Click here to load reader
Upload
yourlegalconsultants
View
421
Download
0
Embed Size (px)
DESCRIPTION
Corporate resopnsibility. Digital evidence
Citation preview
www.tusconsultoreslegales.com
Internet/Digital evidence (COMPUTER FORENSICS)
CORPORATE CRIMINAL LIABILITY
www.tusconsultoreslegales.com
INTERNET/INVESTIGATION OF DIGITAL EVIDENCE/COMPUTER FORENSICS
4. PREVENTIVE ANALYSIS OF CORPORATE CRIMINAL LIABILITY
3. HOW TO PREVENT AND/OR MINIMISE CORPORATE CRIMINAL LIABILITY
2. LEGAL FRAMEWORK OF CORPORATE CRIMINAL LIABILITY AND DIGITAL EVIDENCE
6. REASONS FOR A FORENSICS INVESTIGATION
1. SITUATIONS WHICH SHOULD BE AVOIDED: REFLECTIONS
5. STAGES OF THE COMPUTER FORENSICS PROCESS
www.tusconsultoreslegales.com
•Being involved in a criminal process as a result of not having adopted the control measures provided in article 20.3 of the Workers' Statue
•Being obliged to pay economic fines deriving from a criminal process, as well as having invested part of the budget in preparing a legal defence, which is on occasions expensive (as a result of not having an insurance policy which includes legal defence) and which requires swift action
•Taking the risk that an employee, benefits economically from committing a crime with a company being held liable for said benefit as its resources were used
1. SITUATIONS WHICH SHOULD BE AVOIDED
REFLECTIONS:
www.tusconsultoreslegales.com
•In addition, taking the risk of receiving an economic penalty from the Data Protection Agency as a result of not having met the mandatory regulation on security measures
•Not having foreseen the situation and therefore not having an optimal traceability system which makes it possible to detect possible crimes, or once they have taken place, managing to mitigate the criminal liability as established in article 31.4 of the Spanish Criminal Code, letters a,b,c and d through the evidence collected
1. SITUATIONS WHICH SHOULD BE AVOIDED
REFLECTIONS:
www.tusconsultoreslegales.com
2. LEGAL FRAMEWORK OF CORPORATE CRIMINAL LIABILITY AND DIGITAL EVIDENCE (1/2)
As established in Article 31.2 bis of the Criminal Code. “Legal persons will also be criminally liable for the crimes committed in the exercise of business activities and on
the account and benefit of said activities by those who, subject to the authority of the natural persons mentioned in the above paragraph, have been able to perform the actions as they were not subject to the due control according to the specific circumstances of the case”.
Specifically, article 31.4 of the Criminal Code establishes that: “Only the following activities may be considered as attenuating circumstances of the criminal liability
of legal persons carried out subsequent to the crime being committed and through its legal representatives":
12. “Having proceeded to report the offence to the authorities before becoming aware of the legal procedure against it".
In order to comply with this section of article 31 bis, it is necessary to know beforehand that an offence has been committed.
www.tusconsultoreslegales.com
2. LEGAL FRAMEWORK OF CORPORATE CRIMINAL LIABILITY AND DIGITAL EVIDENCE (2/2)
• "Having collaborated in the investigation of the fact by providing proof at any moment of the process which is new and decisive for clarifying the criminal liabilities arising from the facts".
Collection of proof from the point of view of an analysis/investigation of the evidence subsequent to the crime being committed.
• “Having proceeded at any moment of the procedure and prior to the oral trial to rectify or reduce the damage caused by the crime”.
From a security point of view, it is possible to intervene so as to reduce the consequences of the damage caused by an employee from the accused company.
www.tusconsultoreslegales.com
2. LEGAL FRAMEWORK OF CORPORATE CRIMINAL LIABILITY AND DIGITAL EVIDENCE (2/2)
• "Having established, prior to the start of the oral trial, effective measures to prevent and discover crimes which may be committed in the future with the resources or under the cover of the legal person".
Collection of evidence, prior to the oral trial, is a measure to discover crimes which may have taken place.
