All posts by

The danger of ‘deleted’ data

data theft, deletion

What computer forensics experts talk about when they talk about deletion

As computer forensics specialists, we are often asked about deleted data. Is something truly deleted? Can deleted data be recovered? What should we do with old laptops? We thought the best way to answer these questions would be to conduct an experiment to show that in computer science, deletion is more of a spectrum than a binary state. The experiment also demonstrates the importance of protecting data, even when the device is no longer in use.

Introducing Project Gumtree

Armed with just £20, we responded to an advert on community selling portal, Gumtree and purchased four ostensibly clean hard drives from the seller, who had advertised them as coming from old family laptops.  After payment and collection, we handed over the drives to our forensics team.

The first step of any forensics investigation is undertaking a procedure called ‘imaging’. Forensic imaging involves creating an exact copy of the hard disk, enabling investigations to be conducted without endangering or tampering with the original data held on the disk. Once we had imaged the Gumtree drives, the real investigation could begin.

Upon initial inspection, three of the hard drives appeared to be blank, as promised by the seller. The fourth simply showed the Windows base installation menu.  For the average domestic user, the seller’s privacy would have been protected but the first rule of forensics is deleted does not always mean deleted and we anticipated that we would be able to extract data from the seemingly blank disks.

Lost and found

Once we examined the imaged drives closely, we uncovered an incredible amount of information. Below is an overview of exactly what we found on each disk:

Data recovered from Disk 1

  • 1400 PDFs
  • 500 Excel Files
  • 200 Word Docs
  • 8 Powerpoint Presentations
  • 40,000 picture files

Although the seller had originally described the disks as coming from family machines, the information recovered suggested otherwise, with numerous documents detailing expenditure in excess of £120,000 on roof lights and £170,000 on installing cladding on a bridge walkway.  The drive also contained other invoices for tens of thousands of pounds as well as a cache of foreign language documents, all which suggested the disk was not used in a domestic context.

Data recovered from Disk 2

Disk 2 was the drive which had a visible base windows installation but nothing else.  However, once again we were able to recover a lot of data, the majority of which consisted of confidential documents taken from the internal file sharing system, Sharepoint. Files held on Sharepoint are for internal viewing only and therefore should not have been saved on the laptop, providing furher evidence that the seller of the drives had perhaps obtained them via dubious means.

Data recovered from Disk 3

Disk 3 also yielded some interesting data. We found 3,800 Google search terms that provided a great deal of insight into the life of the previous owner. For example, we saw that the owner had searched for Patisserie Valerie bakeries, swiftly followed by a search for gyms in a particular area. More intriguingly and perhaps disturbingly, hidden amongst quotidian work documents was a raft of files relating to philosophy and the occult.

Data recovered from Disk 4

Of all the data recovered from the drives, Disk 4 contained the most sensitive information. Unfortunately, our in-house counsel has advised that we cannot go into detail about the contents of the drives as they contain data related to the UK government as well as CCTV footage.

By the end of the exercise, it was clear that the drives were not from family computers. In total, we recovered around 10,000 official documents and there is evidence that they come from the same government department. Kroll Ontrack is currently taking steps to return the data and the disks to that department so they can conduct their own investigations as to how the data was stolen.

How to disappear completely

The difficulty of truly deleting data from devices is something of a double-edged sword. On the one hand, if data appears to be lost, chances are that with the assistance of an experienced forensics technician, the data can be recovered. Yet, if a company disposing of devices capable of storing data (which comprises of a surprisingly long list including satellite navigation systems, mobile phones, USB sticks and more), the information stored on there could potentially be accessed by a third party unless actions are taken to forensically delete date the data.

We would recommend that companies disposing of devices capable of storing data should contact a forensics provider to ensure all confidential data is unrecoverable by third parties.

If you would like to find out more about how computer forensics can help you support and secure your business, please join us for a breakfast seminar in Central London on 6th April.  The seminar is specifically designed for those working in human resources or employment law.  Please click here to register your place.

