A Forensic Framework for Handling Information Privacy Incidents

  • Kamil Reddy
  • Hein Venter
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 306)


This paper presents a framework designed to assist enterprises in implementing a forensic readiness capability for information privacy incidents. In particular, the framework provides guidance for specifying high-level policies, business processes and organizational functions, and for determining the device-level forensic procedures, standards and processes required to handle information privacy incidents.


Forensic readiness capability information privacy incidents 


  1. 1.
    G. Antoniou, L. Sterling, S. Gritzalis and P. Udaya, Privacy and forensics investigation process: The ERPINA protocol, Computer Standards and Interfaces, vol. 30(4), pp. 229–236, 2008.CrossRefGoogle Scholar
  2. 2.
    H. Berghel, BRAP forensics, Communications of the ACM, vol. 51(6), pp. 15–20, 2008.CrossRefGoogle Scholar
  3. 3.
    H. Burkert, Privacy-enhancing technologies: Typology, critique, vision, in Technology and Privacy: The New Landscape, P. Agre and M. Rotenberg (Eds.), MIT Press, Cambridge, Massachusetts, pp. 125–142, 1997.Google Scholar
  4. 4.
    M. Caloyannides, Privacy Protection and Computer Forensics, Artech House, Norwood, Massachusetts, 2004.Google Scholar
  5. 5.
    Canadian Institute of Chartered Accountants, Generally Accepted Privacy Principles, Toronto, Canada ( /258/la_id/1.htm).Google Scholar
  6. 6.
    B. Carrier and E. Spafford, An event-based digital forensic investigation framework, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.Google Scholar
  7. 7.
    R. Clarke, Introduction to Dataveillance and Information Privacy and Definitions of Terms, Xamax Consultancy, Chapman, Australia (, 2006.Google Scholar
  8. 8.
    B. Endicott-Popovsky, D. Frincke and C. Taylor, A theoretical framework for organizational network forensic readiness, Journal of Computers, vol. 2(3), pp. 1–11, 2007.CrossRefGoogle Scholar
  9. 9.
    R. Gellman, Does privacy law work? in Technology and Privacy: The New Landscape, P. Agre and M. Rotenberg (Eds.), MIT Press, Cambridge, Massachusetts, pp. 193–218, 1997.Google Scholar
  10. 10.
    International Association of Privacy Professionals, IAPP Privacy Certification, York, Maine ( option=com_content&task=view&id=17&Itemid=80).Google Scholar
  11. 11.
    Y. Jordaan, South African Consumers’ Information Privacy Concerns: An Investigation in a Commercial Environment, Ph.D. Thesis, Department of Marketing and Communication Management, University of Pretoria, Pretoria, South Africa, 2003.Google Scholar
  12. 12.
    S. Lau, Good privacy practices and good corporate governance – Hong Kong experience, Proceedings of the Twenty-Third International Conference of Data Protection Commissioners, 2001.Google Scholar
  13. 13.
    V. Luoma, Computer forensics and electronic discovery: The new management challenge, Computers and Security, vol. 25(2), pp. 91–96, 2006.CrossRefGoogle Scholar
  14. 14.
    G. Mohay, Technical challenges and directions for digital forensics, Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 155–161, 2005.Google Scholar
  15. 15.
    M. Noblett, M. Pollitt and L. Presley, Recovering and examining computer forensic evidence, Forensic Science Communications, vol. 2(4), 2000.Google Scholar
  16. 16.
    A. Oliver-Lalana, Consent as a threat: A critical approach to privacy negotiation in e-commerce practices, Proceedings of the First International Conference on Trust and Privacy in Digital Business, pp. 110–119, 2004.CrossRefGoogle Scholar
  17. 17.
    Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Paris, France (,3343, en_2649_34255_1815186_1_1_1_1,00.html).Google Scholar
  18. 18.
    K. Reddy and H. Venter, Privacy Capability Maturity Models within telecommunications organizations, Proceedings of the Southern African Telecommunication Networks and Applications Conference, 2007.Google Scholar
  19. 19.
    R. Rowlingson, A ten step process for forensic readiness, International Journal of Digital Evidence, vol. 2(3), 2004.Google Scholar
  20. 20.
    South African Law Reform Commission, Privacy and Data Protection, Discussion Paper 109, Project 124, Pretoria, South Africa (, 2005.Google Scholar
  21. 21.
    C. Taylor, B. Endicott-Popovsky and D. Frincke, Specifying digital forensics: A forensics policy approach, Digital Investigation, vol. 4(S1), pp. 101–104, 2007.CrossRefGoogle Scholar
  22. 22.
    H. Wolf, The question of organizational forensic policy, Computer Fraud and Security, vol. 2004(6), pp. 13–14, 2004.CrossRefGoogle Scholar
  23. 23.
    A. Yasinsac and Y. Manzano, Policies to enhance computer and network forensics, Proceedings of the Second IEEE Workshop on Information Assurance and Security, pp. 289–295, 2001.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Kamil Reddy
  • Hein Venter

There are no affiliations available

Personalised recommendations