Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY STANDARDS OF EVIDENCE

Published byMichael Patrick Modified over 6 years ago

Similar presentations

Presentation on theme: "ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY STANDARDS OF EVIDENCE"— Presentation transcript:

1 ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY STANDARDS OF EVIDENCE
INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario) IQPC February 25, 2004

2 Integrity and authenticity
What are they? Why do you care? for business reasons have to trust your records for legal reasons others may have to trust them   IQPC February 25, 2004

3 The legal reasons administrative – a government department (such as the tax people) wants to see them regulatory – a public agency (such as the Securities Commission) wants to see them judicial – they are needed for a court case IQPC February 25, 2004

4 Judicial reasons - Court rules
We focus on court rules here because: they are a general standard – not specific to an agency they are a single standard – not multiple as with agencies their standard influences others’ rules Note on Audit Standards See later discussion by Brian Ludmer CICA has information security audit standard IQPC February 25, 2004

5 The Law of Evidence in a (small) nutshell
Admissibility vs weight: for courts, most of discussion touches the former for agencies and regulators, will affect the latter IQPC February 25, 2004

6 The Law of Evidence in a (small) nutshel l
the “normal” rule: oral evidence, under oath, subject to cross-examination but: lots of exceptions notable exception: documents “documentary evidence” includes papers, pictures, audio and videotapes, and contents of computers IQPC February 25, 2004

7 The Law of Evidence in a (small) nutshel l
Criteria for admission of documentary evidence:  authentic – the record is what it purports to be  best evidence – an original, or an explanation not hearsay (a content rule not a form rule) reliable and necessary business records rule statutory records rules Ontario Evidence Act, Canada Evidence Act IQPC February 25, 2004

8 The Law of Evidence in a (small) nutshel l
Electronic documents – how does this change? Authenticity: basic rule is OK – document supported by live witness – but e-documents are more subject to manipulation (sometimes). May be hard on a challenge. Original (best evidence): may be meaningless for electronic document. Changed by legislation from a record-based test to a system-based test Hearsay: no change in principle – because content does not change with the medium. Still OCB test. IQPC February 25, 2004

9 The Law of Evidence in a (small) nutshel l
In practice: Electronic records get admitted readily Everyone knows records are made on computers “Notice to admit” procedure – know ahead of time Risk (in costs) of objecting on speculation IQPC February 25, 2004

10 The Law of Evidence in a (small) nutshel l
BUT If there is a serious dispute, how do you defend your records? How do you demonstrate authenticity, originality? SO Legislation to help answer these questions. IQPC February 25, 2004

11 The Legislation Uniform Electronic Evidence Act (federal government, 6 provinces incl. Ontario + Yukon) Ontario Evidence Act s (2000) Canada Evidence Act s – 31.8 Quebec – distinct (Civil Code and special Act) IQPC February 25, 2004

12 The Legislation The key to the legislation: system integrity
general application: the best evidence rule – no original needed In addition: any evidence supporting system integrity may be used to support admissibility IQPC February 25, 2004

13 The Legislation To ease admission, the law provides presumptions that the record-keeping system has integrity: for one’s own computer, OK if one can show the computer was working fine all the time, or if it wasn’t, the problem did not affect the integrity of the record-keeping system for a record from an adverse party’s computer, OK (since the other party knows more about it) for a record from an independent third party, OK if kept in the ordinary course of business IQPC February 25, 2004

14 The Legislation AND if the presumption is rebutted, so one has to show the integrity of a record-keeping system: For the purposes of determining under any rule of law whether an electronic record is admissible, evidence may be presented in respect of any standard, procedure, usage or practice on how electronic records are to be recorded or stored, having regard to the type of business or endeavour that used, recorded or stored the electronic record and the nature and purpose of the electronic record (UEEA s. 6) IQPC February 25, 2004

