A Comparative Study on Data Protection Legislations and Government Standards to Implement Digital Forensic Readiness as Mandatory Requirement.
Data protection legislation Digital forensic investigation Digital forensic readiness Incident Response Minimum Security Standards
Many data breaches happened due to poor implementation or complete absence of security controls in private companies as well as in government organizations. Many countries work on improvement of security requirements and implementing them in their legislation. However, most of the security frameworks are reactive and do not address relevant threats. The existing research suggests Digital Forensic Readiness as proactive measures, but there is only one example of its implementation as a policy. Our work surveys the current state of data protection legislation in the selected countries and their initiatives for the implementation of Digital Forensic Readiness. Then we discuss if Digital Forensic Readiness as a mandatory requirement can improve data protection state in both public and private sectors, evaluating possible challenges. We contribute suggestions for the adoption of Digital Forensic Readiness as a mandatory requirement for private companies and government organizations.