22.1 Legal and Regulatory Requirements for ...

	In the United States, government regulations oblige companies to protect data from abuse, exposure, and unauthorized access.
	New legal obligations are implemented for firms to keep and store electronic records and to protect privacy.
	Firms that work in the healthcare industry will need to abide by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
	HIPAA identifies medical security, privacy rules, and procedures to make the administration of healthcare billing simple and to automate the transfer of healthcare data between healthcare providers, payers, and plans.
	Members of the healthcare industry are required to keep patient information for six years in addition to ensure the confidentiality of those records.
	Privacy, security, and electronic transaction standards are specified for healthcare providers to handle patient information, provide penalties for breaches of medical privacy, disclosure of patient records by e-mail, or unauthorized network access.
	Firms that work in providing financial services will need to comply with the Financial Modernization Act of 1999, known as Gramm-Leach-Bliley Act.

22.1 Legal and Regulatory Requirements for ...

	Financial institutions are required for applying this act to ensure the security and confidentiality of customer data.
	Firms must store data on a secure medium, and must enforce measures of special security to keep and protect data on storage media also during transmittal.
	If firms work in a publicly traded company, they will need to abide by the Public Company Accounting Reform and Investor Protection Act of 2002, which known as the Sarbanes-Oxley Act which designed to protect investors.
	By this act, companies became more responsible for protecting the accuracy and integrity of financial information wherever is used internally or externally.
	Sarbanes-Oxley is essentially acted to make sure that internal controls are in the location to administer the creation and documentation of information in financial statements.
	Because data is generated, stored, and transported by information systems, the legislation demands firms to consider security of information systems, and to ensure integrity, confidentiality, and accuracy of their data.
	System applications that deal with critical financial reporting data requires controls to ensure data accuracy. Controls for securing the corporate network prevent unauthorized access to systems and ensure the integrity and availability of data even in the event of any disaster or problem of service.
	Control, security, and management of electronic records have become important for legal action response.

22.1 Legal and Regulatory Requirements for ...

	Today, evidence for stock, fraud, embezzlement, company trade secrets theft, computer crime, and many civil cases is in form of digits.
	Legal cases today depends on evidence as digital data stored on portable floppy disks, CDs, hard disk drives, in addition to in e-mail, instant messages, and the transactions of e-commerce through the internet.
	E-mail considered as the most type of electronic evidence.
	In a legal action, a firm is forced to respond to request for accessing information which may be used as evidence by the law that requires company to produce those data.
	Financial and criminal penalties for improper destruction of electronic document are now imposed by courts.
	Electronic Documents, e-mail, and other records should be well organized, and accessible according to electronic document retention policy.
	This serves the awareness of how to preserve evidence for computer forensics. Computer forensic is a way that uses information as evidence in a court law.
	It is considered as the scientific collection, examination, and preservation of data whatever held on or retrieved from storage media.
	The following are the problems that computer forensic deal with:

22.1 Legal and Regulatory Requirements for ...

		Recovering data from computers while preserving evidential integrity
		Securely strong and handling recovered electronic data
		Finding significant information in a large volume of electronic data
		Presenting the information to a court of law

Electronic evidence that stored in a computer storage media may take the form of files and as ambient data which are not visible to the average user.

Deletion of data on computer storage media can be recovered through different techniques, and experts of computer forensics trying to recover such hidden data as evidence.