15 The Legislation Standards may be of variable degrees of
formality (official, semi-official, private) applicability (sectoral, record-type) generality (could be bilateral agreement) Proof that the presumptions apply or that standards are complied with may be by affidavit of a person with knowledge of the record-keeping practices of the party that wants to produce the record in evidence. The person should be available for cross-examination. IQPC February 25, 2004

16 Standards Canadian General Standards Board part of Public Works Canada
Microfilm as documentary evidence (1988) Microfilm and electronic imaging … (1993) Electronic records as documentary evidence (2004) – in the final stages of adoption And still to come Electronic Signatures Codes for retention and disposition of e-records Long term preservation of digital information IQPC February 25, 2004

17 Standards Legal effect of a Standard
The standard is itself not a law, it is a guideline. Compliance with the standard is not mandatory. Compliance with the standard is a kind of safe harbour, not a guarantee of any legal result. The standard is a statement of best practices. The Evidence Act says a court “may consider” compliance with the standard – if a party asks. IQPC February 25, 2004

18 Standards But The standard is written in mandatory language – the Person “shall” do X and Y. If you say you comply and do not, there may be civil and regulatory consequences for misrepresentation. Sometimes compliance is given an advantage, e.g. the law of evidence, the tax authorities (for the CGSB imaging standard). IQPC February 25, 2004

19 Standards The standard could become a common-law standard of prudent behaviour, so that failure to comply could be found to be negligence. The standard could be adopted in legislation or regulations and made mandatory for some sectors or some purposes. (e.g. Canadian Standards Association or Underwriters’ Laboratories for electrical goods) The legal effects may be indirect or private (e.g. give an ability to prove reliability of records) IQPC February 25, 2004

20 The CGSB Standard and you
The key rule of the Standard: think about it!  In other words: Make a policy about how e-records are managed Communicate the policy Implement the policy Monitor compliance with the policy Adjust the policy as required by circumstances Have a policy manual that you can point to. Have someone responsible (CRO) (+ witness) IQPC February 25, 2004

21 The CGSB Standard and you
Characteristics of the Standard: high level language it applies to lots of records it applies to lots of record-keepers question: small and medium-sized enterprises  technology neutral it is flexible in its application now it is adaptable to evolution of technology it does not make business choices for its users IQPC February 25, 2004

22 The CGSB Standard and you
Complying with the Standard Authorization: senior management have to buy in formally someone is put in charge responsibilities apply even if outsourced work the policy is documented, changes are documented Electronic Records Management Program Policy” “closely aligned” with the information management security policy IQPC February 25, 2004

23 The CGSB Standard and you
Policy contains statements on, among other things, data file formats and version control enabling technologies quality assurance metadata capture and preservation information and records covered by the policy includes physical and logical structure of info held by the organization security classification and how to implement it IQPC February 25, 2004

24 The CGSB Standard and you
Policy contains statements on, among other things (contd) security processes and procedures including user authentication and permission control firewall protection systems backups disaster recovery retention and destruction policies system and procedure audits for compliance IQPC February 25, 2004

25 The CGSB Standard and you
The Policy manual: Keep a manual complete and current It may refer to other standards and procedures It authorizes the life-cycle metadata of records It tells how data is captured and stored It controls data migration and conversion Indexing (self-explanatory) IQPC February 25, 2004

26 The CGSB Standard and you
Authenticated data output for legal proceedings: you display the contents of the e-records by printouts or live display or electronic display (e.g. CD) you have to be able to show that what you are displaying is the same as what is in the computer. Signature of authorized person may be used have to document the reasons for any change in format IQPC February 25, 2004

27 The CGSB Standard and you
Security and protection: document details of all levels of access need notification of and protection against unauthorized access to documents maintain environment according to suppliers’ recommendations and (inter)national standards encryption may improve security and integrity need key management, certificate management take caution on self-modifying electronic records consider use of time and date stamps document any correction of errors control who has access to clocks IQPC February 25, 2004

