E-records and the law John D. Gregory Policy Division Ministry of the Attorney General May 14, 2007.

Slides:

Advertisements

Similar presentations

Health Records Management Practitioner

Advertisements

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Overview of OTP Records Independent Panel of Experts Briefing Notes Friday 5 October 2007 Ayodeji Fadugba Chief, Information and Evidence Support Section.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.

IMPLEMENTING AN ELECTRONIC RECORDS MANAGEMENT PROGRAM Philip C. Bantin Indiana University Archivist IU Electronic Records Program Website:

DIGITAL EVIDENCE María del Pilar Jácome August 2012.

Records Management What to Keep and What to Toss.

SITS:Vision Annual the Hilton Deansgate Hotel, Manchester Gary Williams – Business Development Director Electronic Evidence July 2011.

Business Excellence Day November 2009 Putting trust in your electronic information store Alan Shipman Group 5 Training Limited.

Electronic Records as Documentary Evidence Standard (CAN-CGSB 72.34) A Case Study from The University of Calgary By Regina Landwehr © University Archives.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Information Security Policies and Standards

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

Developing a Records & Information Retention & Disposition Program:

Author(s): David A. Wallace and Margaret Hedstrom, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative.

1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”

Instructions and forms

Chapter 7 Database Auditing Models

Internal Auditing and Outsourcing

Dr. Diganta Biswas School of Law Christ University, Bangalore.

JOHN D. GREGORY DANIEL J. MICHALUK June 11, as Evidence.

ARMA Charlotte - Piedmont Educational Seminar 2007 Managing Public Records Law and Practice In North Carolina Government Records Branch Division of Historical.

Creating and Maintaining Proper Systems for Electronic Record Keeping

1 EDMS 101 Speaker: Monica Crocker, DHS EDMS Coordinator Overview of current project(s) Objective of this section: This session outlines EDMS fundamentals.

Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.

Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.

IQPC February 25, ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario)

fact sheet (07/03/2007) 1 ARE ARCHIVING SOLUTIONS RECORDKEEPING SOLUTIONS? 7 th March 2007 Stephen Clarke Government Recordkeeping Programme.

DIGITAL IMAGING What Every Archivist and Records Officer Should Know DIGITAL IMAGING What Every Archivist and Records Officer Should Know Presented by.

Corporate Responsibility and Compliance A Resource for Health Care Boards of Directors By Debbie Troklus, CHC and Michael C. Hemsley, Esq.

Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

The Accomplished Connoisseur: Professional Expertise in Support for the Corporate Law Department Presented by: Lisa Daulby Canadian Association of Law.

I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

1 Ensuring the protection of bidders’ rights.  The Federal Law of № 94-FZ "On placing orders for goods, works and services for state and municipal.

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

An introduction to records management at Clemson University Records Management Office 139 Anderson Hwy, Suite 100 Clemson, S.C

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

Part 11, Electronic Records; Electronic Signatures

BC Public Libraries November, 2008 Privacy Principles.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

Paperless Government and the Law John D. Gregory Ministry of the Attorney General June 5, 2009.

Database Environment Session 2 Course Name: Database System Year : 2013.

Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.

Record Authenticity as a Measure of Trust: A View Across Records Professions, Sectors, and Legal Systems Corinne Rogers University of British Columbia.

All Employee Basic Records Management Training. Training Overview 1.Training Objectives 2.Clark County RIM Program 3.Key Concepts 4.Employee Responsibilities.

ISO/IEC 27001:2013 Annex A.8 Asset management

Legal Holds Department of State Division of Records Management Kevin Callaghan, Director.

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

03/08/1999UT Austin: GSLIS LIS Information Management LIS /8/99 Martha Richardson.

Record Retention to Manage Risk F. Jay Meyer Vice President & Senior Attorney TD Banknorth, N.A. Portland, Maine.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

CITY OF PHOENIX RECORDS MANAGEMENT AND E-PRIVACY Margie Pleggenkuhle City Clerk Department March 18, 2004.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Chang, Wen-Hsi Division Director National Archives Administration, 2011/3/18/16:15-17: TELDAP International Conference.

ARMA VI - NANAIMO 2016 David Young Records Management Archivist University of Victoria Electronic Records as Documentary Evidence CGSB‐72.34‐2015 (To supersede.

Electronic Records Management Alan Cameron Records Management Consultant.

© 2016 Chapter 6 Data Management Health Information Management Technology: An Applied Approach.

Digital evidence Stephen Mason, Barrister Visiting Research Fellow

Records Management Program Deliverables

ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY STANDARDS OF EVIDENCE

DIGITAL LEGAL DOCUMENTS:

CGSB and Electronic Records

Presentation transcript:

E-records and the law John D. Gregory Policy Division Ministry of the Attorney General May 14, 2007

MGS - IM - E-records and the law2 Why do you care?  Reasons why the law will apply to e-records:  administrative – a government department (such as the tax people) wants to see them  regulatory – a public agency (such as the Securities Commission) wants to see them  judicial – they are needed for a court case

MGS - IM - E-records and the law3 The Law of Evidence in a (small) nutshell  Admitting documentary evidence:  authentic – the record is what it purports to be  best evidence – an original, or an explanation  not hearsay (a content rule not a form rule) reliable and necessary business records rule Statutory records rules  Ontario Evidence Act, Canada Evidence Act

MGS - IM - E-records and the law4 The Law of Evidence in a (small) nutshell  Electronic documents – how does this change? Authenticity: basic rule is OK – document supported by live witness – but e-documents are more subject to manipulation (sometimes). May be hard on a challenge. May be asked why the witness believes the record is accurate. Original (best evidence): may be meaningless for electronic document. Changed by legislation from a record-based test to a system-based test Hearsay: no change in principle – because content does not change with the medium. Still “ordinary course of business” test.

