Abstract
Companies can be affected by a variety of classic so-called “IT crimes.” They can become victims of hacking attacks, just as employees can use the company’s resources to commit their own crimes. The same applies to the digital distribution of incriminated content, such as child pornography, racist statements, or statements containing incitement to hatred. In the capital market criminal law, the infrastructure of companies can also be used to commit crimes. The same applies to the spying out of company secrets; here companies can be on the side of the perpetrator (employees) or the victim too. However, these and other manifestations are not exclusively restricted to a corporate context and specific to that extent.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
This obligation of secrecy is (newly) flanked by § 29 para. 3 BDSG. Within the scope of application of § 203 StGB, the supervisory authorities may not demand or arrange for the release of data. If they nevertheless gain access to appropriately protected data, the scope of application of § 203 StGB is automatically extended to the supervisory authority.
- 2.
A complete emergency management system is described on the website of the German Federal Office for Information Security (BSI) in the BSI Standard 100-4, available at https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/ITGrundschutzstandards/BSI-Standard_1004.html.
- 3.
See, for example, the research project “European Cloud Service Data Protection Certification (Auditor)” available at: http://auditor-cert.de und European Union Agency for Network and Information Security (ENISA), or the Recommendations on European Data Protection Certification, Version 1.0 November 2017, available at: https://www.enisa.europa.eu/publications/recommendations-on-european-data-protection-certification/at_download/fullReport.
- 4.
See, for example, the proposal for an EU Regulation “on ENISA, the ‘EU Cybersecurity Agency’, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (‘Cybersecurity Act’), COM(2017) 477 final/2 and also ENISA, Overview of the practices of ICT Certification Laboratories in Europe,” Version 1.1, January 2018, available at: https://www.enisa.europa.eu/publications/overview-of-the-practices-of-ict-certification-laboratories-in-europe/at_download/fullReport. See also the “Draft Opinion” of the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament (Rapporteur Jan Philipp Albrecht), 2017/0225(COD), available at http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-615.394+02+DOC+PDF+V0//EN.
- 5.
S. Bundesamt für Verfassungsschutz/Bundesamt für Sicherheit in der Informationstechnik/Bundesverband Allianz für Sicherheit in der Wirtschaft e.V., Wirtschaftsgrundschutz, module MA2 Bewerberprüfung, status July 2017, available at: https://www.wirtschaftsschutz.info/DE/Aktuelles/Wirtschaftsgrundschutz/Bausteine/Bewerberpruefung.pdf.
- 6.
Before using remote maintenance, check whether the remote maintenance software allows encrypted transmission, which encryption is used, etc. When using cloud platforms such as Dropbox, Google Drive, Microsoft OneDrive, etc., i.e., storing secrets on foreign servers, in addition to transport encryption, user- or group-based encryption at file level must also take place in the company of the secret carrier, because then the service can be provided without knowledge of secrets. The same obviously applies to Infrastructure as a Service (IaaS), where entire computers (servers) are rented, or Platform as a Service (PaaS), where the provider only provides a runtime environment within which users can run their own software. In the case of “Software as a Service” (SaaS), the service provider offers special software that runs on the provider’s resources and is made available to the user online, whereby the service provider also takes care of maintenance through updates and upgrades, such as with Microsoft Office 365 and with Google Docs, Sheets, Slides and Forms.
- 7.
Federal Statutory Order concerning the Legal Profession.
- 8.
Federal Statutory Order concerning the Notaryship.
- 9.
Federal Statutory Order concerning the Practice of Patent Attorneys.
- 10.
Federal Law concerning the Practice of Tax Accountants.
- 11.
Federal Statutory Order concerning the Practice of Public Auditors.
- 12.
S. Statement of the Hamburg Commissioner for Data Protection and Freedom of Information on the business number D42/2017/1114 of 8.1. 2018, available at https://www.datenschutzbeauftragter-info.de/wp-content/uploads/2018/02/schreiben-der-aufsichtsbehoerde.pdf and 8th Activity Report of the Saxon Commissioner for Data Protection, submitted as of 31.3.2017, p. 138.
- 13.
