It's not enough to have a program that keeps your data from leaving the company. Sometimes you need to take hard evidence of employee misdeeds to court.
Is your data good enough?
“It really depends on how the company has collected the data,” says Matej Zachar, legal analyst at Safetica Technologies. “But, there are some measures that can easily be taken with Safetica in order to increase the weight of the electronic evidence collected.”
In his white paper “Usability of Safetica outputs in criminal cases as electronic evidence”, Matej compiles a brief history of electronic evidence along with specific examples of court acceptance – and rejection – of electronic evidence.
In a nutshell, Matej has this distilled into three points:
- Electronic evidence is accepted just like classic evidence in most countries.
- Some electronic data is better than others.
- Evidence must be collected legally.
Not all evidence is created or recorded equally. For this reason, potential evidence such as Safetica log reports should be protected with respect to confidentiality, authenticity, integrity, and non-repudiation. “This means regular backups, encryption verified by hashes, and secure storage,” points out Matej. “It is really a question of a company establishing and following a defined and documented process.”
Evidence must be collected in a legal way and courts will throw out illegally collected evidence. Often the courts require a signed employee acceptance of potential monitoring. Legal restrictions also influence how a DLP/monitoring solution can be implemented on the individual endpoint.
Endpoint monitoring elements in Safetica 5, as an example, can now be turned on or off remotely. This enables managers to only monitor when they believe there is a specific reason or cause for doing so – a legal issue in some countries.
“It's essential that before using Safetica outputs as evidence, companies make sure that all relevant laws and regulations are complied with. Then they are good to go,” he adds.
For more information about regulatory compliance issues and Safetica, just visit our company website.