SlideShare a Scribd company logo

Shutting the digital gate - data preservation and HR

S
sarah kabirat
1 of 2
Download to read offline
© 2015 Grant Thornton UK LLP. All rights reserved. Shutting the digital gate – data preservation and HR Background Internal departments such as HR, IT and legal teams, regardless of the company business sector should consider implementing a legal hold on electronic data when key employees leave their employment as part of their wider information governance programme. A targeted approach whether on an individual or department basis should and can be considered depending on the allegations. From subject access requests and disgruntled employees through to resource intensive internal investigations for potential IP theft and regulatory responses, the impact and effect of not having key ex-employees’ data readily to hand can be both reputational and financial. HR and legal departments potentially have the most to gain from forensic technologies, given that HR management is often charged with policy enforcement as well as monitoring and resolving employee or management complaints. Having all of the relevant information gathered into an easy to understand report helps HR managers and legal teams to quickly resolve problems and take action if required. The gathered information can also be used to exonerate employees, businesses or contractors from policy breaches and 3rd party actions. Digital forensics is becoming more prevalent in the civil arena. High profile criminal cases as seen with the News International phone hacking scandals have highlighted the importance in both preserving and seizing electronic data. But what if it isn't a criminal investigation? Scale of the problem You may be asking why this is important, and can we legally do this? This paper will help you realise the benefits and how simple steps taken may prevent potential legal issues arising well after an employee has exited a company and provide your organisation with assurance and protection from any potential surprises. The scale and impact of internal investigations, fraud, litigation or regulatory enquiries will of course vary subject to the nature of the issues and nature of the parties involved however any event will demand time, internal resources and can have significant financial impacts. Listed below are examples of some instances whereby HR and legal teams may wish to consider digital forensic assistance. Do any of these scenarios sound familiar to you or your team? - Allegations of Intellectual Property Theft i.e. company confidential data such as client lists, procedures, pending patents that could be stolen by an employee - Social media misuse or accessing inappropriate material outside of the company IT policy - Abuse aimed at discrediting their employer or colleague - Fiddling expenses or fraudulent activity - Harassment or bullying - Breach of contract - Sending inappropriate jokes via the company email systems
How the Digital Forensic Group can assist you You may be surprised that company property in the form of smart phones, tablets, laptop, desktop PC, memory sticks and company server data could help with any internal investigation. Grant Thornton’s Digital Forensic Group are able to deploy techniques used to forensically capture these everyday electronic devices that can be preserved and analysed to court standards, using industry recognised forensic tools. This means inappropriate or illegal activity can be permissible evidence at any employment tribunal or handed to local law enforcement agencies if allegations are thought to be of a criminal offence. A trained digital forensic practitioner should be called for advice or to assist in the process, and this is where we can help you. We will be able to use recognised standard operating procedures and specialist forensic tools used by law enforcement agencies to: - Initiate chain of custody to preserve the electronic data to ensure the integrity and process is documented. - Forensically preserve data, so that the electronic device can be examined in further detail without accessing the original media. - Recover deleted data from mobile devices and computers, where an employee may have tried to cover their tracks. - Identify confidential data that may have been copied onto removable media such as memory sticks. - Gain insight into the use of the electronic device to determine time lines to employee activity of generated data. Even if a model employee has left your company, you may wish to consider forensically capturing all their work related data from company issued mobile devices, memory sticks, laptops, computers, or data stored on shared drives of servers. This would allow vital documents to be recovered with the knowledge the original files were not tampered with and without any loss of information. Furthermore, if it came to light some months later that any former member of your staff was involved in something inappropriate at the time of employment, their company related data would be preserved allowing the information to be scrutinised and investigated further. This is with the understanding that the forensically captured data would not have changed in the process. Additional Benefits of a Legal Hold Following creation of any forensic image, the snap-shot in time is preserved. If after an employee has left employment and issues subsequently come to light the forensic image can be analysed further at any point in time, so determine and ascertain any truth or evidence stored on the device or how it was used by the former employee. The benefits of forensically capturing employee data of exit are numerous including: - Empowering HR investigations - Reducing legal liabilities - Reducing investigative costs and time We can also provide you with the secure deletion of data from hard drives which provides assurances that you will not have succumbed to breaking any laws such as the Data Protection Act whereby data should be used fairly, lawfully and kept no longer than is absolutely necessary in a secure environment. Can I Use My Own IT Team? The Digital Forensic Group are independent and can provide both impartial advice as well as assurance to employees on all work performed. Your IT team will be fully trained and have extensive experience in this sector, however the background to performing or scoping work that may involve potential litigation or criminal investigations may not be part of their experience. Furthermore, specialist forensic software and hardware, along with a variety of forensic techniques may not be in their possession or remit for their current position. This is where we can add value to your company, using our specialised forensic training and experience. We are flexible on costs, and a quote can be provided on a case by case basis once we understand your requirements. Bruce Keeble Senior Consultant, Digital Forensics Group T +44 (0)20 7865 2470 E bruce.h.keeble@uk.gt.com Suki Pooni Specialist Consultant, Forensic and Investigation Services T +44 (0)207 865 2271 E suki.s.pooni@uk.gt.com