Page 4 of the BMJV’s draft bill for a law on the new regulation of the protection of secrets in the case of the participation of third parties in the professional practice of persons subject to professional secrecy, available at: https://www.bmjv.de/SharedDocs/Gesetzgebungsverfahren/Dokumente/RefE_Neuregelung_Schutzes_von_Geheimnissen_bei_Mitwirkung_Dritter_an_der_Berufsausuebung_schweigepflichtiger_Personen.pdf.
- 14.
Rowlingson (2014), p. 1: “A forensic investigation of digital evidence is commonly employed as a post event response to a serious information security incident. In fact, there are many circumstances where an organization may benefit from an ability to gather and preserve digital evidence before an incident occurs” (a.a.O.). Tan (Fn.1), S. 1 definiert wie folgt: “Forensic Readiness” has two objectives: “Maximalizing an environments ability to collect credible digital evidence; and 2. Minimalizing the costs of forensics in an incident response.”
- 15.
National Research Council (2009), p. 93 (m.w.n.)—“... that an expert’s testimony is reliable where the discipline itself lacks reliability (...).” In view of the rapidly developing fields of “digital forensics,” this is of importance not to be underestimated in terms of the admission of experts. If necessary, this may be a reason for an additional expert within the meaning of § 244 (4) StPO.
- 16.
Monroy (2017)—“Examples are the rapid use of radio cell queries or the sending of silent SMS as a standard measure in investigations.”
- 17.
Momsen and Bruckmann (2019), S. 20 ff.
- 18.
German Federal Constitutional Court (BVerfG), judgment of the First Senate, 15 December 1983, 1 BvR 209/83 and others—Census—BVerfGE 65, 1.
- 19.
BVerfG: Judgment of the First Senate of 15 December 1983 (1 BvR 209/83, marginal no. 146). Federal Constitutional Court. 14 December 1983.
- 20.
Article 8—Right to respect for private and family life.
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
- 21.
BVerfG, Order of the First Senate of 4 April 2006, 1 BvR 518/02—dragnet investigation—BVerfGE 115, 320. BVerfG, Judgment of the First Senate of 27 February 2008, 1 BvR 370/07 and others—Online search/computer fundamental right—BVerfGE 120, 274.
- 22.
- 23.
Kleinberg et al. (2016).
- 24.
Angwin and Larson (2016).
- 25.
Momsen and Weichert (2018).
References
Angwin J, Larson J (2016) Bias in criminal risk scores is mathematically inevitable. Researchers Say, ProPublica, 30 December 2016. https://www.propublica.org/article/bias-in-criminal-risk-scores-is-mathematically-inevitable-researchers-say
Barabas C (2019) Beyond bias: re-imagining the terms of ethical AI in criminal law, pp 2–3. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3377921
Berk R (2019) Machine learning risk assessments in criminal justice settings, pp 116 ff.
Bock D (2011) Criminal compliance, 1st edn. Baden-Baden
Casey E (2002) Error, uncertainty, and loss in digital evidence. Int J Digital Evid 1(2):2 ff.
Chaski C (2005) Who’s at the keyboard? - Authorship attribution in digital evidence investigations. Int J Digital Evid 4(1):1 ff.
Degen A (2016) § 66. In: Heussen/Hamm (eds) Beck’sches Rechtsanwalts-Handbuch, 11th edn. Munich
Dix A (2014) § 1. In: Simitis (ed) Federal Data Protection Act, 8th edn. Munich
Eisele J (2013) Computer and media criminal law. Munich
Eisele J, Lenckner T (2014) § 203. In: Schönke/Schröder (eds) StGB, 29th edn. Munich
Elliott DS (1995) Lies, damn lies, and arrest statistics. Center for the Study and Prevention of Violence, Boulder
Endicott-Popovsky B, Frincke D (2007) In: Schmorrow/Reeves (hrsg.) Augmented cognition, HCII 2007, S. 364 ff., Berlin
Eschelbach G (2017) § 100a. In: Satzger/Schluckebier/Widmaier (eds) Code of Criminal Procedure: StPO with GVG and EMRK, Commentary, 3rd edn. Cologne
Gercke M (2012) The omitted step from computer to internet criminal law. AnwBl, 709 ff.
Germann M, Voigt P (2017) IT security - not an issue only for operators of critical infrastructures. CR, 93 ff.
