Disclosure of Digital Material in 2015 and Beyond
Like it or not Disclosure impacts on all digital forensic, but of the legislation and guidance available including CPIA 1996, ACPO and Attorney General’s guidelines, none actually provide any detailed information of the practical considerations that need to be made in 2015. Interestingly, not one even refers to the difference between an eDiscovery and eDisclosure approach to reviewing material, yet eDiscovery has been in existence since approximately 2006.
As the rulings on disclosure in civil cases are beginning to have an impact in criminal prosecutions is it the time to review the legislation and guidance collectively and develop a better strategy for the disclosure of digital material in criminal investigations?
I would be interested to hear from anyone who has experienced disclosure challenges and/or has thoughts on the disclosure of digital material in criminal investigations in 2015 and beyond.
I'd agree there needs to be much clearer direction. At present there are certain practices that work and are done in most cases but that is because there are people who have done it like that before. Sometimes this local knowledge isn't available and so things don't work out.
Considerations need to include -
the third party's ability to comply with the Data Protection Act,
the third party's ability to comply with handling of illicit material, including destruction of data,
issues regarding the handling of legal and professional privilege material,
issues around disclosure of sensitive/confidential material to police and to third parties,
issues around high value information such as patented material and intellectual property,
data from witnesses/victims that results in unreasonable invasion of privacy and could put them at risk from a suspect/defendant,
cases where there are multiple suspects/defendants, each with different defence teams and where disclosure of one defendant's data to another could result in unreasonable invasion of privacy and could unfairly affect their defence.
I'm sure there are more considerations. The process of redacting data is not easy. Whilst there are tools that can auto redact all references to particular words in a case there is still a risk we missed something that was misspelt, or the person providing the keyword list didn't think of a word that needed to be redacting.
Direction would also provide us and organisations with guidelines on what is reasonable for us to seize in the first place. Capturing data in some instances has been more of a negotiation process and without local knowledge and experience it would have been easy to end up with insufficient information.
My points and your question relate to how things are in the UK. I'd be interested in hearing viewpoints from members in other countries and those with strong legal knowledge in the UK.