There is a disturbing trend of governments buying data that was illegally taken from companies.  A recent article first published in the Wall Street Journal and made available on this Web site, details the story of a French IT person who was working for a large international bank and stole client data, attempted to sell the data to certain governments, then had it seized by the French - who by the way have decided to hang onto it as it might be useful.  This "system" is broken on so many obvious fronts.  How can anyone consider this a good way to conduct business? 

Governments should not be in the business of buying stolen data.  Could there be exceptions to this rule?  Perhaps, but only around real national security issues, like terrorism, not related to non-violent crimes, like tax evasion.  There are legitimate channels through which governments can get access to data, paying off IT guys who take it for them, should not be one of them.

It's obvious that organizations which handle highly sensitive data, must improve the way they manage this data and the associated systems.  There are almost daily stories of so called "privileged users," typically IT guys, who purposely or accidently violate their duties and gain access to data and systems that they shouldn't have.  If data like this didn't leak, then governments (or anyone else) wouldn't be in a position to buy or seize it for their own purposes.  Yes, easy to say, but this can actually be accomplished with commonly available systems and practices.

The bottom line is that the data should not have been stolen in the first place and most certainly should not be purchased by governments.