Data Leak Investigation: Causes and Mitigation Strategies

The Impact of Data Leak Investigations on Reputation

Question

An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository.

The policy requires all business emails be automatically deleted after two years.

During an open records investigation, information was found on an employee's work computer concerning a conversation that occurred three years prior and proved damaging to the agency's reputation.

Which of the following MOST likely caused the data leak?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

Based on the scenario, the agency implemented a data retention policy that requires tagging data according to type before storing it in the data repository. All business emails are required to be automatically deleted after two years. However, during an open records investigation, information was found on an employee's work computer concerning a conversation that occurred three years prior, which proved damaging to the agency's reputation. The question asks which of the following is the most likely cause of the data leak.

Option A suggests that the employee manually changed the email client retention settings to prevent deletion of emails. However, this scenario is unlikely as the agency had implemented a policy of automatic deletion of emails after two years. Moreover, if the employee had manually changed the retention settings, all emails, including those that were not related to the investigation, would have been retained on the server.

Option B suggests that the file that contained the damaging information was mistagged and retained on the server for longer than it should have been. This scenario is a plausible cause of the data leak. If the file was mistagged or misclassified, it may have been retained on the server for longer than the retention policy allowed. In this case, the file would have been available for discovery during the open records investigation.

Option C suggests that the email was encrypted and an exception was put in place via the data classification application. This scenario is less likely as the agency's policy required automatic deletion of business emails after two years. If the email was encrypted and an exception was put in place, it would not have been available for discovery during the open records investigation.

Option D suggests that the employee saved a file on the computer's hard drive that contained archives of emails, which were more than two years old. This scenario is a possible cause of the data leak. If the employee had saved a file containing archives of emails, it would have been available for discovery during the open records investigation.

In conclusion, the most likely cause of the data leak is option B, the file that contained the damaging information was mistagged and retained on the server for longer than it should have been.