Document Review turns Two: Mischief. Mayhem. Darts.

Can you believe it’s been two years since we opened our dedicated document review centre? Since then we’ve gone from strength to strength, doubling in size and caseload. Below are just a few statistics that  highlight how powerful an offering this service and how much demand is increasing:

  • We have over 1,800 document reviewers registered with us
  • We have worked the capacity to work in 173 languages
  • We have worked on 36 projects over the last 7 months in English, French, Afrikaans, Italian, German, Greek, Hindi, Romanian, Hungarian and Portuguese
  • We have 100 seats at our London centre
  • We are expanding into continental Europe

A competitive second birthday party

Richard, one of our Document Review Managers, takes aim

Richard takes aim

We couldn’t do this without the support of our amazing document review lawyers who come from all over the world to work with us. To thank them, our Managed Review team held a birthday party at Flight Club in Finsbury Square.

For those who haven’t been, Flight Club is a darts bar but not as you know it- gone are battered old boards, pints of flat lager and that particular mental stress that comes from trying to do mental arithmetic in the pressure of a competitive group environment. Instead each cloche has a control panel, a choice of games and a computer/camera set up that automatically calculates scores.

 

Each group played three games and six finalists from each cloche were invited to compete in the grand finale. It was a bit of a surprise to see so many skilled darts players and the final tournament was a nail-biting affair with great performances from each player. However, there could only be one winner- Mr Luke Aaron, Legal Consultant and wannabe late night chat host, who seized victory and took home the coveted gold medal.

If you’re a lawyer and fancy joining our document review team, you can find out more information here.

The winner takes it all!

The winner takes it all!

 

Ediscovery trends in 2017: from artificial intelligence to mobile data centres

2017

2017 is set to be a year of change as organisations prepare for the new General Data Protection Regulation (GDPR) and the accelerated adoption of artificial intelligence. Faced with the need to manage greater volumes of data as well as multiplying communications channels, organisations and their legal representatives will be increasingly reliant on ediscovery technology processes to reduce the time needed to identify and manage information required to satisfy regulatory and legal issues.

Against this backdrop, we make the following predictions for 2017:

  1. Technology will play a vital role in helping organisations prepare for GDPR

The tough new General Data Protection Regulation currently being implemented in Europe will have a global impact. In cross-border litigation and investigations, where data needs to cross borders to comply with discovery requests, mobile discovery will become essential.  These solutions capture, process, filter and examine data on-site, avoiding the need to transfer data across borders. GDPR has strict rules for protecting individuals’ right to be forgotten and organisations will need the relevant tools to find and erase personal data. Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs.

  1. Ediscovery will find new homes beyond regulation and legislation

While ediscovery is widely used by professionals working on legal cases in litigation, regulation, competition law and merger control, employment law and arbitration, it will be used more and more this year in an anticipatory manner by organisations to identify, isolate and address any concerns about compliance that could expose them to the risk of some kind of intervention or sanction.  This trend will be exacerbated by the introduction of an increasingly complex and aggressive regulatory environment, exemplified by the French Anti-Corruption laws adopted in November 2016.

  1. New sources of evidence will move into the spotlight

Enterprises are creating more data than ever before. Data can be found anywhere that there are storage devices to hold it, whether that is a data centre, laptop, mobile, on wearable devices or the Cloud. Channels to move data from one place to another are also proliferating. As a result we are seeing a diversification of evidence sources being used to build up a picture of what has happened in a legal matter. Whilst email and structured data remain the most common sources of evidence, other data sources such as social media, satellite navigation systems are gaining in importance and providing key insights into many cases. Clients are increasingly choosing ediscovery providers who can integrate a wider variety of data sources into one platform for analysis.

  1. The robots are coming.

Savvy law firms and corporate counsel will benefit from bringing the latest technologies including artificial intelligence (AI) to the attention of their clients. A long line of court decisions in the US, and now also in the UK and Ireland has already driven greater interest in and adoption of predictive coding.

