UK based readers are probably already aware of the recent news surrounding the loss of 2 CDs containing the personal details of around 25 million British citizens. Computer forensic examiners are, generally speaking, very aware of the issues surrounding the handling of confidential information and will have the necessary procedures in place to ensure that such data is properly handled. This incident, though, shows just how catastrophic the effects of a single breach in procedure can be.
Consideration of privacy issues is something which impacts every stage of an investigation and often plays a key role in determining exactly what an examiner is permitted to do. Beyond that, the way in which data is transported and stored needs to be thought about carefully, usually in the light of existing legislation and the principles of best practice. With this recent breach hitting the headlines it seems almost certain that data protection procedures will come under close scrutiny in the UK - what better time to review your own procedures?
Please feel free to comment on the above. How does data protection legislation impact you? Is the law clear or are you concerned about compliance issues? Does such legislation make it difficult to carry out your job or do you think it is reasonable?