top of page

Can the authorities relied on documents from data breach in taking legal action?

Documents are obtained via a data breach, and thereafter posted in the public domain.

The Paradise Papers are a set of 13.4 million confidential electronic documents relating to offshore investments that were leaked to a German newspaper by a group of hackers. The newspaper shared them with the  International Consortium of Investigative Journalists and a network of more than 380 journalists. Some of the details were made public on 5 November 2017 and stories are still being released.

The documents originate from legal firm Appleby, the corporate services providers Estera and Asiaciti Trust, and business registries in 19 tax jurisdictions. They contain the names of more than 120,000 people and companies. Among those whose financial affairs mentioned separately are, AIG, Prince Charles, Queen Elizabeth, US Secretary of Commerce and Glencore.

Glencore plc is a British–Swiss multinational commodity trading and mining company which headquartered in Switzerland. As of 2015, it is ranked tenth in the Fortune Global 500 list of the world's largest companies.

Documents from the Paradise Papers investigation showed that Glencore planned to move tens of billions of dollars “out of the Australian tax net” through an offshore web. The Paradise Papers also showed that Glencore Australia participated in complex financial instruments known as “cross-currency interest rate swaps'.

Glencore, in a statement, said the above, known internally as 'Project Everest', were intended to simplify the company’s asset ownership and "did not improve Glencore’s tax position”.

However from the Paradise Papers that was released to the public, it revealed that Glencore had backdated documents in the case. Backdating documents could have saved the Swiss-based company billion of dollars.

The Australian Tax Office pursued Glencore as it targets such swaps as possible tax avoidance tools. Glencore in their defence relied on “legal privilege” to prevent the Australian Tax Office from accessing emails, bank records, PowerPoint presentations and other files from the 2017 Paradise Papers investigation. Typically, documents marked “privileged” to be disclosed in court.

In a landmark decision reached in mid august 2019 by Australia’s High Court, it ruled that Glencore’s argument cannot be accepted. Fundamentally it rests upon an incorrect premise. Privilege shields companies from being forced to hand over information, but does not allow Glencore to stop the tax office using documents already in the public arena, the seven justices wrote. The court rules that leaked documents are fair game in an investigation.

The broader ramifications of this decision beyond Glencore are that the days of being able to hide money overseas are rapidly coming to an end – not only are foreign banks providing the central banks of the 100+ countries with details of their respective citizens with offshore money under the Automatic Exchange of Information (AEOI), taxpayers are only one data leak away from their entire affairs being exposed. 

As the decision by the High Court of Australia has far greater ramifications towards organisations whose confidential data has been breached by 3rd parties and are released to the public, again we call upon organisations in Malaysia to be stringent and place their cyber resilience strategy at the top most agenda in their organisation's strategy.


bottom of page