What are the current trends in forensic investigations for cross-border matters? In this article, David Kerstjens, our Digital Forensics Lead, looks at the constant evolution in data types and volumes, and the ever-tightening data privacy laws and regulatory intervention.
Ever-Evolving Data Types and Volumes
Technology has assisted our lives and made things very efficient, but with more software, smart applications and devices, it has actually made things more complicated for forensic collection. There is an ever increasing amount of data to be considered for relevancy.
Traditionally, forensic teams mainly used emails and possibly some internal finance and expense systems to look at during the collection phase. As mobile phones were more widely adopted and more people started using social media, it meant significant data started being saved onto devices. Now lawyers and investigators look to these devices for relevant information.
When dealing with significant amounts of data, it is important to contemplate the variety of data that is generated. There may be emails, WhatsApp messages, WeChat etc, depending on the preferences of the jurisdiction in which the data is found. It is necessary to find one, efficient way to review these different types of data.
Stricter Data Privacy Laws and Greater Regulatory Intervention
When it comes to multi-jurisdiction engagement, whether for investigation or eDiscovery, there will always be issues with data protection laws in various locations. Different countries will have different laws when it comes to data protection or privacy.
General Data Protection Regulation (GDPR) is obviously relevant to any organisations that have offices in Europe, but it actually goes beyond that. For example, if your clients are storing any data for any EU residents then that organisation would be subject to GDPR as well.
When engaging in any data collection, it’s important to discern whether it’s necessary to comply with GDPR, and if so, what steps need to be taken to ensure that the only data collected is that potentially relevant for the matter as opposed to collecting everything which was the procedure back into the heyday of discovery. Generally, forensic teams will over-collect to some extent to ensure that important documents are not missed, but with the privacy changes, it is important to understand the laws and collect only what is relevant.
In China, data privacy is very important. In cross border litigation, when collecting data from China, there are very strict rules that have to be followed before data can be taken out of China for review. For example, to review data from China in Australia, it is necessary to go through a formal state secret screening first. Penalties for breach can include the death penalty so this is not a step that should be underestimated. For these reasons, it is important that your digital forensic team have experience and understand how to manage collections in China appropriately.
Collecting data in cross-border matters is complex, constantly changing and governed by strict laws and regulations. It is a process best left to the experts to ensure that the process is done efficiently, cost-effectively and without breaching any laws.