  1. The ediscovery industry will continue to evolve

The past few years have seen huge changes in the ediscovery industry itself as it seeks to provide the technologies that organisations need to keep up with more stringent regulation in data governance. Only larger, international partners now have the resources and capabilities required to provide local services and data processing centres where organisations need them, together with cutting edge tools and technologies to manage huge volumes of data and channels moving forwards.

  1. Big data will take centre stage in competition and data privacy matters

Regulators are becoming increasingly aware of the competition and data privacy implications of big data. From a competition point of view, big data held by companies can trigger both Articles 101 (relating to antitrust cases) and 102 TFEU (abuse of dominance cases). This is highlighted by the joint report of May 2016 from the French and German Competition Authorities entitled Competition Law and Data which explains that big data can trigger article 101 TFEU and thus be considered a cartel. Companies that handle substantial data volumes on a day-to-day basis will need to factor it into their compliance strategies and embrace technological solutions to aid in investigations and redactions.

  1. There will be a greater need for electronic documents

Despite evidence becoming mostly electronic, until recently regulatory authorities still required the submission hard copies of RFI forms, merger filings and other investigatory materials. However, the introduction of the European Commission’s eQuestionnaire for merger control and antitrust cases means parties must now submit all information electronically.

In December 2016, the EC has also recently published guidelines entitled “Recommendations for the Use of Electronic Document Submissions in Antitrust and Cartel Case Proceedings”. It is important to note that the EC strongly encourages the use of electronic formats even for paper documents which means they have to be scanned and made readable.

Tim Philips, Managing Director at Kroll Ontrack, said: “Ediscovery continues to provide essential tools and technologies for all manner of legal matters and allows companies to efficiently navigate through this era of big data, regulatory scrutiny and more stringent data protection requirements. 2017 is set to be another landmark year in terms of the adoption of ediscovery technology and the evolution of ediscovery technology itself.”

Merry Christmas!

xmas-card-2016

A practical guide to predictive coding

Did you miss out on our practical predictive coding event? Not to worry! We’ve created a twenty minute tutorial video that will guide you through the basics of using predictive coding technology.

Presented by Kroll Ontrack’s predicitive coding gurus and using real life case studies as examples, you will learn how predictive coding technology works and how you can use predictive coding technology in your own cases.

We hope you enjoy the video and find it illuminating, but if you have any further questions please get in touch in the comments or by emailing enquiries@krollontrack.co.uk.

Practical Predictive Coding

 

 

Understanding the value of structured data

In the earlier days of ediscovery, the spotlight was on handling the spiralling volumes of unstructured data such as emails and documents. Email in particular changed the face of ediscovery and nowadays, most lawyers working in litigation or competition are now sophisticated consumers or users of ediscovery technology. However, another source of electronic evidence is becoming increasingly important- structured data. Structured data refers to any data that resides in a fixed field within a record or file. This includes data contained in relational databases and spreadsheets and so often includes financial or operational information.

Research conducted by the Data Warehouse Institute has found that approximately 47 per cent of corporate data are structured in nature, compared to 31 per cent of unstructured data, leaving the remaining 22 percent classified as semi-structured data.

Yet, despite the prevalence of this kind of data, many clients are unsure how to deal with unstructured data and when faced with Question 5 of the Electronic Document Questionnaire, they are firmly out of their comfort zone.

Whilst it might be intimidating or tempting to neglect this, structured data is a valuable source of electronic evidence and quite often is a treasure trove of information. With the right tools and expertise, it is possible to unearth trends, patterns, and red flags which can be used in an investigation or as intelligence into an organisation’s operations.

Much like ediscovery tools revolutionised the analysis of emails, data analytics tools are helping tackle the challenge of extracting, processing and transforming structured data into meaningful  electronic evidence. This evidence can be stand alone or supplementary to unstructured data such as email and documents typically reviewed and exchanged during the ediscovery process in legal proceedings.