MGS - IM - E-records and the law5 The extreme case?  “the focus is not on the … creation of the record, but rather on the … preservation of the record during the time it is in the file”  “the entity’s policies and procedures for the use of the equipment, database and programs are important. How access to the … database [and to the specific program are] controlled is important. How changes in the database are logged, as well as the structure and implementation of backup systems and audit procedures for assuring the continued integrity of the database, are pertinent.”  In re Vee Vinhee, US appeal court, 2005.

MGS - IM - E-records and the law6 The Legislation  To ease admission, the law provides presumptions that the record-keeping system has integrity: for one’s own computer, OK if one can show the computer was working fine all the time, or if it wasn’t, the problem did not affect the integrity of the record-keeping system for a record from an adverse party’s computer, OK (since the other party knows more about it) for a record from an independent third party, OK if kept in the ordinary course of business.

MGS - IM - E-records and the law7 The Legislation  If the presumption is rebutted, so one has to show the integrity of a record-keeping system: For the purposes of determining under any rule of law whether an electronic record is admissible, evidence may be presented in respect of any standard, procedure, usage or practice on how electronic records are to be recorded or stored, having regard to the type of business or endeavour that used, recorded or stored the electronic record and the nature and purpose of the electronic record. (Evidence Act s.34.1(8))

MGS - IM - E-records and the law8 Standards  Canadian General Standards Board  part of Public Works Canada Microfilm as documentary evidence (1988) Microfilm and electronic imaging … (1993) Electronic records as documentary evidence (2005)  And still to come Electronic Signatures Codes for retention and disposition of e-records Long term preservation of digital information

MGS - IM - E-records and the law9 The CGSB Standard and you  The key rule of the Standard: think about it!  In other words: Make a policy about how e-records are managed Communicate the policy Implement the policy Monitor compliance with the policy Adjust the policy as required by circumstances  Have a policy manual that you can point to.  Have someone responsible (CRO) (+ witness)

MGS - IM - E-records and the law10 The CGSB Standard and you  Characteristics of the Standard:  high level language it applies to lots of records it applies to lots of record-keepers question: small and medium-sized enterprises  technology neutral it is flexible in its application now it is adaptable to evolution of technology it does not make business choices for its users

MGS - IM - E-records and the law11 The CGSB Standard and you  Complying with the Standard  Authorization: senior management have to buy in formally someone is put in charge responsibilities apply even if outsourced work the policy is documented, changes are documented  Electronic Records Management Program Policy “closely aligned” with the information management security policy

MGS - IM - E-records and the law12 The CGSB Standard and you  Policy contains statements on, among other things, data file formats and version control enabling technologies quality assurance metadata capture and preservation information and records covered by the policy includes physical and logical structure of info held by the organization security classification and how to implement it

MGS - IM - E-records and the law13 The CGSB Standard and you  Policy contains statements on, among other things (contd) security processes and procedures including user authentication and permission control firewall protection systems backups disaster recovery retention and destruction policies system and procedure audits for compliance

MGS - IM - E-records and the law14 The CGSB Standard and you  The Policy manual:  Keep a manual complete and current It may refer to other standards and procedures It authorizes the life-cycle metadata of records It tells how data is captured and stored It controls data migration and conversion  Indexing (self-explanatory)

MGS - IM - E-records and the law15 The CGSB Standard and you  Audit trail:  A historical record of all significant events associated with the e-record management system date of storage of information movement of info from medium to medium evidence that controls operate and are effective  Provides evidence of authenticity of records  Contains system- and operator-generated logs.  Standard gives lengthy list of contents.

MGS - IM - E-records and the law16 Conclusion  Authenticity is a result of the integrity of the record-keeping system  Having a documented policy with documented enforcement will help ensure that electronic records are admitted as evidence.  The CGSB standard is not the only way but it is a good one and starting to be recognized.

MGS - IM - E-records and the law17 Some sources  Uniform Electronic Evidence Act  Implementation status  Ontario Evidence Act, R.S.O c.E.23 as amended  Canada Evidence Act R.S.C s.C-5 as amended

MGS - IM - E-records and the law18 Some sources  Canadian General Standard Board  Chasse “Computer-produced records in Court Proceedings” (1994 ULCC)  CICA on Information Security principles and audits Information Technology Control Guidelines (3d ed.) Conference in March 2008 on Auditing IT systems

MGS - IM - E-records and the law19 Some sources  Industry Canada – Authentication materials ceac.nsf/vwGeneratedInterE/h_gv00090e.html ceac.nsf/vwGeneratedInterE/h_gv00090e.html -Authentication principles (2004) American Bar Association – “Record Retention and Destruction: Current Best Practices” on.pdf on.pdf