Open Source Intelligence (OSINT) gathering is an investigative process based on publicly available information. OSINT can be online or offline, but in today’s increasingly digital world, most OSINT activity involves gathering data in the online space.
There is a wide range of uses for OSINT, including by government, law enforcement agencies and private companies. This large gathering of intelligence has proven to be useful for many purposes. For example, Goldman Sachs use OSINT to identify risks, and international NGOs use information gathered from public sources and social media to discover more about criminal groups and protect their supply chains.
As technology becomes more sophisticated and the volume of data increases, more and more organisations are relying on OSINT as opposed to private information. However, just because the information is in the public domain, this does not mean it can be gathered, processed and used freely. Businesses must take care that they do not violate the privacy rights of data subjects and ensure they comply with the law around the gathering and processing of data.
If you need advice, get in touch with our privacy solicitors in London today on 0203 983 8278 or by completing our online contact form.
What constitutes Open Source Intelligence?
OSINT is any information that is available publicly, but generally includes:
- Anything published on the Internet, including online databases, social media, blogs and forums
- Traditional mass media, such as television, radio, newspapers or magazines
- Government information, such as budgets, public hearings, court cases, public reports and records
- Corporate data publicly available, such as information on Companies House, corporate databases and any financial statements
- Specialised journals
- Conferences and seminars
- Academic articles, journals, theses and dissertations
- Think tank studies
- Photographs
- Geospatial information, such as maps
There is also what is termed ‘grey data’, which refers to data that is difficult to find. This may include unpublished reports, patents and certain business documents.
Open Source Intelligence, GDPR, and Privacy Rights
Almost all activities related to OSINT involve gathering, processing, storing or analysing personal data, which means they are subject to the General Data Protection Regulation (GDPR). GDPR restricts the processing of personal data, and as such, any organisation using OSINT must ensure that they comply with and fully understand the regulation.
The key GDPR principles relevant to businesses using OSINT are:
- You must understand when you are the data controller or data processor
- You must have a legal basis for processing personal data
- You must apply certain principles in the processing of personal data
- You must understand and respect specific privacy and data protection rights held by data subjects
If you need advice on OSINT or GDPR, get in touch with our data protection solicitors in London today on 0203 983 8278 or by completing our online contact form.
Social Media Intelligence (SCOMINT) and Social Media Monitoring
Social Media Intelligence (SOCMINT) is used interchangeably with OSINT, but there are some critical differences in how these intelligence collection methods are used and regulated.
The use of SOCMINT by private companies to make decisions about people’s lives is widespread. This includes matters such as whether they can get a loan, job or even rent a property.
SOCMINT uses both public and private information, which means it is often subject to stricter rules and regulation. On social media, data is only considered to be publicly available (OSINT) where it is accessible not only to a person’s contacts but to everyone without logging in to the platform, or where a person is logged in but is not a contact of the data subject (for example, not their ‘friend’ on Facebook). Attempts to access private social media intelligence must comply with the privacy law principles of legality, necessity and proportionality, otherwise, they may be in breach of the rights of the data subject.
If you gather personal information of customers or employees using OSINT or SOCMINT you are now under strict legal obligations about how you process that information, how you safeguard it from cyber-attack and how you control it.
We offer insight, support and guidance to businesses on all aspects of data protection law, including GDPR compliance issues. We can also advise on the processes you can put in place to minimise the fallout from hacking. Our lawyers specialise in providing advice to business clients. Unfortunately, we are unable to provide assistance to individuals on Data Protection.
Contact our Privacy & Data Protection Solicitors London
To discuss your business needs, contact us today by calling 0203 983 8278 or complete our online enquiry form, and we will get back to you right away.
