Dawn raid IT issues | Fieldfisher
Skip to main content
Publication

Dawn raid IT issues

John Cassels
05/04/2013

Locations

United Kingdom

The European Commission has recently published updated guidance on how it will conduct 'dawn raids', including some revisions in relation to IT searches.

The European Commission has recently published updated guidance on how it will conduct 'dawn raids', including some revisions in relation to IT searches. Therefore, we consider this week IT issues, including whether a 'blackberry' is safer than other smart and mobile phones.

During dawn raids, the European Commission has the power to examine and copy both hard copies of business records and electronic information.  Where the raid is authorised by a Commission decision, companies are legally obliged to submit and fines of up to 1% of total turnover and periodic penalty payments can be imposed for non-compliance.  Lawyers can be consulted during the raid, but inspectors can enter premises without waiting for the company's lawyers to arrive.

A non-exhaustive list of IT storage media that inspectors can search includes: laptops; desktops; tablets; mobile phones; CD ROMs; DVD; and USB keys.  This will include personal devices if they also contain business records.  Business executives should, therefore, be aware that they may have to hand over 'blackberry' and smartphone devices, provide passwords, and if necessary, manage their work schedule without the devices for a period.  'Blackberry' is not safer during a raid than any other smartphone.

For the purpose of the search, the inspectors can use any built-in keyword search tool but also its own forensic IT tools which enable it to recover deleted data.   Staff can be required to assist the inspectors, including blocking individual email accounts, disconnecting running computers from the network, removing and re-installing hard drives, and providing administrator access rights.  Two Czech energy companies were last year fined €2.5 million for obstructing an investigation: they failed fully to block email accounts to prevent tampering and incoming emails were diverted to accounts to which the Commission had not been given access.

Properly trained IT staff are, therefore, critical to any risk management and 'dawn raid' preparedness strategy.