Advertisement
Computers and businesses and law suits and crime – your worst nightmare - I mean worst~!!
If a company has a policy that all data is to be destroyed on some schedule – and it is followed they can not be faulted in court Just so long as they had no knowledge of a litigation. If they have knowledge of a litigation they may find it wise to preserve data.
I advise my business clients to:
1.) Disallow computers from being used to communicate sensitive information. This is hard because most employees cant understand why a great many things should never be made digital and permanent. They just don't get it.
2.) Back up needed data and physically destroy hard disks replacing them every six months. Yup destroy them as in a shredder or fire. There is no known data erasure method that can prevent the police form recovering deleted and over written data. Nothing can do it. Nothing. Ya gotta destroy the disk in the drive.
Most larger companies have made all their desk top PCs dumb terminals again. Some don't allow hard drives at all (this is the best solution).
The reason I make that advice is simple. People misbehave.
Sometimes they don't know it.
Sometime they don't know how damming the material they are making digital - and permanent - can be.
Sometime the people who are misbehaving are not associated with that computer or company at all but, invaded it from outside.
Examples of what can go wrong run the gamut from employee e-mails talking about company business or fellow employees later being subpoenaed and used in a lawsuit -(whenI subpoena computer information I subpoena everything on the company computers having it imaged by a service – I get everything on every computer- period) - all the way to the far far end where some poor bastard logged onto a site (such as a Peer to Peer site that has interesting video or music or games) and ended up getting infected with a stealth-bot program that used the company computers to warehouse and transmit child porn ( yes it happens exactly like that). One particular company in PA had this happen. The horror is that the company is small and not publicly traded. This meant that the prosecutors went after the poor SOB who owned the company - even though he didn't use that computer. He is defending - right now- felony charges of trafficking in and possession of child porn.
Or the small business which uses shitty security and a radio router who gets hacked from the parking lot VIA laptop and used to do the same vile thing.
Once the police find evidence of kiddie porn it makes no difference whether you knew of it or even had the technical savvy to decrypt it and see it. It's like heroin - if it's on you, it's yours.
This happened to two kids that I know of, one in the S. West (tinyurl.com/yzvass) and another in PA. Kids on P-to-P networks got their boxes turned into stealth bots for child pornographers and the prosecutors were didn't care that the kids never knew and couldn't have discovered it 'cause of the high level encryption. They were implacable. Both of those kids found a resolution but not until after they each spent maybe a hundred thousand dollars on legal defense fees, incurred ruined lives and reputations.
So I advise all my clients to make it company policy to remove and physically destroy all hard disks every 6 months.
If a company has a policy that all data is to be destroyed on some schedule – and it is followed they can not be faulted in court Just so long as they had no knowledge of a litigation. If they have knowledge of a litigation they may find it wise to preserve data.
I advise my business clients to:
1.) Disallow computers from being used to communicate sensitive information. This is hard because most employees cant understand why a great many things should never be made digital and permanent. They just don't get it.
2.) Back up needed data and physically destroy hard disks replacing them every six months. Yup destroy them as in a shredder or fire. There is no known data erasure method that can prevent the police form recovering deleted and over written data. Nothing can do it. Nothing. Ya gotta destroy the disk in the drive.
Most larger companies have made all their desk top PCs dumb terminals again. Some don't allow hard drives at all (this is the best solution).
The reason I make that advice is simple. People misbehave.
Sometimes they don't know it.
Sometime they don't know how damming the material they are making digital - and permanent - can be.
Sometime the people who are misbehaving are not associated with that computer or company at all but, invaded it from outside.
Examples of what can go wrong run the gamut from employee e-mails talking about company business or fellow employees later being subpoenaed and used in a lawsuit -(whenI subpoena computer information I subpoena everything on the company computers having it imaged by a service – I get everything on every computer- period) - all the way to the far far end where some poor bastard logged onto a site (such as a Peer to Peer site that has interesting video or music or games) and ended up getting infected with a stealth-bot program that used the company computers to warehouse and transmit child porn ( yes it happens exactly like that). One particular company in PA had this happen. The horror is that the company is small and not publicly traded. This meant that the prosecutors went after the poor SOB who owned the company - even though he didn't use that computer. He is defending - right now- felony charges of trafficking in and possession of child porn.
Or the small business which uses shitty security and a radio router who gets hacked from the parking lot VIA laptop and used to do the same vile thing.
Once the police find evidence of kiddie porn it makes no difference whether you knew of it or even had the technical savvy to decrypt it and see it. It's like heroin - if it's on you, it's yours.
This happened to two kids that I know of, one in the S. West (tinyurl.com/yzvass) and another in PA. Kids on P-to-P networks got their boxes turned into stealth bots for child pornographers and the prosecutors were didn't care that the kids never knew and couldn't have discovered it 'cause of the high level encryption. They were implacable. Both of those kids found a resolution but not until after they each spent maybe a hundred thousand dollars on legal defense fees, incurred ruined lives and reputations.
So I advise all my clients to make it company policy to remove and physically destroy all hard disks every 6 months.
posted by:
|
Advertisement
Advertisement
-
Re: Legal Advice Freebie
Tue, March 11, 2008 - 11:09 PMInteresting piece of advice.
Maybe I am wrong, but isnt this a two way street? Dont you need to preserve data to cover your ass should you get sued? You can limit the risk from employees behaving badly, but how do you establish they acted properly unless you keep records for however long the statute of limitations is? -
-
Re: Legal Advice Freebie
Wed, March 12, 2008 - 7:10 AM**************Maybe I am wrong, but isnt this a two way street? Dont you need to preserve data to cover your ass should you get sued?*********
Quite so. However you can pick and choose what to save and what to dump so long as you do it in the sunshine.
***********You can limit the risk from employees behaving badly, but how do you establish they acted properly unless you keep records for however long the statute of limitations is?**********
Acted properly? There is a presumption at law that persons obey the law. The burden on any prosecution is to prove they didn't.
However, say for instance that Phillip Morris (PM) had a company policy of regularly destroying all information, memos, lab reports, etc., that failed to serve a business purpose.
And lets say that there was a lab report that showed that smoking helped with weight control and maybe another that suggested that people live longer when they smoke 2 packs a day. And out of all the research they did only those two reports are saved from destruction.
Then one day the law suites start to get filed.
What result?
I rather suspect that plaintiff's counsel would attempt to infer that they were cherry picking data to save and want to depose PM employees to learn about all the data they didn't save. I'd try tio use that to infer guilty knowledge. And if I found PM employees who knew the dirt I'd really hammer PM over the head in trial making them look as dirty as possible. But that's about it. There is no crime & no wrong, there are only the "dirty hands" and "guilty knowledge" inferences.
-
