Privacy and Digital Investigations Essay Example | Topics and Well Written Essays - 1250 words

Privacy and Digital Investigations - Essay Example Therefore, upon the detection of suspicious computer incidents, the organization immediately launches a forensics/digital investigation which is fully compliant with a policy which has been jointly drawn up by both the legal and the IT departments. This report will begin with a brief overview of privacy considerations, following which it will describe the organization's policy and highlight both its strengths and weaknesses. According to federal employment laws, employees have a reasonable expectation of privacy. Aftab (2006) notes that the Electronic Communications Privacy Act of 1986 explicitly prohibits employer monitoring of employee private electronic communications, even if the medium of communication was owned by the employer, occurred in the workplace and on the employer's own time. Employees should reasonably expect that the electronic equipment assigned to their use, whether computers or telephones, are not going to be used for the purposes of monitoring their activities and private communiqus. At the same time, Aftab (2006) notes that it has become increasingly important for employers to monitor employee use of these equipments, especially in instances of investigation. Therefore, to overcome the strictures placed on employers by the Electronic Communications Privacy Act, organizations typically have employees sign an organization-specific Electronic and Communication Equipment policy. This p olicy, according to Merkow and Breithaupt (2002) and Aftab (2006), clearly specifies that that the employee has the right to review all documents and materials which were created, sent or received via corporate equipment and, indeed, to subject the equipment to forensic investigations which would expose employee use of the equipment. In other words, employees are often required to legally waive their legal right to privacy. According to our Legal Director, our organization has such a policy in place and all employees are required to sign it. 2.2 Patient Privacy Patient privacy is protected by federal legislature. The Health Insurance Portability and Accountability Act (HIPAA) of 1996, clearly outlines the inviolability of patient confidentiality. Jacobs (2005) explains that it is contingent upon companies in the healthcare sector to ensure that patient data is protected against unauthorised access and, of course, public dissemination. If violations occur and investigations reveal that the organization did not do all that was possible to securitize patient data, it could be held liable for negligence and subsequently sued by patients. Therefore, the priority for ant healthcare organisation should be the securitization of patient data (Jacob, 2005). 3 Investigation Policy The organization's investigation policy, as explained by the Legal Department Director is simultaneously informed and enabled by the privacy considerations outlined in the above. Investigation policy is driven by the objective of identifying ant possible violations of patient privacy and the identity of the violator and the forensics investigations which are integral to the fulfilment of the stated objectives are enabled by employee waiver of their right