak, Chief Counsel - Litigation & Compliance, Vice President - Public Policy at AOL Inc. Jeff Novak manages litigation, compliance, and state public policy for AOL and its subsidiaries. Prior to joining

AOL in 2003, he was a partner at McGuireWoods and a law clerk to the late Charles R. Richey, US District Judge for the District of Columbia. Jeff manages state public policy, litigation, and compliance for multiple lines of business including the litigation team, the regulatory compliance team, the criminal compliance and public safety teams, and the internal business conduct and compliance investigations.

Ryan Bilbrey, Vice President Charles River Associates Ryan Bilbrey is a senior professional in the litigation consulting industry with over 23 years’ experience in

litigation and investigation projects, directing the identification, collection, analysis, processing, and hosted review of electronically stored information (ESI). He has provided expert consulting and advisory services for clients in a large variety of industries, including financial services, education, manufacturing, health care, insurance, energy, technology, communications, pharmaceutical, and entertainment, as well as U.S., state, and local government agencies. Mr. Bilbrey is currently focused on electronic discovery, text analytics related to ESI management, technology assisted review, strategic consulting regarding workflows in all stages of the Electronic Discovery Reference Model (EDRM), structured data discovery, and structured data analytics.

Marco Salcedo, Senior Counsel, Wolters Kluwer ELM Solutions Marco joined Wolters Kluwer on November 4, 2013 as Senior Counsel for Wolters Kluwer Health. Now, as the

Senior Counsel at ELM Solutions since April 2014, his role encompasses licensing, intellectual property management, privacy law advice, and oversight of compliance, litigation and employment matters handled internally or with support from outside counsel. Prior to this position, Marco held the position of Corporate Counsel for Cognizant Technology Solutions, a leading Fortune 500 provider of IT, consulting and business process outsourcing services. While there, he supported Cognizant's Manufacturing, Consumer Goods and Utilities business segment, providing legal services for a wide variety of domestic and international commercial and transactional agreements, including master services, license and services agreements.

3

The Source of the Panama Papers

4

The Law Firm

Mossack Fonseca

Panamanian law firm that sells anonymous offshore companies around the world. These shell companies enable their owners to conceal their business dealings.

Mossack Fonseca is the fourth-largest "asset protection" law firm in the world per businessinsider.com

5

Panama Papers

11.5M documents leaked

2.6 terabytes of data made public

Involved 214K entities

Implicated 12 heads of state, 29 Forbes billionaires, 150 politicians, dozens of major banks

Spanned across 200+ countries

6

“The Panama Papers are the largest information dump of their kind, and the information that has been released…appears to be just the tip of the iceberg.”

The Scale of the Leak

7

Volume of data compared to previous leaks

The Structure of the Leak

8

Developments

Title of presentation 9

Lessons Learned from the Panama Papers

Suspected Mossack Fonseca Failures

What was done wrong?

Failed to maintain current patch levels and software versions of internet facing systems

Failed to leverage encryption for sensitive data, specifically email

Failed to deploy web servers and customer portal systems behind firewalls

Failed to follow the “principle of least privilege” on accounts supporting key production systems

11

What should Clients ask for from their Law Firms about Security?

Does the firm have a security policy? Who does it cover? What systems does it cover?

How is information classified and protected? Sensitive data Public Data Protected (PII) data: HIPAA, GLB, FERPA,

state law, EU, PCI Default Classification of data

How are users trained? Is there an access control policy? What is done for physical and

environmental security?

What is done for incident response? Have you conducted a risk assessment? What security is provided for your network?

What security is in place for workstations, desktops, laptops?

Are personal devices allowed to connect to the network, and, if so, how are they secured?

What security is on your servers? What antivirus and malware software do you

use? What is your encryption policy? How are keys

managed? Do you have a log management standard?

What discipline is applied for failure to follow the policy?

12

13

3

Current industry standards and

encryption should be implemented to ensure

information security and avoid such incidents in

the future

2

The stakes are high -yet law firms and legal

departments are playing catch up in terms of their response to the Panama Papers incident and its

implications

1

When legal data is involved, law firms and

corporate legal departments are some of the prime targets for

data breaches

Takeaways

Resources

What are the Panama papers and why do they matter? The Economist. April 2016. http://www.economist.com/blogs/economist-explains/2016/04/economist-explains-1

What are the Panama Papers? A guide to history's biggest data leak. The Guardian. April 2016 https://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

Here’s Why You Should Give About the Panama Papers. Drew Schwartz. Vice. April 2016 http://www.vice.com/read/why-you-should-care-about-panama-papers-mossack-fonseca

Panama Papers: ‘Hello, this is John Doe. Interested in data?’ Jeremy Au Young. April 2016. The Straits Times. http://www.straitstimes.com/world/panama-papers-hello-this-is-john-doe-interested-in-data

A Message from the Panama Papers Whistleblower Submitted by John Doe on May 9, 2016 http://www.taxfairness.ca/en/blog/message-panama-papers-whistleblower

William Ponsoldt and Mossack Fonseca. The New York Times (example documents) http://www.nytimes.com/interactive/2016/06/03/us/document-ponsoldt-mossack-fonseca.html

David Cameron Dodges Questions about his Family’s Tax Affairs after Panama Papers Revelations. White, Larry. Capital Bay. April 2016. http://www.capitalbay.news/news/latest-news/world-news/1012593-david-cameron-dodges-questions-about-his-family-s-tax-

affairs-after-panama-papers-revelations.html Art collector, Entourage actress and a beer entrepreneur: New York socialites and business execs exposed in the Panama Papers. Daily

Mail. May 15, 2016. http://www.dailymail.co.uk/news/article-3591518/New-York-socialites-business-execs-exposed-Panama-

Papers.html#ixzz4KBcyoG3t

14

15

Q & A