You recently contributed an article to the Lawyer on the evolution in data collection and processing. Could you comment on a specific example of how you tackle this increasingly complex issue?
TD: A European Court of Justice ruling that the EU Safe Harbor data-sharing agreement with the US is invalid, calls for urgent fundamental reassessment of data storage and e-Discovery policies. I can share the following story as an example of how to tackle these new challenges in the sector: – We were asked to help a client who was responding to an investigation by a regulator with global reach. They faced allegations of corruption and were based in a civil law European jurisdiction.
The project entailed retrieving several hundred gigabytes of data for around a dozen custodians from a number of I.T. assets such as computers, mobile phones and emails and network shares. – Of these custodians, several had VIP status in the company and there was increased sensitivity about their data. Furthermore, the jurisdiction of the project had data privacy and blocking statute issues. This meant all data had to remain in-jurisdiction for the purposes of the review. Our team responded by designing a mobile digital forensic and eDiscovery solution that provided a fully robust but also data privacy-compliant approach. Our client had additional constraints due to commercial sensitivity reasons, meaning the data had to be collected, processed and ﬁltered on their premises. The client’s legal team also wanted to retain a level of supervision before results could be shipped to one of our in country data centres for hosted document review.
What were some of the challenges you faced?
TD: First, we had to ensure data integrity to ﬁt with the regulator’s requirements. Second, we had to devise a solution that would enable data processing and culling onsite, while allowing the review of the reduced data population to take place in our hosted data centre. The data collection was conducted in accordance with industry best practice. Forensic images were captured and duplicates of the source data were created and securely retained. The data was then processed using an industry-standard processing tool. The exported data was loaded into our customised data-staging environment where it was analysed and culled. We performed a data analytics exercise to exclude private material. All of this work was conducted in a fully deployable eDiscovery solution, ensuring a forensically sound environment could be created on our client’s premises.
How did you ensure that data could not be transferred off site?
KP: Internet protocols were locked down. Since the mobile solution was on the client’s site, they were able to place it behind their firewall. We were only permitted remote access using a restricted protocol to manage jobs and monitor the process. We were also able to generate pre scripted reports to provide details of the data to the client and the client’s legal counsel. For security and efficiency reasons the mobile solution was contained on a single hardware platform which consisted of multiple virtual servers on an isolated network. All hard drives were encrypted and the only access to the system was via a secure login console. Once the filtered data was ready for export, it was copied onto an industry-standard FIPS-encrypted device and couriered to the FRA data centre.
Without going into too many technical details, how were you able to deal with the other challenges?
LB: As the processing and filtering component was conducted using our mobile solution we had to ensure compatibility with the technology in our data centre. We used a standardized workflow process across all locations. – Finally, our team was required to conduct a forensic analysis on the VIP custodians’ computers and this had to be done onsite. This was also accomplished using the mobile solution, as the machine was preloaded with our standard forensic investigation tools. Our experts worked on copies of the physical forensic images. A physical forensic image is a bit-by-bit copy of a hard drive, which includes all of the accessible and deleted data.
Ultimately, your investigation was not hindered by data privacy regulations.
TD: No, because we were allowed remote access to monitor the active job queues and keep all of the tasks running. Our Digital Forensics team was able to work on the data in jurisdiction ensuring all data and reports were retained with the client. Thus, the data did not leave the premises and no violation of jurisdictional data privacy regulations occurred.
Toby Duthie, Founder and Partner
Lukas Bartusevicius, Business Development Analyst
Kiran Patel, Project Manager
Audrey House 16-20 Ely Place
London EC1N 6SN –
Tel: +44 (0) 207 831 9110
The ETHIC Intelligence Experts’ Corner is an opportunity for specialists in the field of anti-corruption compliance to express their views on approaches to and developments in the sector. The views expressed in these articles are those of the authors.