The advent of the Protection of Personal Information (POPI) Bill, which is set to be enacted this year, will change the way companies have to approach data handling strategies, processes and procedures. As computers have increasingly become part of our lives, they have increasingly been used for criminal activity. With cyber attacks, hacking and fraud on the rise, computer and digital forensics has evolved to investigate a wide variety of crime, including information gathering, fraud, cyber stalking, and illegal access to information, or data breaches.

POPI will make this discipline even more vital to businesses in South Africa, as the penalties provided for in the legislation are onerous, placing the onus on companies to ensure the security of their data and making them liable for any infringements of personal information. Comprehensive data handling systems will need to be devised an implemented in order to comply with POPI. But even without a legislative requirement to manage the security of data, businesses are increasingly becoming aware of the need to protect their information, and of the potential cost of a data breach.

The new laws are intended to cover any person or entity that collects, uses or stores personal information and will, therefore, involve the majority of businesses having to assess how they handle personal information. The Bill requires organisations to collect and use only the minimum information necessary to accomplish their objectives, maintain the information accurately, to safeguard personal information, and to delete or destroy information when it is no longer needed. Notably, organisations will be required to notify the individual and the new Information Regulator of any compromises to their personal information, including loss, theft, unauthorised access or disclosure, hacking incidents etc.

However, most IT departments are unprepared to deal with these requirements, and are unable to perform the forensic investigation necessary to establish the cause of the data breach. Retaining a third-party corporate breach and data security expert can take the pain out of this process, as an evaluation performed by an objective, neutral party leads to a clear and credible picture of what’s at stake, and appropriate provisions can be out in place should the worst happen. In addition, cyber forensics is a highly specialised discipline, and a qualified service provider will be able to administer the appropriate measures not only in terms of establishing causes and identifying perpetrators, but in following the correct legal process to ensuring a conviction.

Digital forensic techniques can be of value in a wide variety of situations, including perhaps, simply re-tracking steps taken when data has been lost. Common scenarios include employee internet abuse, the unauthorised disclosure of corporate information and data, industrial espionage, and criminal fraud and deception cases.

Data which has been deleted on a computer is never really “gone”. A cyber forensic investigation conducted according to internationally accepted standards and using state-of-the-art hardware and software can locate all lost and/or deleted files. All system and user created data is analysed and keyword searches are conducted. E-mail folders and database files are converted to locate evidence of the transgression, and evidence can be presented in court regarding the case.

The impact of illegal access, theft or destruction of a company’s proprietary data could have a devastating effect. This is when the selection of a cyber forensic expert’s true value is not only measured by his ability to locate some digital evidence, but more so in his ability to successfully locate all of the evidence and in placing the evidence in context for the investigator and advising the client on remedial action. It is equally important that the cyber forensic expert is able to effectively relay the findings in an expert report and successfully testify as an expert witness at any level of judicial proceeding. The expert status of a cyber forensic expert is measured by his qualifications, experience, lecturing and work published, capacity and infrastructure, affiliations and accreditation, and – not least – his track-record.

By Danny Myburgh, Managing Director of Cyanre