Longstanding Legal Implications in Sony Pictures Hack

The latest hack of Sony Pictures's confidential information may
lead to future hassles.
Image:  Ken Wolter / Shutterstock.com

Sony Pictures is only the latest in a long line of big corporations that were hacked this year.  For Sony, which already suffered the breach of 77 million users of its Playstation Network this year, the latest hack has brought to light not only disturbing information about the company, but also potential legal hassles for the future.

The hacker group GOP (“Guardians of Peace”) has taken responsibility for the hack, releasing several waves of confidential emails detailing negotiations, derogatory comments about actors and producers, and salaries.  They are also thought to have stolen 47,000 Social Security numbers.

In fact, Sony likely knew about the potential for hacking months before it occurred.  In one batch of emails released by GOP, Courtney Schaberg, VP of Legal Compliance, and Leah Weil, general counsel, corresponded about a breach in February, in which some of the company’s Brazilian files were stolen.  However, because Brazil doesn’t have a breach notification law, Sony did not notify anyone or go public with the attack.

The ensuing legal problems are just beginning.  For example, one leaked document, entitled “Comp Roster by Supervisory Organization 2014-10-21” includes detailed data about salaries and bonuses earned by thousands of Sony Pictures employees.  This document could easily be used to point out that the highest salaries are going to white men—potentially evidence in a racial or gender discrimination lawsuit.

Jeremy Goldman, talent attorney at Frankfurt Kurnit, pointed out that such a document could also be used to determine whether or not Sony has been paying its talent appropriately.  Generally, talent are paid based on a percentage; however, if they knew specific overhead costs, their lawyers could negotiate better pay rather than relying on Sony to report percentages accurately.   "Getting those ultimate numbers will potentially drive a change in leverage in favor of profit participants," said Goldman.

If such a dispute came to court, would a document attained via a hack like this be legitimate evidence?  Attorneys are divided.  Some believe a judge would allow it so long as the litigants weren’t responsible for the leak.  Others argue that allowing it would encourage future hackers, something judges would certainly want to avoid.

Whatever future litigation this sort of information brings, if any, it’s likely to cause a reevaluation of what evidence is and isn’t acceptable in a hacking case.