But again, it ultimately comes down to the rationale and concrete approach underlying the conduct of forensic activities. Careful, forensic processing of data privacy violations in the context of an information security incident is in the interest of data privacy and the persons affected. After all, this often helps to limit the subsequent damage to affected persons and companies or to take suitable remedial measures to protect affected persons at an early stage.
Of course, as in the case of log management, there are some key principles that must be considered in digital forensics from a privacy perspective. We would like to highlight three principles:
- The rights and freedoms of employees (and other affected subjects) must also be protected in the context of forensic analyses of personal devices and storage locations (e.g. home drives).
- In this context, responsible companies in particular should ensure the transparency of data processing, the establishment of an appropriate legal basis, and the protection of collected data.
- If personal areas of employees are the subject of forensic analyses, it is often necessary to involve the works council and the organization's data protection officer or to obtain their approval.
- If the company is confronted with criminal offences (e.g., in connection with illegal content or unlawful access to computer systems), legal experts should be involved in the incident handling process at an early stage. This is particularly advisable regarding properly obtaining and securing evidence.
In light of these points, companies should consider establishing uniform guidelines and procedures for the systematic execution of forensic activities in advance. After all, these can drastically reduce the time and effort required in connection with the above-mentioned considerations in the event of an emergency – time that is usually urgently needed for the actual mitigation.
The data protection-compliant design of log management or activities in the area of digital forensics often bring certain tension regarding the company's information security. However, a closer look quickly shows that these areas should rather complement and support instead of contradicting each other.
Only if internal security measures are designed to comply with data protection requirements, all involved parties as well as external stakeholder will trust these, which is a prerequisite for effective information security within the company.