Geschonneck A (2004) Computer forensics, 1st edn, Heidelberg
Graf J-P (2018) § 100b. In: Count (ed) BeckOK-StPO, 31st edn
Großkopf L, Momsen C (2018) Outsourcing of professional secrets - criminal obligation to comply? CCZ, 98 ff.
Haft F (1987) The Second Act to Combat Economic Crime (2. WiKG) - Part 2: Computer Crimes, NStZ 6 ff.
Härting N (2005) IT-Security in the Law Firm - The Attorney’s Secrecy in the Age of Information Technology. NJW, 1248 ff.
Haß G (1993) In: Lehmann (ed) Legal protection and exploitation of computer programs, 2nd edn. Cologne
Heger M (2018) § 202a. In: Lackner/Kühl (eds) StGB, 29th edn. Munich
Hilgendorf E (2015) In: Doctor/Weber/Heinrich/Hilgendorf (eds) Criminal law special part, 3rd edn. Bielefeld
Jahn M, Palm J (2011) Outsourcing in the law firm: breach of private secrets? The criminal and professional law assessment of a “lawyer’s secretariat” outside the law firm. AnwBl, 613 ff.
Jessen E (2014) Access authorization and special security as defined by § 202 a StGB. Frankfurt
Kleinberg J, Mullainathan S, Raghavan M (2016) Inherent trade-offs in the fair determination of risk scores. Cornell University. https://arxiv.org/pdf/1609.05807.pdf
Koch FA (2014) Legal and ethical encryption requirements? Using the example of the legal profession. DuD, 691 ff.
Lenckner T, Winkelbauer W (1986) Computer crime - possibilities and limits of the 2nd WiKG (I), (II), (III). CR, 483 ff., 654 ff., 824 ff.
Marshall AM (2008) Digital forensics - digital evidence in criminal investigation
Meier B-D (2012) Sicherheit im Internet. Neue Herausforderungen für Kriminologie und Kriminalpolitik, MschrKrim, S. 184–204
Meyer-Goßner L (2018) § 244. In: Meyer-Goßner/Schmitt (eds) Code of Criminal Procedure: StPO, 61st edn. Munich
Michaelis P (2016) Cybersecurity: technical requirements of the “measure” according to Section 13 (7) TMG - challenge “state of the art.” ITRB, 118 ff.
Momsen C (2015) Internal investigations from a criminal law perspective. In: Rotsch (ed) Criminal compliance. Baden-Baden, pp 1234 ff.
Momsen C (2021a) Digital evidence and criminal defense – how international standards apply in German criminal proceedings. John Jay College of Criminal Justice, The Center for International Human Rights, CIHR-Publications, New York
Momsen C (2021b) Implications and limitations of the use of AI in criminal justice in Germany. John Jay College of Criminal Justice, The Center for International Human Rights, CIHR-Publications, New York
Momsen C, Bruckmann P (2019) Soziale Netzwerke als Ort der Kriminalität und Ort von Ermittlungen - Wie wirken sich Online-Durchsuchung und Quellen-TKÜ auf die Nutzung sozialer Netzwerke aus? KriPoZ, pp 20 ff.
Momsen C, Grützner T (2017) Legal regulation of internal company investigations - gain in the rule of law or unnecessary complication? CCZ, 242 ff.
Momsen C, Hercher N (2014) Digital evidence in criminal proceedings Suitability, extraction, exploitation, revisibility. In: The acceptance of the rule of law in the judiciary, Volume of Material for the 37th Defense Attorney Day, Freiburg 2013, pp 173 ff.
Momsen C, Rennert C (2020) Big data-based predictive policing and the changing nature of criminal justice – consequences of the extended use of big data, algorithms and AI in the area of criminal law enforcement. In: KriPoZ, pp 160–172
Momsen C, Savic L (2017) Explanation of several terms in the fields of digital forensics, digital evidence, cybercrime and cyberinvestigations. In: Grützner/Jakob (eds) Compliance and governance from A-Z, 2nd edn. Vienna
Momsen C, Savic L (2018) § 32. In: von Heintschel-Heinegg (ed) Beck-OK/StGB, 40th edn
Momsen C, Tween D (2015) Criminal compliance in the USA. In: Rotsch (ed) Criminal compliance. Baden-Baden, pp 1027 ff.
