Triangular chairs with a gleam of sun rays shining through.
  1. Home >
  2. Perspectives >
  3. Financial Services - Regulatory & Risk >
  4. Dawn raids: regulatory inspections of your IT equipment and storage media

SHARE:

Subscribe

Dawn raids: regulatory inspections of your IT equipment and storage media

08 April 2013

The European Commission has recently affirmed its current practices for searching IT equipment and storage media during a 'dawn raid' inspection of business premises where it suspects a breach of EU competition law.

The Office of Fair Trading also has similar dawn raid powers where it suspects a breach of UK competition law.

Searching a company's 'IT environment'

In a revised explanatory note, the Commission clarifies that its inspectors can search a company's 'IT environment and storage media', including:

  • Laptops
  • Desktops
  • Tablets (e.g. iPads)
  • Mobile phones (e.g. blackberries and smartphones)
  • CD-ROMs
  • DVDs
  • USB-keys

While this is already the Commission's practice, the note also provides a helpful summary of what the Commission currently believes is the extent of its dawn raid powers in relation to such IT searches.

Forensic IT examinations of data recovered

During an on-site inspection, the Commission's inspectors are entitled to:

  • examine any books or records related to the business, regardless of the medium on which they are stored, i.e. including examining electronic information; and
  • take or obtain in any form copies of or extracts from such books or business records, i.e. including taking electronic or paper copies of electronic information.

In practice, the Commission considers that this means its inspectors may use the Commission's own external forensic IT tools (dedicated hardware and/or software) to copy, search and recover data from the devices searched.  They may also use a built-in keyword search tool if there is one.

Moreover, the Commission may retain the examined storage media until the end of the inspection; alternatively, the inspectors may return the storage media earlier having made a fully-searchable, forensic copy of relevant data on it.

In addition, employees of the company may be required to assist the inspectors by temporarily blocking individual email accounts, temporarily disconnecting computers from the network, removing and re-installing hard drives and providing 'administrator access rights'.

Any attempt by the company to inhibit or obstruct the Commission in relation to their search of electronic documents can lead to substantial fines. Last year, two Czech companies were fined €2.5m for diverting incoming emails to an unknown server and for accessing email accounts which the Commission had requested were blocked.

Dealing with a Dawn Raid – RPC's Top 5 Tips

If your company is subject to a dawn raid inspection by the European Commission or the OFT:

  1. Do not refuse entry – be polite and professional.  Ask to see ID cards and the investigation mandate/authorisations.  Make sure the names on the ID cards match those in the authorisation and take three copies of each.
  2. Call your internal and external lawyers immediately, tell them how many inspectors are present and send them scanned copies of The authorisation documents and ID cards. The inspectors will usually wait a short while until some legal representatives are present.  If in-house lawyers are on site, they will expect to see them immediately.  If the inspectors insist on starting the search, do not obstruct them, but inform senior management and the head of legal immediately.
  3. Obtain consent from the inspectors to inform staff that an inspection is taking place, that it must remain confidential and that they should cooperate.  Make sure there is at least one senior staff member or lawyer – internal or external – shadowing each inspector, and that note-takers keep a verbatim record of everything that occurs.  This should include a record of all documents and IT hardware/storage media the inspectors review, copy and/or remove (and where they are taken from), as well as any key search terms used and where these were run.  Try to retain responsibility for any copying.   If not possible, supervise the process and ensure that 3 copies are taken of all documents requested by the inspectors, together with exact images of any electronic copies taken.
  4. Cooperate with the inspectors' demands, but do not answer questions that go beyond the scope of the investigation mandate. If in doubt, obtain legal advice before answering. Do not delete, destroy, remove or alter any documents or emails. Resist disclosing documents which are protected by legal privilege or go beyond the parameters of the inspection mandate – if in doubt, or if there is genuine disagreement, ask for the document to be set aside in a sealed envelope for subsequent review by lawyers.
  5. Do not discuss the investigation with any competitors or third parties. Monitor the websites of your competitors to check for any public announcements. Brief your press department to prepare a low-key press release, if necessary, confirming that an investigation is underway – ideally reactive. If your company is listed, an announcement may need to be made to the relevant stock exchange – legal advice should be taken before making any announcement.