Skip to main content
SpringerLink
Log in

Digital forensics and the DSAR effect

  • Article
  • Published:
ERA Forum Aims and scope

Abstract

The digital forensics field has seen much evolution over the last thirty years. Methods for data extraction and protocols for accuracy and admissibility are the cornerstones on which the field is based. Recently these protocols have been used for responses to data subject access requests (DSARs). The cost to an organisation of servicing DSARs can run into millions of Euro per year. Every organisation working with EU citizens is affected. Their far-reaching scope, cost and the penalties for non-compliance have stimulated the development of solutions addressing this regulatory requirement. This paper charts the evolution of the DSAR process and how improvements have in turn led to the advancement of the digital forensics field itself.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. European Union [1].

  2. Doctorow [2].

  3. Yates [3].

  4. Evans [4].

  5. Palmer [5].

  6. Kyei, Zavarsky, Lindskog, Ruhl et al. [6].

  7. EDRM [7].

  8. NUIX [8].

  9. X1 Discovery [9].

  10. X1 Discovery [10].

  11. Druva [11].

  12. Druva [12].

  13. HostingTribunal [13].

  14. Microsoft [14].

  15. Microsoft [15].

  16. Microsoft [16].

  17. Microsoft [17].

  18. Kahvedžić [18].

  19. MSAB [19].

  20. European Union [1].

  21. TextIQ [20], NAIX [21].

  22. Costello [22].

  23. California Legislative Information [23].

  24. IAPP [24].

  25. OneTrust [25].

References

  1. Eurpoean Union: General Data Protection Regulation (2016)

  2. Doctorow, C.: Gamers propose punishing Blizzard for its anti-Hong Kong partisanship by flooding it with GDPR requests (2019). [Online]. Available: https://boingboing.net/2019/10/08/ddos-gdpr.html

  3. Yates, M.: Subject Access Requests post GDPR – litigation torpedo or shot across the bows? (2018). [Online]. Available: https://globaldatahub.taylorwessing.com/article/subject-access-requests-post-gdpr-litigation-torpedo-or-shot-across-the-bows

  4. Evans, M.: UK Court of Appeal allows data subject access requests to be made in furtherance of litigation (2017). [Online]. Available: https://www.nortonrosefulbright.com/en-gb/knowledge/publications/8f893b33/uk-court-of-appeal-allows-data-subject-access-requests-to-be-made-in-furtherance-of-litigation

  5. Palmer, G.: A road map for digital forensic research. In: 1st Digital Forensic Research Workshop (DFRWS), pp. 27–30 (2001)

    Google Scholar 

  6. Kyei, K., Zavarsky, P., Lindskog, D., Ruhl, R.: A review and comparative study of digital forensic investigation models. In: Digital Forensics and Cyber Crime, pp. 314–327. Springer, Berlin (2013)

    Chapter  Google Scholar 

  7. EDRM.net: EDRM Model (2020). [Online]. Available: https://edrm.net/resources/frameworks-and-standards/edrm-model/

  8. NUIX: NUIX Enterprise COllection Center Fact Sheet (2020). [Online]. Available: https://www.nuix.com/sites/default/files/downloads/marketo/fact_sheet_nuix_enterprise_collection_center_web_us.pdf

  9. X1: X1 Distributed Discovery (2019). [Online]. Available: https://www.x1.com/wp-content/uploads/2019/01/x1-distributed-discovery-product-brief.pdf

  10. X1: PII and Data Health Check (2020). [Online]. Available: https://www.x1.com/wp-content/uploads/2020/03/PII-and-data-health-check.pdf

  11. Druva: Achieve instantaneous eDiscovery and forensic data collection via cloud backups (2020). [Online]. Available: https://content.druva.com/c/ar-ediscovery-data-collection-via-cloud-backups?x=b9ol2u&lx=8w0Pni

  12. Druva: The CISO’s guide for GDPR compliance (2020). [Online]. Available: https://content.druva.com/white-paper/wp-ciso-guide-gdpr-compliance?lx=vLtR00

  13. HostingTribunal: Cloud Adoption Statistics for 2020 (2020). [Online]. Available: https://hostingtribunal.com/blog/cloud-adoption-statistics

  14. Microsoft: Retirement of legacy eDiscovery tools (2020). [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement

  15. Microsoft: eDiscovery in Microsoft 365 (2020). [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery

  16. Microsoft: Limits in Advanced eDiscovery (2020). [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/compliance/limits-ediscovery20

  17. Microsoft: Microsoft acquires Equivio, provider of machine learning-powered compliance solutions (2015). [Online]. Available: https://blogs.microsoft.com/blog/2015/01/20/microsoft-acquires-equivio-provider-machine-learning-powered-compliance-solutions/

  18. Kahvedzic, D.: Cybercrime investigations of mobile phone devices and the cloud in the light of EU safe harbour rulings. In: Era Forum, pp. 355–367 (2016)

    Google Scholar 

  19. MSAB: MSAB response to ICO Report on MPE (2020). [Online]. Available: https://www.msab.com/wp-content/uploads/2020/07/MSAB_Response_to_ICO_Report.pdf

  20. TextIQ: Stop the panic: more clarity, less guesswork for data breach assessment (2020). [Online]. Available: https://www.textiq.com/blog/stop-the-panic-more-clarity-less-guesswork-for-data-breach-assessment

  21. NAIX: NAIX Solution (2020). [Online]. Available: https://naix.de/en/solution

  22. Costello, R.: Employee DSAR response post-pandemic: an E-discovery approach (2020). [Online]. Available: https://www.law.com/legaltechnews/2020/07/06/employee-dsar-response-post-pandemic-an-e-discovery-approach/

  23. California Legislative Information: California Consumer Privacy Act (CCPA) (2018). [Online]. Available: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5

  24. IAPP: Brazilian General Data Protection Law (2018). [Online]. Available: https://iapp.org/media/pdf/resource_center/Brazilian_General_Data_Protection_Law.pdf

  25. OneTrust: What are the differences between CCPA and GDPR and LGPD? (2020). [Online]. Available: https://www.onetrust.com/blog/what-are-the-differences-between-ccpa-and-gdpr-and-lgpd/

Download references

Author information

Authors and Affiliations

  1. ProSearch https://www.prosearch.com

    Damir Kahvedžić

Authors
  1. Damir Kahvedžić
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Damir Kahvedžić.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kahvedžić, D. Digital forensics and the DSAR effect. ERA Forum 22, 59–73 (2021). https://doi.org/10.1007/s12027-021-00651-z

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12027-021-00651-z

Keywords

Search

Navigation