Momsen C, Washington SL (2019) Wahrnehmungsverzerrungen im Strafprozess - die Beweisprüfung im Zwischenverfahren der StPO und US-amerikanische Alternativen (Perception bias in criminal proceedings - the examination of evidence in interim proceedings in the German Code of criminal procedure and US-American alternatives). In: Goeckenjan/Puschke/Singelnstein (eds) Festschrift für Ulrich Eisenberg, Berlin, pp 453 ff.
Momsen C, Weichert T (2018) From DNA tracing to DNA phenotyping – open legal issues and risks in the new Bavarian Police Task Act (PAG) and beyond, Verfassungsblog, 2018. https://verfassungsblog.de/from-dna-tracing-to-dna-phenotyping-open-legal-issues-and-risks-in-the-new-bavarian-police-task-act-pag-and-beyond/
Momsen C, Rennert C, Willumat M (2020) Security, populism, human rights and the underestimated role of AI and big data – a review of “security and human rights”. In: Goold BJ, Lazarus L (eds) KriPoZ, 2nd edn, pp 183–189
Monroy M (2017) Soziale Kontrolle per Software: Zur Kritik an der vorhersagenden Polizeiarbeit, Cilip, Oktober, 2017. https://www.cilip.de/2017/10/11/soziale-kontrolle-per-software-zur-kritik-an-der-vorhersagenden-polizeiarbeit/
National Research Council (2009) Strengthening forensic science in the United States: a path forward, pp 90 ff.
O’Neil C (2018) Weapons of math destruction – how big data increases inequality and threatens democracy, pp 102–104
Roggan F (2017) Die strafprozessuale Quellen-TKÜ und Online-Searchung: Electronic surveillance measures with risks for the accused and the general public. StV, 821 ff.
Rosenau H (2018) Before §§ 32 ff. In: Satzger/Schluckebier/Widmaier (eds) Criminal Code, 4th edn. Cologne
Rotsch T (2013) In: Rotsch T (ed) Criminal compliance before the tasks of the future. Cologne, pp 3 ff.
Rowlingson T (2014) Digital evidence. Fed Evid Rev, 1 ff.
Roxin C (2006) Criminal law general part, vol 1, 4th edn. Munich
Rudolph C (2013) Forensic readiness in: acceptance of the rule of law in the judiciary, 2013, material tape for the 37th Criminal Defense Attorney Day, Freiburg
Ryan DJ, Shpantzer G (2008). Legal aspects of digital forensics, abrufbar unter: http://euro.ecom.cmu.edu/program/law/08-732/Evidence/RyanShpantzer.pdf
Sassenberg T (2006) Dealing with IT in the law firm. AnwBl., 196 ff.
Sättele A (2017) § 244. In: Satzger/Schluckebier/Widmaier (eds) Code of Criminal Procedure: StPO with GVG and EMRK, 3rd edn. Cologne
Schiemann A (2017) More effective and practical design of criminal proceedings? What is left of the major reform of the StPO. KriPoZ, 338 ff.
Schmölzer G (2011) Criminal offences on the Internet: a substantive consideration. ZStW, 709 ff.
Schreibauer M, Hessel T (2007) The 41st Criminal Law Amendment Act to combat computer crime. K&R, 616 ff.
Schulze-Heiming I (1995) The criminal law protection of computer data against the forms of attack of espionage. Sabotage and Time Theft, Münster
Schumann K (2007) The 41st StrÄndG on combating computer crime. NStZ, 675 ff.
Soiné M (2018). The criminal procedural online search. NStZ, 497 ff.
von Lewinski K (2004) Attorney-client confidentiality and e-mail. BRAK-Mitteilungen 1:12
Wassermann R (1996) Insert II, recital 10 ff. In: Wassermann (ed) StPO Commentary on the Code of Criminal Procedure, vol 1. Munich
Završnik A (2018) Big data, crime and social control. Routledge Frontiers of Criminal Justice
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Momsen, C. (2022). Relevance of Data Security and Data Protection in Companies from the Perspective of Criminal Law. In: Frenz, W. (eds) Handbook Industry 4.0. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64448-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-662-64448-5_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-64447-8
Online ISBN: 978-3-662-64448-5
eBook Packages: Law and CriminologyLaw and Criminology (R0)