Abstract
The digital forensics field has seen much evolution over the last thirty years. Methods for data extraction and protocols for accuracy and admissibility are the cornerstones on which the field is based. Recently these protocols have been used for responses to data subject access requests (DSARs). The cost to an organisation of servicing DSARs can run into millions of Euro per year. Every organisation working with EU citizens is affected. Their far-reaching scope, cost and the penalties for non-compliance have stimulated the development of solutions addressing this regulatory requirement. This paper charts the evolution of the DSAR process and how improvements have in turn led to the advancement of the digital forensics field itself.
Similar content being viewed by others
Notes
European Union [1].
Doctorow [2].
Yates [3].
Evans [4].
Palmer [5].
Kyei, Zavarsky, Lindskog, Ruhl et al. [6].
EDRM [7].
NUIX [8].
X1 Discovery [9].
X1 Discovery [10].
Druva [11].
Druva [12].
HostingTribunal [13].
Microsoft [14].
Microsoft [15].
Microsoft [16].
Microsoft [17].
Kahvedžić [18].
MSAB [19].
European Union [1].
Costello [22].
California Legislative Information [23].
IAPP [24].
OneTrust [25].
References
Eurpoean Union: General Data Protection Regulation (2016)
Doctorow, C.: Gamers propose punishing Blizzard for its anti-Hong Kong partisanship by flooding it with GDPR requests (2019). [Online]. Available: https://boingboing.net/2019/10/08/ddos-gdpr.html
Yates, M.: Subject Access Requests post GDPR – litigation torpedo or shot across the bows? (2018). [Online]. Available: https://globaldatahub.taylorwessing.com/article/subject-access-requests-post-gdpr-litigation-torpedo-or-shot-across-the-bows
Evans, M.: UK Court of Appeal allows data subject access requests to be made in furtherance of litigation (2017). [Online]. Available: https://www.nortonrosefulbright.com/en-gb/knowledge/publications/8f893b33/uk-court-of-appeal-allows-data-subject-access-requests-to-be-made-in-furtherance-of-litigation
Palmer, G.: A road map for digital forensic research. In: 1st Digital Forensic Research Workshop (DFRWS), pp. 27–30 (2001)
Kyei, K., Zavarsky, P., Lindskog, D., Ruhl, R.: A review and comparative study of digital forensic investigation models. In: Digital Forensics and Cyber Crime, pp. 314–327. Springer, Berlin (2013)
EDRM.net: EDRM Model (2020). [Online]. Available: https://edrm.net/resources/frameworks-and-standards/edrm-model/
NUIX: NUIX Enterprise COllection Center Fact Sheet (2020). [Online]. Available: https://www.nuix.com/sites/default/files/downloads/marketo/fact_sheet_nuix_enterprise_collection_center_web_us.pdf
X1: X1 Distributed Discovery (2019). [Online]. Available: https://www.x1.com/wp-content/uploads/2019/01/x1-distributed-discovery-product-brief.pdf
X1: PII and Data Health Check (2020). [Online]. Available: https://www.x1.com/wp-content/uploads/2020/03/PII-and-data-health-check.pdf
Druva: Achieve instantaneous eDiscovery and forensic data collection via cloud backups (2020). [Online]. Available: https://content.druva.com/c/ar-ediscovery-data-collection-via-cloud-backups?x=b9ol2u&lx=8w0Pni
Druva: The CISO’s guide for GDPR compliance (2020). [Online]. Available: https://content.druva.com/white-paper/wp-ciso-guide-gdpr-compliance?lx=vLtR00
HostingTribunal: Cloud Adoption Statistics for 2020 (2020). [Online]. Available: https://hostingtribunal.com/blog/cloud-adoption-statistics
Microsoft: Retirement of legacy eDiscovery tools (2020). [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement
Microsoft: eDiscovery in Microsoft 365 (2020). [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery
Microsoft: Limits in Advanced eDiscovery (2020). [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/compliance/limits-ediscovery20
Microsoft: Microsoft acquires Equivio, provider of machine learning-powered compliance solutions (2015). [Online]. Available: https://blogs.microsoft.com/blog/2015/01/20/microsoft-acquires-equivio-provider-machine-learning-powered-compliance-solutions/
Kahvedzic, D.: Cybercrime investigations of mobile phone devices and the cloud in the light of EU safe harbour rulings. In: Era Forum, pp. 355–367 (2016)
MSAB: MSAB response to ICO Report on MPE (2020). [Online]. Available: https://www.msab.com/wp-content/uploads/2020/07/MSAB_Response_to_ICO_Report.pdf
TextIQ: Stop the panic: more clarity, less guesswork for data breach assessment (2020). [Online]. Available: https://www.textiq.com/blog/stop-the-panic-more-clarity-less-guesswork-for-data-breach-assessment
NAIX: NAIX Solution (2020). [Online]. Available: https://naix.de/en/solution
Costello, R.: Employee DSAR response post-pandemic: an E-discovery approach (2020). [Online]. Available: https://www.law.com/legaltechnews/2020/07/06/employee-dsar-response-post-pandemic-an-e-discovery-approach/
California Legislative Information: California Consumer Privacy Act (CCPA) (2018). [Online]. Available: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5
IAPP: Brazilian General Data Protection Law (2018). [Online]. Available: https://iapp.org/media/pdf/resource_center/Brazilian_General_Data_Protection_Law.pdf
OneTrust: What are the differences between CCPA and GDPR and LGPD? (2020). [Online]. Available: https://www.onetrust.com/blog/what-are-the-differences-between-ccpa-and-gdpr-and-lgpd/
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kahvedžić, D. Digital forensics and the DSAR effect. ERA Forum 22, 59–73 (2021). https://doi.org/10.1007/s12027-021-00651-z
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12027-021-00651-z