Recommended

Computer forensic
Computer forensicComputer forensic
Computer forensicibraheem ogundele
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
CF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCompute Forensics
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During DownsizingConstantine Karbaliotis
 
Antitrust Case Study
Antitrust Case StudyAntitrust Case Study
Antitrust Case StudyAlbert Kassis
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKnowledge Management Associates, LLC
 
How to keep printing processes GDPR compliant
How to keep printing processes GDPR compliantHow to keep printing processes GDPR compliant
How to keep printing processes GDPR compliantXenith Document Systems Ltd
 

Recommended

Computer forensic
Computer forensicComputer forensic
Computer forensicibraheem ogundele
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
CF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCF-Computer-Forensic-Services
CF-Computer-Forensic-ServicesCompute Forensics
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During DownsizingConstantine Karbaliotis
 
Antitrust Case Study
Antitrust Case StudyAntitrust Case Study
Antitrust Case StudyAlbert Kassis
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKnowledge Management Associates, LLC
 
How to keep printing processes GDPR compliant
How to keep printing processes GDPR compliantHow to keep printing processes GDPR compliant
How to keep printing processes GDPR compliantXenith Document Systems Ltd
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 
Dlp notes
Dlp notesDlp notes
Dlp notesanuepcet
 
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3hRaj Goel
 
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 20168MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016Andi Robinson
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Streamlining paper processes in a digital world - Canon CEE
Streamlining paper processes in a digital world - Canon CEEStreamlining paper processes in a digital world - Canon CEE
Streamlining paper processes in a digital world - Canon CEECanon Business CEE
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Risk and compliance as a business strengh - Canon CEE
Risk and compliance as a business strengh - Canon CEERisk and compliance as a business strengh - Canon CEE
Risk and compliance as a business strengh - Canon CEECanon Business CEE
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Lawley Insurance
 
Update on Laws and Practices 2020
Update on Laws and Practices 2020Update on Laws and Practices 2020
Update on Laws and Practices 2020LawPlus Ltd.
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...Jon Polenberg
 
web-MINImag
web-MINImagweb-MINImag
web-MINImagAllison Walton
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfELIJAH
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage DetectionIJERA Editor
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
 

More Related Content

What's hot

Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3hRaj Goel
 
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 20168MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016Andi Robinson
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Streamlining paper processes in a digital world - Canon CEE
Streamlining paper processes in a digital world - Canon CEEStreamlining paper processes in a digital world - Canon CEE
Streamlining paper processes in a digital world - Canon CEECanon Business CEE
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Risk and compliance as a business strengh - Canon CEE
Risk and compliance as a business strengh - Canon CEERisk and compliance as a business strengh - Canon CEE
Risk and compliance as a business strengh - Canon CEECanon Business CEE
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Lawley Insurance
 
Update on Laws and Practices 2020
Update on Laws and Practices 2020Update on Laws and Practices 2020
Update on Laws and Practices 2020LawPlus Ltd.
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...Jon Polenberg
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 

What's hot (19)

Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h
2013-09-13-DATTO_What_Should_MSPs_Know_About_Compliance_v3h
 
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 20168MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 
Streamlining paper processes in a digital world - Canon CEE
Streamlining paper processes in a digital world - Canon CEEStreamlining paper processes in a digital world - Canon CEE
Streamlining paper processes in a digital world - Canon CEE
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
Risk and compliance as a business strengh - Canon CEE
Risk and compliance as a business strengh - Canon CEERisk and compliance as a business strengh - Canon CEE
Risk and compliance as a business strengh - Canon CEE
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
Update on Laws and Practices 2020
Update on Laws and Practices 2020Update on Laws and Practices 2020
Update on Laws and Practices 2020
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
 
web-MINImag
web-MINImagweb-MINImag
web-MINImag
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 

Similar to Shutting the digital gate - data preservation and HR

Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfELIJAH
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage DetectionIJERA Editor
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfEnov8
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdfSurendhar57
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...Giulio Coraggio
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The PhysicsJason Chapman
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Vijay Dalmia
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 

Similar to Shutting the digital gate - data preservation and HR (20)

Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage Detection
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docx
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdf
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection Programs
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
R15 a0533 cf converted
R15 a0533 cf convertedR15 a0533 cf converted
R15 a0533 cf converted
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 