Want to find out more?  Shine a light on Data Analytics

Join experts from Kroll and Kroll Ontrack on 13th October 2016 for a discussion of the ways in which data analytics tools can be used to provide advanced data insight for investigations, litigation and regulatory requests.

Using real world case studies, our speakers will illustrate how these tools have been used to unlock relevant information, and suggest ways to get the most out of your use of analytics.

Date: 13th October 2016

Timetable

  • Registration: 6:00pm
  • Presentation: 6:30pm – 8:00pm
  • Drinks and networking: 8:00pm
  • Location: Kroll Ontrack, Nexus, 25 Farringdon Street, London, EC4A 4AB

To register your place, please click here.

IBA Conference 2016: See you in DC!

The International Bar Association’s Annual Conference is one of the highlights of the international legal calendar with over 6,000 delegates from around the world attending. We are delighted to be exhibiting once again and are looking forward to meeting existing clients and new faces.

The 2016 conference is being held in Washington DC and unsurprisingly, has attracted a prestigious panel of leading legal, financial and political figures including such as former US Secretary of State, General Colin Powell, Managing Director of IMF, Christine Lagarde and Director of Federal Bureau of Investigation, Robert S Mueller, III. If that wasn’t a star-spangled enough line up,  our very own Hitesh Chowdhry has been invited to speak on a panel on Thursday 22nd Sept at 10.45am in Balcony B, Mezzanine Level.

Entitled ‘Recalls, reputations and repeat business: bringing companies and their products back from the brink of disaster’, Hitesh and his fellow panellists will be discussing the many essential considerations arising for companies and their in-house counsel in the midst of reputational crises fuelled by an urgent (typically global) recall of products from consumers.

The panel will present real-world recall examples and the companies and lawyers who were in the trenches, as well as true to life case studies in this interactive and vibrant session, with a focus on the winning legal, communications and public relations strategies that bring companies and their products back from the brink of disaster.

Members of our EMEA team will also be based at booths 40 and 41 and will be available to answer any electronic evidence-based questions you may have. We will also be launching the second edition of our New Frontiers report, which is bigger and better than before. Come say hello and get your copy hot off the press!

 

Predictive coding: a little less conversation, a little more action                 

Predictive coding has been the hot topic of conversation for a while now. Both legal technology providers and industry thought leaders have waxed lyrical about its efficacy and this year marked the first time a UK court had approved the technology for use in a case. Yet despite this, one topic of conversation has remained untouched; how do you use the technology?

We decided to rectify this situation by hosting a unique seminar:-  Predictive Coding: Getting it Done. Held in the Museum of the Order of St John’s Chapter Hall, the seminar was led by Kroll Ontrack’s predictive coding experts Jim Sullivan and Leon Major. We were also delighted to welcome guest speakers Emily Maxwell of DLA Piper  and Ilaria de Lisa, Gleiss Lutz. As Kroll Ontrack clients, Emily and Ilaria were able to provide their unique insights into using predictive coding.

The seminar’s jam-packed agenda covered all the practical predictive coding basics including a breakdown of common terminology, an overview of the scenarios in which predictive coding can be used and, a step-by-step guide to using predictive coding using real life case studies as examples. Guests also had the opportunity to have their questions answered by our experts.

Following the presentation, guests gathered in the Museum’s medieval cloister gardens to enjoy a champagne reception and to make the most out of the unusually pleasant summer weather! Originally used by the Order of St John for growing medicinal herbs, the Cloister gardens is one of London’s hidden gems; a rose and lavender-scented oasis which proved to be the perfect location for relaxing after a very informative workshop.


Garden1-1170x636

Brexit and data protection

As the world contemplates the ramifications of the EU referendum, we’ve speculated as to how Brexit might change the way our clients handle data transfers in litigation and investigations.

What legislative regime would govern the UK?

