Handling data rights in digital evidence

During the trial of a suspect charged with attempted murder, a lot of digital evidence was produced by the State to support its case against her. Most of the evidence produced consisted of mobile phone communication between her and the suspected assassin.

The State also produced phone records showing that her mobile phone signal was traced back to the victim’s house.

Increased technology has made it easier to produce digital evidence in support of criminal and civil litigation. Investigators have been able to arrest and try many suspects as a result of incriminating communication on their digital devices.

Demand for digital forensics professionals is therefore increasing. Digital forensics entails the recovery, investigation and analysis of information contained in digital devices. It is a field of technology and has an investigative angle to it.

At times suspects may try and destroy digital evidence. However, the digital forensic expert may be able to recover such evidence and analyse it.

In Kenya, digital evidence is highly regulated meaning before digital evidence can be produced it has to meet a certain threshold.

The first law that governs digital evidence is the right to privacy. This is a constitutional right that guarantees protection of one’s privacy and this includes data privacy. The right protects individuals from arbitrary search and seizure of their digital devices.

It also protects individuals from having their communications infringed such as hacking into their e-mails or tapping their phone conversations.

Several other laws protect individuals from arbitrary searches and privacy breaches. These include the communications and data protection laws. Therefore, investigators cannot arbitrarily seize and infringe on communications without a court order.

In a leading financial scandal, the Capital Markets Authority was able to get court orders to allow it to seize a licensee’s digital equipment and furthermore, conduct a forensic investigation of this equipment.

The law also regulates the acceptable manner in which digital evidence can be produced. The Evidence Act sets out the manner in which digital evidence can be accepted, the key most important point being the production of a certificate of electronic evidence.

Compliance with the law is very crucial in the collection and presentation of digital evidence. Evidence may be struck out if it does not comply with the law.

Borrowing from the strict requirements of the law when it comes to digital evidence, an organisation can adapt some practices as part of its policy and operations.

Firstly, it is important to adhere to the data protection laws in your business. Data protection laws take on both a local and international nature. To ensure your business is even more competitive internationally, it would be important to adhere to the European Union’s GDPR regulations. A business that shows compliance with data protection regulations may establish for itself a higher competitive edge than one which is non-compliant.

It is important to invest in cybersecurity to minimise the risk of data breaches. Increased cybersecurity gives the customer more confidence in your business. Experts can advise on how to implement cybersecurity so as to minimise risk.

Lastly, a business ought to have technology and communication policies that protect the company. For example, the permissible type of communication on the business communication platform. It is also important to have a centralised communication, especially when using social media.

Staff may expose the business to litigation if they breach confidentiality and data privacy. For example, if your staff posts private client information on social media or shares client information with a third party. This is very risky for the company. This, therefore, underscores the importance of human resource policies.