Shutting the digital gate - data preservation and HR

  • 1. © 2015 Grant Thornton UK LLP. All rights reserved. Shutting the digital gate – data preservation and HR Background Internal departments such as HR, IT and legal teams, regardless of the company business sector should consider implementing a legal hold on electronic data when key employees leave their employment as part of their wider information governance programme. A targeted approach whether on an individual or department basis should and can be considered depending on the allegations. From subject access requests and disgruntled employees through to resource intensive internal investigations for potential IP theft and regulatory responses, the impact and effect of not having key ex-employees’ data readily to hand can be both reputational and financial. HR and legal departments potentially have the most to gain from forensic technologies, given that HR management is often charged with policy enforcement as well as monitoring and resolving employee or management complaints. Having all of the relevant information gathered into an easy to understand report helps HR managers and legal teams to quickly resolve problems and take action if required. The gathered information can also be used to exonerate employees, businesses or contractors from policy breaches and 3rd party actions. Digital forensics is becoming more prevalent in the civil arena. High profile criminal cases as seen with the News International phone hacking scandals have highlighted the importance in both preserving and seizing electronic data. But what if it isn't a criminal investigation? Scale of the problem You may be asking why this is important, and can we legally do this? This paper will help you realise the benefits and how simple steps taken may prevent potential legal issues arising well after an employee has exited a company and provide your organisation with assurance and protection from any potential surprises. The scale and impact of internal investigations, fraud, litigation or regulatory enquiries will of course vary subject to the nature of the issues and nature of the parties involved however any event will demand time, internal resources and can have significant financial impacts. Listed below are examples of some instances whereby HR and legal teams may wish to consider digital forensic assistance. Do any of these scenarios sound familiar to you or your team? - Allegations of Intellectual Property Theft i.e. company confidential data such as client lists, procedures, pending patents that could be stolen by an employee - Social media misuse or accessing inappropriate material outside of the company IT policy - Abuse aimed at discrediting their employer or colleague - Fiddling expenses or fraudulent activity - Harassment or bullying - Breach of contract - Sending inappropriate jokes via the company email systems
  • 2. How the Digital Forensic Group can assist you You may be surprised that company property in the form of smart phones, tablets, laptop, desktop PC, memory sticks and company server data could help with any internal investigation. Grant Thornton’s Digital Forensic Group are able to deploy techniques used to forensically capture these everyday electronic devices that can be preserved and analysed to court standards, using industry recognised forensic tools. This means inappropriate or illegal activity can be permissible evidence at any employment tribunal or handed to local law enforcement agencies if allegations are thought to be of a criminal offence. A trained digital forensic practitioner should be called for advice or to assist in the process, and this is where we can help you. We will be able to use recognised standard operating procedures and specialist forensic tools used by law enforcement agencies to: - Initiate chain of custody to preserve the electronic data to ensure the integrity and process is documented. - Forensically preserve data, so that the electronic device can be examined in further detail without accessing the original media. - Recover deleted data from mobile devices and computers, where an employee may have tried to cover their tracks. - Identify confidential data that may have been copied onto removable media such as memory sticks. - Gain insight into the use of the electronic device to determine time lines to employee activity of generated data. Even if a model employee has left your company, you may wish to consider forensically capturing all their work related data from company issued mobile devices, memory sticks, laptops, computers, or data stored on shared drives of servers. This would allow vital documents to be recovered with the knowledge the original files were not tampered with and without any loss of information. Furthermore, if it came to light some months later that any former member of your staff was involved in something inappropriate at the time of employment, their company related data would be preserved allowing the information to be scrutinised and investigated further. This is with the understanding that the forensically captured data would not have changed in the process. Additional Benefits of a Legal Hold Following creation of any forensic image, the snap-shot in time is preserved. If after an employee has left employment and issues subsequently come to light the forensic image can be analysed further at any point in time, so determine and ascertain any truth or evidence stored on the device or how it was used by the former employee. The benefits of forensically capturing employee data of exit are numerous including: - Empowering HR investigations - Reducing legal liabilities - Reducing investigative costs and time We can also provide you with the secure deletion of data from hard drives which provides assurances that you will not have succumbed to breaking any laws such as the Data Protection Act whereby data should be used fairly, lawfully and kept no longer than is absolutely necessary in a secure environment. Can I Use My Own IT Team? The Digital Forensic Group are independent and can provide both impartial advice as well as assurance to employees on all work performed. Your IT team will be fully trained and have extensive experience in this sector, however the background to performing or scoping work that may involve potential litigation or criminal investigations may not be part of their experience. Furthermore, specialist forensic software and hardware, along with a variety of forensic techniques may not be in their possession or remit for their current position. This is where we can add value to your company, using our specialised forensic training and experience. We are flexible on costs, and a quote can be provided on a case by case basis once we understand your requirements. Bruce Keeble Senior Consultant, Digital Forensics Group T +44 (0)20 7865 2470 E bruce.h.keeble@uk.gt.com Suki Pooni Specialist Consultant, Forensic and Investigation Services T +44 (0)207 865 2271 E suki.s.pooni@uk.gt.com