Law, Protocols and Standards
There is now a huge raft of legislation and directives that may be relevant to the investigation of a computer incident. The following list covers some of the main areas, but is certainly not exhaustive:
UK Domestic Law
Computer Misuse Act 1990
Data Protection Act 1998
Police and Criminal Evidence Act 1984
Human Rights Act 2000
Regulation of Investigatory Powers Act 2000
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 SI2000 #2699
Fraud Act 2006
Criminal Procedure Rules (Part 33)
Civil Procedure Rules (Part 35)
CPS Disclosure Manual – Annex K
A number of bodies have now published guidelines on the length of time that organisations should retain data following the conclusion of the case. This of course depends on the type of investigation, the subject matter, and instructions from the Client. In general, in criminal matters (unless otherwise instructed or agreed) we would seek to abide by the principles of the Memorandum of Understanding drawn up by and between ACPO and the Forensic Science Service.
Some other Protocols / Directives
Good Practice Guide for Computer-based Evidence (v.3) is available in pdf format for us to send to you free of charge - please see contact page for email address.
In respect of the two guides above, we fully acknowledge and remember the contribution of those from the police, industry and universities who originally conceived the idea of a guide and contributed to it without seeking financial reward.
BIP PD 0008/9 - Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically, and
ISO/IEC FDIS 13335 – Information Technology – Guidelines for the Management of IT Security
The passing of legislation (such as the Regulation of Investigatory Powers Act 2000) can make it possible for the government to subsequently implement Statutory Instruments, and therefore the law can update rapidly. If you have any doubt as to what your legal position may be, then it is strongly recommended that you take professional legal advice.