Sony hit the headlines last year with the comedy film, The Interview, in which a TV reporting crew are enlisted to assassinate North Korea’s Kim Jong-un.  This time, however, the risk of publicity overshadowing the James Franco and Seth Rogan film has been realised and, despite a boost from the news stories surrounding its release, will ultimately cost the entertainment giant large, with conservative financial estimates initially being over $100million and priceless damage to its brand and reputation. Even Barack Obama has criticised the company for pulling the film from cinemas in the face of threats.

The attack on the Californian based studio came at the hands of a group calling themselves Guardians of Peace. Although there are and continue to be widespread suspicions that the authorities in North Korea were behind the attack, formalised by the FBI, and renewed threats of violence, that continue to be denied by Pyongyang.

In November, a trove of emails and other sensitive confidential information was released by hackers on the Internet. There was even a warning at the time that, if the film release went ahead, further attacks would follow. And so it came to pass and that up to 50,000 emails, both to and from Sony’s CEO were released, together with the personal details of an unconfirmed number of current and former employees and big name stars.

The release of this information led to former employees commencing two class actions against Sony, principally for negligence and recklessness in protecting their personal data, including social security numbers, medical records and salary details.

Some might say it is obvious, not to write or email anything that you wouldn’t want to be seen elsewhere, not least by the target of any barbed comment or personal criticism. Sony’s woes go much deeper than the host of superficial comments seen in the tabloid press, however

The damage to employee relations and repercussions for Sony in reacting to the threats of terrorism will be felt for months and years to come.

Lessons to learn

All businesses can take valuable lessons from Sony’s mistakes. This attack has highlighted the importance and power data holds in the modern world, particularly personal data. Being in control of such information means that companies have an unprecedented responsibility to their employees, customers and stakeholders. It is essential to know how data is held, how it is accessed and to ensure that there is adequate security in place to protect it. This is even more important if you are in the public eye, susceptible to threats of hacking or for heightened regulatory reasons.

As we have seen here, the penalties can be more than just financial, although in the UK, fines are expected to increase significantly beyond the current £500,000 cap.

Data security will continue to be a significant concern for many organisations for the foreseeable future.  Taking action now to secure such information will be invaluable in protecting any organisation or business in the years to come.

I joined the Arise news team to discuss the problems Sony now faces. See more in the clip below.