Your data and the law

03.08.2016

It's not enough to have a program that keeps your data from leaving the company. Sometimes you need to take hard evidence of employee misdeeds to court.

Is your data good enough?

“It really depends on how the company has collected the data,” says Matej Zachar, legal analyst at Safetica Technologies. “But, there are some measures that can easily be taken with Safetica in order to increase the weight of the electronic evidence collected.”

In his white paper “Usability of Safetica outputs in criminal cases as electronic evidence”, Matej compiles a brief history of electronic evidence along with specific examples of court acceptance – and rejection – of electronic evidence.

In a nutshell, Matej has this distilled into three points:

    • Electronic evidence is accepted just like classic evidence in most countries.
    • Some electronic data is better than others.
    • Evidence must be collected legally.

Not all evidence is created or recorded equally. For this reason, potential evidence such as Safetica log reports should be protected with respect to confidentiality, authenticity, integrity, and non-repudiation. “This means regular backups, encryption verified by hashes, and secure storage,” points out Matej. “It is really a question of a company establishing and following a defined and documented process.”

Evidence must be collected in a legal way and courts will throw out illegally collected evidence. Often the courts require a signed employee acceptance of potential monitoring. Legal restrictions also influence how a DLP/monitoring solution can be implemented on the individual endpoint.

Endpoint monitoring elements in Safetica 5, as an example, can now be turned on or off remotely. This enables managers to only monitor when they believe there is a specific reason or cause for doing so – a legal issue in some countries.

“It's essential that before using Safetica outputs as evidence, companies make sure that all relevant laws and regulations are complied with. Then they are good to go,” he adds.

For more information about regulatory compliance issues and Safetica, just visit our company website.

Author
Safetica team

Next articles

Data security Blog articles

Dedicated DLP vs. Integrated DLP: Which makes most sense for your organization?

While researching DLP solutions for your organization, you might’ve come across two different variants: dedicated DLP (also known as enterprise DLP) and integrated DLP. In simple terms, a dedicated DLP is a dedicated data loss prevention system. An integrated DLP is an extension to an already existing program used within the organization. Read more.
Read more
Data security Blog articles

The Top 6 Biggest Data Leaks of 2022

Last year, that the average global cost of a single data breach was USD 4.35 million – a 2.6% increase from 2021. Read about the top 6 biggest data leaks of 2022, and find out why data protection is so much needed.
Read more
Data security Blog articles

Top 4 reasons why financial institutions should use Safetica

One of the most vulnerable industries in the data protection realm is financial services. In the financial industry, the estimated average cost of a data breach was $5.97 million – the second highest only after the healthcare industry. That's not a small amount!
Read more