28 The CGSB Standard and you
Audit trail: A historical record of all significant events associated with the e-record management system date of storage of information movement of info from medium to medium evidence that controls operate and are effective Provides evidence of authenticity of records Contains system- and operator-generated logs. Standard gives lengthy list of contents. IQPC February 25, 2004

29 Conclusions E-records need extra care and control
Partly because of lack of familiarity Essence is integrity of information measured over the life-cycle of the record Compliance with the Standard is a good way to take the care required Compliance with the Standard will help in meeting common-law and statutory tests of admissibility IQPC February 25, 2004

30 John D. Gregory IQPC February 25, 2004 Conclusions If your electronic records can meet these tests, then evidence law does not make you produce the paper even if the paper still exists, i.e. you don’t have to destroy it but you can BUT there are other laws that require retention of records, e.g. tax law, industry-specific regs SO you may have to keep the paper anyway. A sound records retention and destruction schedule can only help. IQPC February 25, 2004 Electronic Records: Integrity and Authenticity

31 SOME SOURCES Uniform Electronic Evidence Act Implementation status
Implementation status Ontario Evidence Act, R.S.O c.E.23 as amended Canada Evidence Act R.S.C s.C-5 IQPC February 25, 2004

32 Some Sources Canadian General Standard Board
Chasse “Computer-produced records in Court Proceedings” (1994 ULCC) CICA on Information Security principles and audits Information Technology Control Guidelines (3d ed.) Conference in March 2004 on Auditing IT systems IQPC February 25, 2004

33 Some Sources Industry Canada – Authentication materials
- Authentication principles (draft 2003) American Bar Association – “Record Retention and Destruction: Current Best Practices” IQPC February 25, 2004

Download ppt "ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY STANDARDS OF EVIDENCE"

Similar presentations

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
E-Commerce and ODR Conference Seoul September 2012 John D. Gregory.

E-Commerce and ODR Conference Seoul September 2012 John D. Gregory.
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.

1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
Naklo, 22.10.2004 A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.

Naklo, A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.
Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.

Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.
Electronic Records as Documentary Evidence Standard (CAN-CGSB 72.34) A Case Study from The University of Calgary By Regina Landwehr © University Archives.

Electronic Records as Documentary Evidence Standard (CAN-CGSB 72.34) A Case Study from The University of Calgary By Regina Landwehr © University Archives.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Electronic evidence in Spanish civil procedure: where wishes clash against reality Julio Pérez Gil Universidad de Burgos.

Electronic evidence in Spanish civil procedure: where wishes clash against reality Julio Pérez Gil Universidad de Burgos.
Instructions and forms

Instructions and forms
What Will My Records Retention Schedule Look Like ?

What Will My Records Retention Schedule Look Like ?
IQPC February 25, 20041 ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario)

IQPC February 25, ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario)
Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.

Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.
The Accomplished Connoisseur: Professional Expertise in Support for the Corporate Law Department Presented by: Lisa Daulby Canadian Association of Law.

The Accomplished Connoisseur: Professional Expertise in Support for the Corporate Law Department Presented by: Lisa Daulby Canadian Association of Law.
1 Ensuring the protection of bidders’ rights.  The Federal Law of 21.07.2005 № 94-FZ On placing orders for goods, works and services for state and municipal.

1 Ensuring the protection of bidders’ rights.  The Federal Law of № 94-FZ "On placing orders for goods, works and services for state and municipal.
Massella Ducci Teri Italian approach to long-term digital preservation Policies for Digital Preservation ERPANET Training Seminar.

Massella Ducci Teri Italian approach to long-term digital preservation Policies for Digital Preservation ERPANET Training Seminar.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
An introduction to records management at Clemson University Records Management Office 139 Anderson Hwy, Suite 100 Clemson, S.C. 29631 864-656-4415.

An introduction to records management at Clemson University Records Management Office 139 Anderson Hwy, Suite 100 Clemson, S.C
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

Similar presentations

Ads by Google