However, these articles reflect a situation in which the employer is involved in a criminal process. It is not necessary to have identified the natural person which has committed the crime, it is sufficient that the crime has originated inside the company
www.tusconsultoreslegales.com
3. HOW TO PREVENT AND/OR MINIMISE CORPORATE CRIMINAL LIABILITY
PREVENTIVE MEASURES:
1- Establishing control measures: Implementing an internal corporate policy
5- Detecting and preserving evidence which allow a proactive legal defence: Minimising the consequences of the crime
2- Establishing technical and organisational measures: Complying with personal data protection obligations (Organic Law on Personal Data Projection and Implementing Legislation)
3- Implementing security certificates: Preventing identity theft
COMPUTER FORENSICS
4- Establishing cover measures: Having an insurance policy which also covers legal services
www.tusconsultoreslegales.com
An internal corporate policy with clear guidelines, specifying the permitted use of both the company's internal and external means of communication, with the corresponding behaviours, expressly indicated, through control measures established by the employer as provided in article 20.3 of the Workers' Statute.
4. PREVENTIVE ANALYSIS OF CORPORATE CRIMINAL LIABILITY (1/3)
1- Establishing control measures: Implementing an internal corporate policy
2- Establishing technical and organisational measures: Complying with personal data protection obligations (Organic Law on Personal Data Projection and Implementing Legislation)
Having complied with the obligations established by the Organic Law on Personal Data Protection and implementing regulations to establish the technical and organisational measures necessary, as well as efficient control measures in accordance with article 20.3 of the Workers' Statute which are compatible with the worker's privacy.
Above all, ensuring control of both internal and external means of communication.
www.tusconsultoreslegales.com
4. PREVENTIVE ANALYSIS OF CORPORATE CRIMINAL LIABILITY (2/3)
3- Implementing security certificates: Preventing identity theft
Need to have an insurance policy which also contributes to establishing cover for legal defence.
4- Establishing cover measures: Having an insurance policy which also covers legal services
Distinguishing between the different types of certificates, especially for mail and those which ensure double protection in security to prevent identity theft by unauthorised third parties (internal and external)
To implement the digital signature:
- Bearing in mind legal obligations
- The obligations to conserve invoices
www.tusconsultoreslegales.com
4. PREVENTIVE ANALYSIS OF CORPORATE CRIMINAL LIABILITY (3/3)
The detection, preservation and investigation of electronic proof or evidence which may be used to defend the company against possible criminal liability is known as COMPUTER FORENSICS.
This discipline is basically divided into four major stages or processes, which can be carried out independently, or consecutively, according to the company's needs.
The stages of Computer Forensics go from prevention up to implementing proof in the trial.
5- Detecting and preserving evidence which allow a legal defence oriented towards minimising possible criminal consequences
COMPUTER FORENSICS
www.tusconsultoreslegales.com
5. STAGES OF THE COMPUTER FORENSICS PROCESS
PREVENTIONFORENSIC READINESS
Objective:
Facilitating a possible digital investigation
How:
Establishing and implementing traceability procedures
Example:
Intrusion Detection Systems
LOCATING INFORMATIONE-DISCOVERY
Objective:
Search for specific data from a large quantity of information
How:
Use of search and filter mechanisms in file systems and databases
Example:
Search for deleted accounting data
DATA ACQUISITIONCHAIN OF CUSTODY
Objective:
Correctly initiating the chain of custody of future proof
How:
Bit by bit copy of digital information before a notary
Example:
Copies of information from a mobile telephone
EVIDENCE ANALYSISEXPERT REPORT
Objective:
Analysing digital information and searching for possible evidence.
How:
Blind and automated search for suspicious activities
Example:
Analysis of the PC of an ex-employee for possible information theft
www.tusconsultoreslegales.com
6. REASONS FOR A DIGITAL INVESTIGATION
• The impact of the incident on an economic level
The loss of data is a significant economic loss. Scenarios such as audits resulting from the Organic Law on Personal Data Protection or litigation among entities may require swift intervention by experts.
• Opportunity to identify electronic proof
On many occasions investigation processes are started inadequately for achieving correct maintenance of the chain of custody, in such a way that the evidence which is recovered is not considered as electronic proof in a legal framework.
• Opportunity to identify direct liabilities
It is essential to establish preventive measures so as to identify evidence related with improper use of assets or false accusations.
www.tusconsultoreslegales.com
6. REASONS FOR A FORENSIC INVESTIGATION
• Opportunity to identify liabilities of third parties
External provider responsible for managing information systems
External provider responsible for managing the security of information systems
• Economic cost of the investigation against the benefit received (ROI)
Conclusion:
It is now not only important to consider validly covering the reasons for a dismissal and ensuring the company's productivity, but it is also necessary to prevent the reason so as to avoid corporate criminal liability
www.tusconsultoreslegales.com
Thank you for your interest
To purchase documents:www.yourlegalconsultants.com
To hire the services of an expert, please contact: