TX-MI- Collecting Computer Data in the U.S.: Pick the Wrong State and You Could Wind Up in Jail

7-29-2008 Texas / Michigan:

Texas and Michigan have created tough laws regarding computer forensics. John Tredennick explains the new rules these states have enacted.

Several months ago, I wrote a column about collecting data in the European Union. While most of it focused on the complicated rules that govern data collection over there, I was equally interested in the fact that if you broke one of their rules you could wind up in jail. I still have a picture in my mind of the hapless CIO who spent 6 months in a Finnish jail because he didn’t provide sufficient protection for individual privacy in his security policies.

I contrasted the severity of the EU provisions with discovery in the United States, which up until now was pretty much unregulated. Corporations could collect data from their networks without special requirements. Attorneys and legal assistants could collect data from any willing subject. Heck, just about anybody you could pull in off the street could lay hands on a computer and collect data from it, forensically or otherwise.

That may be about to change. Two states have recently enacted statutes that make it a crime for unlicensed individuals to engage in computer forensics. Texas passed a law that would give regulators the power to impose up to a year in jail and a $14,000 fine on people doing “computer investigations.” Michigan went a bit further. On May 28 th of this year, Governor Jennifer Granholm signed into law a bill that makes unlicensed computer forensics work in Michigan a felony punishable by up to a four-year prison term, damages of up to $25,000 and a criminal fine of up to $5,000.

Can you believe that? They say everything is big in Texas but when it comes to imposing penalties on computer forensics, Michigan now takes the cake. Crack open that computer case in Detroit or Duluth or even Ann Arbor and you better bring your toothbrush. You might be doing a stretch at the Standish Maximum Correctional Facility or maybe in Saginaw.

Let’s take a look at these two state laws and see what we can learn. Not surprisingly, both seem to be the product of heavy lobbying from the state PI bar. If this proves good for local business, you can expect other PI groups to start lobbying their legislatures as well. (You will find links to all of this information at the end of this column.) ..The Rest of the Story.. by John Tredennick