Open Source Intelligence (OSINT) gathering is an investigative process based on publicly available information. OSINT can be online or offline, but in today’s increasingly digital world, most OSINT activity involves gathering data in the online space.
There is a wide range of uses for OSINT, including by government, law enforcement agencies and private companies. This large gathering of intelligence has proven to be useful for many purposes. For example, Goldman Sachs use OSINT to identify risks, and international NGOs use information gathered from public sources and social media to discover more about criminal groups and protect their supply chains.
As technology becomes more sophisticated and the volume of data increases, more and more organisations are relying on OSINT as opposed to private information. However, just because the information is in the public domain, this does not mean it can be gathered, processed and used freely. Businesses must take care that they do not violate the privacy rights of data subjects and ensure they comply with the law around the gathering and processing of data.
OSINT is any information that is available publicly, but generally includes:
There is also what is termed ‘grey data’, which refers to data that is difficult to find. This may include unpublished reports, patents and certain business documents.
Almost all activities related to OSINT involve gathering, processing, storing or analysing personal data, which means they are subject to the General Data Protection Regulation (GDPR). GDPR restricts the processing of personal data, and as such, any organisation using OSINT must ensure that they comply with and fully understand the regulation.
The key GDPR principles relevant to businesses using OSINT are:
Social Media Intelligence (SOCMINT) is used interchangeably with OSINT, but there are some critical differences in how these intelligence collection methods are used and regulated.
The use of SOCMINT by private companies to make decisions about people’s lives is widespread. This includes matters such as whether they can get a loan, job or even rent a property.
SOCMINT uses both public and private information, which means it is often subject to stricter rules and regulation. On social media, data is only considered to be publicly available (OSINT) where it is accessible not only to a person’s contacts but to everyone without logging in to the platform, or where a person is logged in but is not a contact of the data subject (for example, not their ‘friend’ on Facebook). Attempts to access private social media intelligence must comply with the privacy law principles of legality, necessity and proportionality, otherwise, they may be in breach of the rights of the data subject.
If you gather personal information of customers or employees using OSINT or SOCMINT you are now under strict legal obligations about how you process that information, how you safeguard it from cyber-attack and how you control it.
We offer insight, support and guidance to businesses on all aspects of data protection law, including GDPR compliance issues. We can also advise on the processes you can put in place to minimise the fallout from hacking. Our lawyers specialise in providing advice to business clients. Unfortunately, we are unable to provide assistance to individuals on Data Protection.
"Shubha Nath is my go-to lawyer. She provided my department with commercial legal services for the best part of 10 years. She listens carefully to what the business requires, is clear in her explanation of complex legal agreements and frameworks and is incredibly fast at turning round documents. I was so impressed by her I've recommended her company Nath Solicitors to other businesses."Testimonial From Bernard McKeown
"Shubha, I'd just like to thank you for helping me to come to an amicable settlement with my former company co-directors so quickly and effectively. The advice and suggested approach certainly worked very well for me and I also felt a sense of safety and control being mentored through a very daunting process. You are brilliant at what you do and you helped me to cope with a very stressful situation. I would not hesitate to recommend you and Nath…Testimonial From Stephan Hepton
“I would like to thank and recommend Nath Solicitors and Shubha personally for all your professional advice and help. We have a variety of business interests from Medical and Dental to Analytics and Artificial Intelligence; I am extremely impressed how Shubha has been able to advise in all of these fields for a variety of unrelated projects. We have been particularly impressed with hard work, dedication, professional approach and personal touch. Dr Chetan.”Testimonial From Dr Chetan
I live in Saudi Arabia. Although thousands of kilometers separated us, I picked up the phone and talked to Shubha and I asked her to help me in what I believed was a fraud case. She answered gladly. She was smart, honest, and professional; she has been receiving my calls, letters and emails for more than one month did not seem to mind at what time I communicated with her and it was any time and she always responded quickly. Shubha…Dr Aldarwish ( International client)
We are pleased to note our satisfaction with the standard of service, offered to us by qualified and efficient team of Nath Solicitors. This is a Firm with high integrity and strong, traditional, values focusing on providing the utmost levels of customer satisfaction but don’t just take their word for it, take time to review their customer testimonials. Shubha Nath, who has been providing services to our company, has shown how passionate she is about her job and has delivered…MD of Security Company Dispute Resolution Testimonial
Client comment on company incorporation and advice on a shareholders agreement prepared by Shubha Nath. We felt well advised and Shubha protected our interests immaculately and we are truly very grateful to her for all her help in securing our interests. Director Food Company.Director of a Food Company