Classified data in investigations: how to improve your organization’s data security

Diseño Sin Título

In the digital age, many aspects of investigations have changed significantly. These changes have brought about many benefits for investigation teams but also myriad challenges that require new training and considerations.

One of the most critical changes is that investigators and analysts are now forced to consider their handling of information – particularly classified information – in different ways.

With the widespread use of both physical documents and digital data in investigations, the process of responsibly handling classified data is more complex than ever. It’s also arguably more important than ever, as leaked information can be shared around the world in an instant, making it impossible to control its proliferation once there has been a breach.

In this article, we look at some of the top considerations that can help investigation teams run more compliant and effective investigations when handling classified data.


What is classified information in an investigation?

In any investigation, some of the information being handled may be categorized as “classified”, although the precise criteria will vary from organization to organization.

While classified data can be a feature of any investigation, there are certain types of cases and situations where protecting the information is particularly important. For example, in law enforcement, legal cases, and financial investigations by banks involving large amounts of money.

Regardless of the type of investigation, information is usually deemed classified in order to guard people’s privacy and/or safety, to protect commercial interests, or when public knowledge of it could impact the outcomes of the investigation.


Common examples of classified data include:

  • Names, addresses, and other personally identifiable information of suspects
  • Personally identifiable information of victims
  • Details about undercover operations
  • Details of evidence in a criminal case
  • Military intelligence


Why is it important to handle classified information properly?

If information is classified, it means that there could be significant negative impacts if it were shared outside of a designated group of people.

For example, in a criminal investigation, if a suspect’s name and address were leaked then it could impact the outcomes of the investigation and even lead to the suspect being threatened or harmed. For non-criminal investigations, the sharing of classified data (such as trade secrets or customer details) may impact business interests or damage an organization's reputation.

In some cases, the sharing of classified information is prohibited by law, such as in government-led cases and investigations by law enforcement agencies. Violating the rules in these situations can carry severe legal penalties including fines and imprisonment.

In other cases – such as investigations run internally by private businesses – classified information may only be protected by company policy. In these cases, mishandling of classified information could result in disciplinary measures ranging from warnings to termination and even legal action.

Diseño Sin Título (1)

How to handle classified information in an investigation

While the exact procedures will vary from organization to organization and on a case-by-case basis, there are some key best practices that all investigative teams can follow to minimize risk. These include:

Information categorization

Assess all data and ensure that you properly categorize all information in terms of its sensitivity, with different, defined classifications for each level. This will make it easier to understand how, when, and by whom the data can be accessed and/or used.


Data protection protocols

Have defined protocols in place and follow them, with proper training, oversight, and accountability for all team members. Having a dedicated training session for all team members is a good way to ensure everyone is briefed on the proper procedures.


Physical security measures

If you have physical documentation or evidence, ensure that it is always secured physically when not being used (e.g., in a safe or locked cabinet) and monitor all access. Strictly abiding by simple rules like this on a team- or organization-wide scale can greatly reduce the chance of data leaks.


Digital security measures

All digitally stored data should be filed appropriately, and with password protection and good password management. For the most important information (such as that involved in criminal cases or government intelligence) isolated servers may be necessary, reducing the possibility of data being compromised by remote actors.


Share with care

Any kind of data sharing is a point of vulnerability, so all classified information should only be shared on a “need-to-know” basis. Equally, all sharing of classified information should be carefully monitored and recorded. Assigning each team member a clearance level that is appropriate for their role is a good way to standardize, control, and monitor sharing procedures as well as identify the causes of data breaches.


Specialized software can improve information security

Another way to handle classified data is to use specialized investigation software. The best software can reduce human error, simplify the sharing of classified data, and greatly improve reporting. 


Falkor is a dedicated investigation platform built to improve investigation workflows and simplify the way teams handle all data in an investigation.


Falkor includes several key features to facilitate secure collaboration within teams and with external stakeholders. In many investigations, human error and insecure sharing protocols can result in data leaks. Falkor removes this risk from the equation by allowing you to share information in a secure, controlled environment with customizable user permissions that are appropriate for their clearance levels.


Other benefits of Falkor include:

  • The ability to store all cases and case data in one place
  • Advanced visual link analysis
  • Automated link mapping
  • Simplified collaboration and sharing
  • More efficient workflows
  • Report generation tools


Summary: A new approach to handling classified data in investigations

Responsible handling of classified information is one of the most important parts of running investigations. Without proper measures in place and adequate training, entire investigations can be jeopardized, business interests can be damaged, and individuals can even come to harm.


By using specialized investigation platforms like Falkor, you can simplify the storage, organization, access, and sharing of classified data, helping you to standardize procedures and reduce risk.


More resources