This paper addresses key information security questions arising from a workplace case involving suspected source code theft. It examines the benefits of forensic readiness plans for private-sector organizations, the legal basis for employer searches of lockers and desks, employee privacy rights in public and private sectors, the role of law enforcement in incident response, and the conditions that determine the legality of workplace searches. The paper also covers chain of custody requirements for digital evidence. Drawing on employment law, e-discovery standards such as the Electronic Discovery Reference Model, and incident management principles, the paper provides a practical framework for handling digital evidence and security incidents in an organizational setting.
A forensic plan of readiness comes with several advantages. If a situation arises that forces a company to engage in litigation and digital evidence is required, e-discovery becomes of central importance. The laws and rules governing e-discovery — such as the Federal Rules of Civil Procedure or the UK's Practice Direction 31B — call for the fast presentation of electronic evidence in a forensically sound state (Sule). The Electronic Discovery Reference Model is recognized as the standard model for processing e-discovery and is compliant with the FRCP. Information management procedures require that electronic evidence be collected and stored appropriately, and that such evidence be readily available when needed. E-discovery information management procedures include incident response, data retention, and discovery of disaster and business continuity policies. All such procedures are governed by the forensic policy readiness plan.
Monitoring acceptable endpoint usage may uncover malware infiltration in a system and allow for tracing the sources of that malware. These steps help prevent future attacks of a similar nature. This is one example of how a potential incident can be prevented from evolving into an actual security incident that causes serious harm (Sule). Moreover, cyber threats of higher magnitude can be identified, their origins tracked, and their activity stopped. Examples include intellectual property theft, harassment, extortion, and fraud. Overall, information security is enhanced. The three main requirements for a private-sector business would be: identifying scenarios that would necessitate such a plan, defining the type of evidence required, and instituting the necessary legal measures to handle the situation.
Searching an employee's locker is appropriate in the right circumstances. Employers in the private sector have a right to inspect and search an employee's locker if there is an organizational policy that permits such action. Such a policy should inform employees of their limited expectation of privacy at the workplace and make clear that their lockers and desks may be searched for legitimate reasons (Johnson). In this case, Mr. Jenkins is concerned about the theft of source code for Product X, and McBride is a suspect.
In an ideal working arrangement, there would be no need to search an employee's locker or desk. However, most employers face an urgent need to keep the workplace free of drugs, alcohol, and potential theft by employees. Most employees believe they should be protected from intrusive privacy violations by employers. Courts have been confronted with this difficult tension and have sought to strike a balance that fulfills the interests of both parties (Workplace Searches — Workplace Fairness). Cases involving invasion of privacy at the workplace involve many facts and are judged on the individual merit of each case's evidence. Employees in the public sector expect a greater level of privacy protection as outlined in the U.S. Constitution.
Although privacy protection is embedded in the Constitution, nine states — including Florida, Hawaii, Illinois, Louisiana, Alaska, South Carolina, California, Montana, and Washington — have granted employees in the private sector similar protections at their workplaces. Most states do not explicitly outline the rules that employers must follow when conducting workplace searches (Workplace Searches — Workplace Fairness).
Employers are permitted by law to search an employee's clothing, locker, or desk to determine whether an employee has stolen company property. It is therefore expected that employees may be searched in a retail environment to prevent theft of business property. Courts have also recognized the legitimacy of searching an employee's locked cabinet or desk when proper authority to conduct such a search exists. It is therefore permissible to search a locked desk using a master key in pursuit of digital evidence.
"How police involvement changes incident response"
"Policy requirements that determine search legality"
"Documentation requirements for valid digital evidence"
You’re 52% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.