What is Chain of Custody?

chain of custody

Want to know how much failing to protect data can cost your company?

Try $60 million.

That’s how much a major bank recently agreed to pay out after improperly disposing of old equipment.

In the wake of the disclosure and subsequent fine, the bank also faced multiple class-action lawsuits. However, the bank has placed responsibility for the breach on an unnamed vendor.

And, according to one report, they’re now considering taking “appropriate legal action” against the contractor allegedly responsible.

Data breaches are a serious issue with costly consequences. Asset protection and evidence-gathering are essential in preventing problems from occurring in the first place — and holding the guilty parties responsible if one does.

Chain of custody evidence is central to successful IT asset disposition (ITAD) and data breach prevention. The bank’s approach to chain of custody impacted its ability to prevent problems when disposing of old equipment. How they handled the chain of custody will also determine whether they can hold an outside contractor accountable for the breach.

Anyone who’s gone through a legal proceeding (or watched even a single episode of Law and Order) knows how important evidence is in proving your case. That’s why following the chain of custody is vital to your defense if an incident occurs.

So what is a chain of custody, and why is it so important? Let’s jump in.

What is Chain of Custody?

Chain of custody refers to the process of tracking and managing evidence. This includes documenting when it was collected, where it was transferred, and who handled it.

Properly following chain of custody procedures prevents the validity of a piece of evidence from being called into question. For example, demonstrating that a vendor and not an employee was responsible for misplacing a piece of equipment.

The Chain of Custody Process

Understanding the chain of custody process is critical to the protection of your company’s assets. Even more important, however, is your team’s commitment to ensuring each step is followed properly.

Make sure your IT asset management team adheres to these 4 steps when establishing chain of custody:

1. Evidence Collection

The chain of custody begins with evidence collection. This includes identifying and recording relevant information and verifying it with the appropriate sources.

Relevant evidence may include:

  • IT asset inventories
  • Vendor receiving reports
  • Vendor disposition reports
  • Data erasure reports
  • Computer data files
  • Computer log files
  • Encryption records
  • Emails
  • Text messages
  • Audio and video recordings
  • Physical evidence, including:
    • IT assets and related computer equipment
    • IT components, hard drives, and media
    • Photographs of equipment
    • Driver bills-of-lading
    • Driver sign-off sheets

When compiling evidence, it’s also important to consider the following:

  • Source of the evidence
  • Integrity of the evidence
  • The time you discovered and obtained the evidence
  • Location of evidence
  • The state of the evidence

Remember, collecting digital evidence can be tricky. Complications can arise if evidence ends up being deleted or removed. Putting an authentication process in place helps alert you to any alterations and ensures you can trust the information you’ve collected.

Limiting the number of people who can access this data is also crucial. This will help safeguard each piece of evidence from being corrupted during handling.

2. Examination of Relevant Information

Collecting each piece of data is only the first step. Next, you’ll have to determine which evidence is essential to your case.

Unfortunately, that can sometimes feel like finding a needle in a haystack.

Carefully comb through the results of your investigation and examine each piece of evidence individually. While each piece of evidence is inherently valuable, you’ll want to identify and isolate only those which are specifically related to your case.

3. Evaluation of Data

Once you’ve assembled the most pertinent information, you’ll need to evaluate and analyze what this data truly shows you.

For instance, only a careful, objective examination of inventory tracking data can confirm custody or reveal potential liability. That’s why management must be non-credulous when it comes to ITAD chain of custody reporting.

Rigorously assessing each piece of evidence ensures its ability to hold up in court. If a lawyer calls this information into question, you’ll be able to effectively defend its legitimacy.

4. Reporting and Documentation

So, what do you do once every piece of the puzzle has been laid out and connected?

You report it and document what you’ve found.

When you’re recording what you’ve discovered, make sure to go through the chain of custody process and outline the steps you’ve taken to follow the necessary procedures.

Remember, without dual control and independent third-party verification, management may receive heavily distorted information — if any.

Conflict-of-Interest in Chain of Custody

Vendors cannot provide a valid chain of custody on their own because it raises questions regarding conflict-of-interest. Data security laws mandate that organizations implement dual control measures, also referred to as proper separation-of-duties.

To prevent breaches from occurring, and from harming your company should one occur, you’ll need an independent third-party verification (TPV) to prevent the credibility of your evidence from being questioned.

What Happens If You Break the Chain of Custody Process?

If you break the chain of custody process, the ramifications in court can be quite serious.

As a claimant, it can result in the defendant requesting that the court not consider any of your evidence as valid. Inadmissible evidence renders your efforts useless and will likely result in an unfavorable outcome for your company.

If you are the defendant, you may find yourself without a legal leg to stand on. Evidence, or lack thereof, means exposure.

When you introduce evidence to the court, you must justify how you came across each piece. This is why documenting the entire chain of custody process is critical. It demonstrates that you adhered to formal collection protocol and that your evidence can be trusted.

Protecting Yourself Against Data Breaches

The chain of custody process isn’t just there to protect your company should an incident occur. It’s also there to help prevent them from ever happening.

Chain of custody helps prevent data breaches by empowering your team to closely monitor the transfer and disposal of valuable information. It also shields your company from financial harm caused by a data breach by allowing you to prosecute the responsible party.

However, obeying the chain of custody process won’t make you bulletproof. Additional methods of prevention and detection, like third-party verification, are key to preventing potential breaches.

Deterrence is Still Vital

When it comes to protecting yourself against ITAD-related incidents, an ounce of prevention is worth a pound of cure. The best weapon in your fight against a potential breach is taking steps to ensure it never happens at all.

Adequate safeguards require more than chain of custody protocols. Consider taking practical precautions such as encrypting data, destroying data before a move, maintaining third-party verification, and labeling equipment with disposal tags to deter theft and ensure unbroken chain of custody.

That’s where Retire-IT comes in.

Retire-IT provides vendor-neutral solutions that can help you with the challenges of IT Asset Disposition, including disposal tag tracking and TPV. Contact us today to learn more.