The UK currently operates under the Data Protection Act 1998, which was enacted to bring British law in line with the EU Data Protection Directive (DPD). Since Britain has voted to leave the EU it is likely that the Data Protection Act 1998 will remain unchanged at least during the transition period.

For businesses operating solely within the UK, this means business as usual. However, things become complicated when a business needs to transfer data to or from another European country.

The EU is currently in the midst of replacing the General Data Protection Directive with the General Data Protection Regulation (GDPR) and had Britain voted to remain, British businesses would have had to comply with this new, tougher legislation which includes:

  • Increased fines, up to 4% of the annual global turnover
  • A “Privacy by design” provision requiring that data protection is designed into business services. Companies will need to ensure they are adopting measures to protect data right from the start of a client engagement.
  • Explicit consent being obtained for the collection and processing of data.
  • The appointment of an independent Data Protection Officer.
  • A “Right to be forgotten”. A client has the right to request the erasing of personal data. Companies will need to take steps to understand how they can comply with such a request.
  • A prohibition on data being transferred outside the EU without approval from the relevant supervisory body.

However, Brexit is not simply a case of “in” or “out” and much of the potential consequences of leaving depend on whether or not Britain becomes part of the European Economic Area (EEA) or completely severs ties.

If Britain becomes part of the EEA, this would afford Britain the same status as other European countries such as Norway and Iceland. This would mean it would be designated a ‘safe area’ under the GDPR.  In business terms, this would make data transfers somewhat easier, assuming the EU found the UK’s safeguards to be appropriate.  However, this would mean that the UK would still be subject to the DPD and from May 2018, the GDPR, when transferring data across borders to comply with legal obligations in other countries.

An EU-UK Privacy Shield?

If the UK does not become part of the EEA, the UK would probably have to negotiate an agreement similar to the EU-US Privacy Shield in order for UK companies to continue to transfer data between the UK and countries in the EU.

In this scenario it is likely the Article 29 Working Party would suggest similar terms to the US:

  • An ombudsman to handle complaints from EU citizens about the UK security services accessing their data.
  • UK Security services / the Home Office to provide written commitments that Europeans’ personal data will not be subject to mass surveillance.
  • An annual review or audit to check the new system is working properly.

The Upshot

Data protection legislation is changing regardless of the outcome of the referendum and British businesses need to be prepared for these changes. Until the UK finalises its data protection regime and comes to an agreement with the EU, companies need to think carefully about the risks of transferring data across European borders. However, business does not have to come to standstill; law firms and companies can rely on Kroll Ontrack’s mobile ediscovery solution and network of European offices and data centres to continue to process and transfer data in Europe in a compliant and cost-effective manner. We have always catered for the data protection needs of our clients as they take all laws and regulations into consideration.

Brexit: Our position

Although the results of the referendum are clear, the full impact of Brexit on data transfers in litigation and investigations is dependent on whether or not Britain becomes part of the European Economic Area (EEA) or the European Free Trade Association.

If the UK becomes part of the EEA and the EU finds the UK’s data protection safeguards to be appropriate this would make transferring data outside of the UK easier. However, it is likely that businesses will still have to comply with the new requirements to be implemented under the forthcoming General Data Protection Regulation, when transferring data across borders to comply with legal obligations in other countries.  Both legal mechanisms and technology solutions are relied upon in these situations to safeguard the personal data of European citizens.

If Britain does not become part of the EEA, the situation is more complicated and it is likely that an arrangement similar to the EU-US Privacy Shield would need to be agreed.  This will provide a safe passage for the transfer of data between the UK and other countries in Europe

Until the UK finalises its data protection regime and comes to an agreement with the EU companies need to think carefully about the risks of transferring data across European borders.  Business does not have to come to a standstill; law firms and companies can rely on Kroll Ontrack’s mobile ediscovery solution and network of European offices to continue processing and transferring data in Europe in a compliant and cost-effective manner.   We have always catered for the data protection needs of our clients as they take all laws and regulations into consideration.