Keynote SSTIC 2009 – Information theft does not exist…

Presentation : Marie Barel
Lessons learned from real-life information theft.

In the penal code, theft is primarily defined as material, which leaves the door wide open for the theft of intangible information (computer files).
In the 1980s, case law opened up some avenues, particularly in the context of the theft of information contained on floppy disks (in addition to the theft of the disks themselves). Without the physical theft of the storage medium, it is not clear that charges would have been brought at that time.

The law therefore does not protect against the theft of information, but it does protect against its use or disclosure. unauthorized.
One could cite the case Dassault Aviation (2002)

59% of American employees admitted to stealing confidential information when they left their company.
This is often linked to a feeling of ownership over the data, or a lack of awareness of the obligations related to the employment contract.

The employment contract is precisely the first building block of information protection.
Internal policies and "user" charters can supplement, but above allto raise awareness the employees.

Sanctions do exist, but not necessarily in the expected place.
Indeed, it is possible to find loopholes in the penal code that could be applied to information theft. (This is similar to the charge of receiving stolen goods, which is inapplicable except in cases of physical theft or breach of trust.)

The crime is not (totally) unpunished.