Data Proection Act ...
 
Notifications
Clear all

Data Proection Act and Forensic Computing

7 Posts
5 Users
0 Likes
685 Views
(@shadowviper)
Posts: 2
New Member
Topic starter
 

Hi everyone,

As part of my final year project at my university, I've been tasked with researching the legislation that affects computer forensic investigations in the United Kingdom. I've already found a list of some of the Acts of legislation that would have an impact on a computer forensics investigation.

I've got a quick question in regard to the Data Protection Act 1998, during computer forensics investigations, are the investigators regarded as Data Controllers or Data Processors?

In case it is needed, the project involves studying a forensic computing laboratory that is attached to the university that would like to start processing digital evidence, so they would be doing this in a corporate environment governed by contract law (so I'm unsure of whether the exemptions given to the police apply, I'm assuming not until I find information that suggests otherwise.).

 
Posted : 05/11/2011 3:28 pm
(@pragmatopian)
Posts: 154
Estimable Member
 

See Section 1(1) of the act

http//www.legislation.gov.uk/ukpga/1998/29/section/1

If you're doing your investigation on behalf of another entity you're probably going to be a data processor rather than a data controller.

Details of exemptions can be found in Part IV

http//www.legislation.gov.uk/ukpga/1998/29/part/IV

Most are restricted to public sector employees acting in specific circumstances, but some can also be used by those in the private sector.

 
Posted : 07/11/2011 10:36 pm
(@trewmte)
Posts: 1877
Noble Member
 

Excellent response pragmatopian. I took a leaf out of your book and thought that since you identified the legislation I wondered whether the ACPO Guidelines had anything to say on this important matter.

Jamie (he's not a bad old chap) kindly put up a page so forum members could download the Guidelines

http//www.forensicfocus.com/index.php?name=Downloads&d_op=viewdownloaddetails&lid=8&title=ACPO%20Good%20Practice%20Guide%20for%20Computer%20based%20Electronic%20Evidence

ShadowViper, I couldn't find anything in the ACPO Guidelines that specifically categorises the roles which you mentioned. So as record of your study perhaps you may wish to take it that you've uncovered an absence, omission, or identified operator sub-category status within the role of those involved in 'extracting and harvesting data' from digital devices.

 
Posted : 08/11/2011 11:26 am
(@shadowviper)
Posts: 2
New Member
Topic starter
 

Thanks for the responses so far, very helpful links pragmatopian, I'm definitely going to be using those in my project.

And since I am going to be covering standards and guidelines as well, I can definitely follow through with trewmte's suggestion about the ACPO guidelines.

Thanks again!

 
Posted : 08/11/2011 8:45 pm
(@dilogoat)
Posts: 5
Active Member
 

Be sure to take a look at the Data Retention Directive the EU put in place in 2009. It impacts some of that act.

 
Posted : 05/11/2012 8:46 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Be sure to take a look at the Data Retention Directive the EU put in place in 2009. It impacts some of that act.

Also, consider the "news"
http//ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
it is likely that there will soon be changes in EU legislation…..

Talking of news, the OP last posted one year ago (2011), I hope (for him) that he is well past his final year….

jaclaz

 
Posted : 05/11/2012 9:28 pm
(@dilogoat)
Posts: 5
Active Member
 

I didn't even look. I was doing an assignment relating to a similar topic last week so I got excited.

 
Posted : 06/11/2012 1:20 pm
Share: