company responsibility: digital evidence
TRANSCRIPT
www.tusconsultoreslegales.com
Internet/Digital evidence (COMPUTER FORENSICS)
COMPANY CRIMINAL LIABILITY
START POWERPOINT
www.tusconsultoreslegales.com
INTERNET/INVESTIGATION OF DIGITAL EVIDENCE/COMPUTER FORENSICS
4. PREVENTIVE ANALYSIS OF COMPANY'S CRIMINAL LIABILITY
3. HOW TO PREVENT AND/OR MINIMISE THE CRIMINAL LIABILITY OF THE COMPANY
2. LEGAL FRAMEWORK OF COMPANY CRIMINAL LIABILITY AND DIGITAL EVIDENCE
6. GROUNDS FOR FORENSIC INVESTIGATION
1. SITUATIONS WHICH SHOULD BE AVOIDED: REFLECTIONS
5. PHASES OF THE COMPUTER FORENSICS PROCESS
www.tusconsultoreslegales.com
Being involved in criminal proceedings due to not having adopted the control measures stipulated by article20. 3 ETT
To be compelled to pay economic fines, as a result of criminal proceedings, in addition to having investedpart of the budget in preparing a legal defence, occasionally expensive (due to not having an insurancepolicy to cover legal expenses) and which needs to act fast
Running the risk of an employee benefiting economically from committing a crime and and the benefit beingattributed to the company, due to the employee having used its resources
1. SITUATIONS WHICH SHOULD BE AVOIDED
REFLECTIONS:
www.tusconsultoreslegales.com
Also running the risk of receiving an economic sanction by the Data Protection Agency (Agencia deprotección de datos), due to not having complied with the mandatory security measures regulation
Not having foreseen the situation and therefore not being equipped with an optimum traceabilitysystem, enabling possible crimes to be detected, or, which, once they arose, might allow criminalliability to be mitigated, as stipulated in article 31.4 of the Spanish Penal Code, letters a, b, c andd through the evidence gathered
1. SITUATIONS WHICH SHOULD BE AVOIDED
REFLECTIONS:
www.tusconsultoreslegales.com
2. LEGAL FRAMEWORK OF COMPANY CRIMINAL LIABILITY AND DIGITAL EVIDENCE (1/2)
As stipulated by Article 31.2 bis of the Penal Code.
"Legal entities will also be held criminally liable for the crimes committed, in carrying out their business activitiesand benefiting from them, in respect of persons who are subject to the authority of the natural personsmentioned in the above paragraph, and have been able to perform these deeds due to the proper controlnot having been exerted upon them, in accordance with the specific circumstances of each case".
Specifically, in article 31.4 of the Penal Code, it is stated that:
"The only circumstances which may be considered to mitigate the criminal liability of legal entitieswould be if, after the crime had been committed the following activities had been carried out through thelegal representatives thereof":
a) "Having proceeded, before learning of the legal proceedings against it, to confess the breach to theauthorities".
In order to comply with this section of article 31 bis, it is necessary to previously know that abreach has been committed.
www.tusconsultoreslegales.com
2. LEGAL FRAMEWORK OF COMPANY CRIMINAL LIABILITY AND DIGITAL EVIDENCE (2/2)
b) "Having cooperated in investigating the deed, bringing forth evidence at any stage of the process which might be new and decisive for clearing up the criminal liabilities arising from the deeds".
Gathering of evidence from the standpoint of analysis/investigation of the evidence subsequent to the carrying out of the crime.
c) "Having proceeded at any point of the proceedings and before the oral proceedings to redress or reduce the damage caused by the crime".
From the standpoint of security, action can be taken by the accused company to reduce the consequences of the damage caused by an employee.
www.tusconsultoreslegales.com
2. LEGAL FRAMEWORK OF COMPANY CRIMINAL LIABILITY AND DIGITAL EVIDENCE (2/2)
d) "Having established, before the beginning of the oral proceedings, efficient measures to prevent and to reveal the crimes which could be committed in the future with the means or under the coverage of the legal entity".
Gathering evidence, prior to the oral proceedings, is a measure to reveal the crimes which may have arisen.
However, these articles reflect a situation in which the businessman is involved in criminal proceedings. It is not necessary to have identified the natural person who has committed the crime; it i sufficient to know that the crime has arisen from the company
www.tusconsultoreslegales.com
3. HOW TO PREVENT AND/OR MINIMISE THE CRIMINAL LIABILITY OF THE COMPANY
PREVENTIVE MEASURES:
1- Establishing control measures: Implementing an internal company policy
5- Detecting and preserving evidence, so enabling a pro-active legaldefence to be made: Minimising consequences of crime
2- Establishing technical and organisational measures: Complying with obligations for protectionof personal data (Protection of Privacy Acts, LOPD and RLOPD)
3- Implementing security certificates: Preventing fraudulent impersonation
COMPUTER FORENSICS
4- Establishing coverage measures: Having an insurance policy which also covers legal services
www.tusconsultoreslegales.com
An internal company policy with clear guidelines, specifying the permitted use of the company's internal andexternal media, with their corresponding behaviours, expressly indicated, as control measures established bythe company, as stipulated by article 20.3 of the Workers' Statute (Estatuto de los Trabajadores).
4. PREVENTIVE ANALYSIS OF COMPANY'S CRIMINAL LIABILITY (1/3)
1- Establishing control measures: Implementing an internal company policy
2- Establishing technical and organisational measures: Complying with obligations for protectionof personal data (Protection of Privacy Acts, LOPD and RLOPD)
Having complied with the obligations set out in the Protection of Privacy Act and its implementary regulations, in order to establish the technical and organisational measures required, and efficient control measures in accordance with article 20.3 ETT compatible with the worker's privacy
Above all, to ensure control of both internal and external media
www.tusconsultoreslegales.com
4. PREVENTIVE ANALYSIS OF COMPANY'S CRIMINAL LIABILITY (2/3)
3- Implementing security certificates: Preventing fraudulent impersonation
Need to have an insurance policy which also helps to establish coverage in legal expenses
4- Establishing coverage measures: Having an insurance policy which also covers legal services
Distinguishing between the different types of certificates, particularly for mail and those which ensure doubleprotection in security to prevent fraudulent impersonation by unauthorised third parties (internal and external)
To implement electronic signature:
- Take into account legal obligations- Obligations regarding preservation of invoices
www.tusconsultoreslegales.com
4. PREVENTIVE ANALYSIS OF COMPANY'S CRIMINAL LIABILITY (3/3)
The detection, preservation and investigation of electronic proof or evidence which can be used to defend thecompany in the event of the possible criminal liability known as COMPUTER FORENSICS.
This discipline is basically divided into 4 major phases or processes, which can be carried out eitherindependently or consecutively, according to the company's needs.
The phases in Computer Forensics go from prevention up to the application of evidence in proceedings
5- Detecting and preserving evidence, so enabling a legal defence to be made geared towardsminimising possible criminal consequences
COMPUTER FORENSICS
www.tusconsultoreslegales.com
5. PHASES OF THE COMPUTER FORENSICS PROCESS
PREVENTIONFORENSICS READINESS
Objective:
Facilitating possible digital investigation
How:
Establishing and implementing traceability procedures
Example:
Intrusion Detection Systems
LOCATION OF INFORMATIONE-DISCOVERY
Objective:
Seeking specific data amidst a large amount of information
How:
Use of search and filter mechanisms in file and database systems
Example:
Searching for deleted accounting data
DATA ACQUISITIONANALYSIS
Objective:
To correctly initiate the chain of custody of future evidence
How:
Copying digital information bit by bit before a notary
Example:
Copies of information from mobile telephone
ANALYSING EVIDENCEAPPRAISAL
Objective:
Analysing digital information and seeking possible signs.
How:
Blind automatic searchfor suspicious activities
Example:
Analysing ex-employee's PC forpossible data theft
www.tusconsultoreslegales.com
6. GROUNDS FOR DIGITAL INVESTIGATION
Impact of incident at economic level
Losing data is an important economic loss. In the event of scenarios such as Protection of Privacy Actaudits or litigation proceedings between companies, rapid intervention of experts may be needed.
Opportunity for identifying electronic evidence
On many occasions, investigation processes are begun in an inappropriate way in order to achieve acorrect maintenance of the chain of custody, so that the evidence which is gathered is not actuallyconsidered to be electronic evidence within a legal framework.
Opportunity for identifying direct responsibilities
It is necessary to establish preventive measures in order to identify signs relating to the improper use ofassets or false accusations.
www.tusconsultoreslegales.com
6. GROUNDS FOR FORENSIC INVESTIGATION
Opportunity for identifying third party responsibilities
External supplier responsible for managing information systems
External supplier responsible for managing security of information systems
Economic cost of investigation as reported return (ROI)
Conclusion:
Now it is not only important to consider covering in a valid way the grounds giving rise to a dismissaland safeguard the company's productivity, but it is also necessary to prevent the grounds in order toavoid the criminal liability of the company
www.tusconsultoreslegales.com
Thank you for your attention
To purchase the documentation:www.yourlegalconsultnats.com
To hire an expert, contact us at: