Presentation is loading. Please wait.

Presentation is loading. Please wait.

IQPC February 25, 20041 ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario)

Published byTheodora Lynch Modified over 9 years ago

Similar presentations

Presentation on theme: "IQPC February 25, 20041 ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario)"— Presentation transcript:

1 IQPC February 25, 20041 ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario)

2 IQPC February 25, 20042 Integrity and authenticity What are they? Why do you care? for business reasons have to trust your records for legal reasons others may have to trust them

3 IQPC February 25, 20043 The legal reasons administrative – a government department (such as the tax people) wants to see them regulatory – a public agency (such as the Securities Commission) wants to see them judicial – they are needed for a court case

4 IQPC February 25, 20044 Judicial reasons - Court rules We focus on court rules here because: they are a general standard – not specific to an agency they are a single standard – not multiple as with agencies their standard influences others’ rules Note on Audit Standards See later discussion by Brian Ludmer CICA has information security audit standard

5 IQPC February 25, 20045 The Law of Evidence in a (small) nutshell Admissibility vs weight: for courts, most of discussion touches the former for agencies and regulators, will affect the latter

6 IQPC February 25, 20046 The Law of Evidence in a (small) nutshell the “normal” rule: oral evidence, under oath, subject to cross-examination but: lots of exceptions notable exception: documents “documentary evidence” includes papers, pictures, audio and videotapes, and contents of computers

7 IQPC February 25, 20047 The Law of Evidence in a (small) nutshell Criteria for admission of documentary evidence: authentic – the record is what it purports to be best evidence – an original, or an explanation not hearsay (a content rule not a form rule) reliable and necessary business records rule statutory records rules Ontario Evidence Act, Canada Evidence Act

8 IQPC February 25, 20048 The Law of Evidence in a (small) nutshell Electronic documents – how does this change? Authenticity: basic rule is OK – document supported by live witness – but e-documents are more subject to manipulation (sometimes). May be hard on a challenge. Original (best evidence): may be meaningless for electronic document. Changed by legislation from a record-based test to a system-based test Hearsay: no change in principle – because content does not change with the medium. Still OCB test.

9 IQPC February 25, 20049 The Law of Evidence in a (small) nutshell In practice: Electronic records get admitted readily Everyone knows records are made on computers “Notice to admit” procedure – know ahead of time Risk (in costs) of objecting on speculation

10 IQPC February 25, 200410 The Law of Evidence in a (small) nutshell BUT If there is a serious dispute, how do you defend your records? How do you demonstrate authenticity, originality? SO Legislation to help answer these questions.

11 IQPC February 25, 200411 The Legislation Uniform Electronic Evidence Act (federal government, 6 provinces incl. Ontario + Yukon) Ontario Evidence Act s. 34.1 (2000) Canada Evidence Act s. 31.1 – 31.8 Quebec – distinct (Civil Code and special Act)

12 IQPC February 25, 200412 The Legislation The key to the legislation: system integrity general application: the best evidence rule – no original needed In addition: any evidence supporting system integrity may be used to support admissibility

13 IQPC February 25, 200413 The Legislation To ease admission, the law provides presumptions that the record-keeping system has integrity: for one’s own computer, OK if one can show the computer was working fine all the time, or if it wasn’t, the problem did not affect the integrity of the record-keeping system for a record from an adverse party’s computer, OK (since the other party knows more about it) for a record from an independent third party, OK if kept in the ordinary course of business

14 IQPC February 25, 200414 The Legislation AND if the presumption is rebutted, so one has to show the integrity of a record-keeping system: For the purposes of determining under any rule of law whether an electronic record is admissible, evidence may be presented in respect of any standard, procedure, usage or practice on how electronic records are to be recorded or stored, having regard to the type of business or endeavour that used, recorded or stored the electronic record and the nature and purpose of the electronic record.(UEEA s. 6)

15 IQPC February 25, 200415 The Legislation Standards may be of variable degrees of formality (official, semi-official, private) applicability (sectoral, record-type) generality (could be bilateral agreement) Proof that the presumptions apply or that standards are complied with may be by affidavit of a person with knowledge of the record- keeping practices of the party that wants to produce the record in evidence. The person should be available for cross-examination.

16 IQPC February 25, 200416 Standards Canadian General Standards Board part of Public Works Canada Microfilm as documentary evidence (1988) Microfilm and electronic imaging … (1993) Electronic records as documentary evidence (2004) – in the final stages of adoption And still to come Electronic Signatures Codes for retention and disposition of e-records Long term preservation of digital information

17 IQPC February 25, 200417 Standards Legal effect of a Standard The standard is itself not a law, it is a guideline. Compliance with the standard is not mandatory. Compliance with the standard is a kind of safe harbour, not a guarantee of any legal result. The standard is a statement of best practices. The Evidence Act says a court “may consider” compliance with the standard – if a party asks.

18 IQPC February 25, 200418 Standards But The standard is written in mandatory language – the Person “shall” do X and Y. If you say you comply and do not, there may be civil and regulatory consequences for misrepresentation. Sometimes compliance is given an advantage, e.g. the law of evidence, the tax authorities (for the CGSB imaging standard).

19 IQPC February 25, 200419 Standards The standard could become a common-law standard of prudent behaviour, so that failure to comply could be found to be negligence. The standard could be adopted in legislation or regulations and made mandatory for some sectors or some purposes. (e.g. Canadian Standards Association or Underwriters’ Laboratories for electrical goods) The legal effects may be indirect or private (e.g. give an ability to prove reliability of records)

20 IQPC February 25, 200420 The CGSB Standard and you The key rule of the Standard: think about it! In other words: Make a policy about how e-records are managed Communicate the policy Implement the policy Monitor compliance with the policy Adjust the policy as required by circumstances Have a policy manual that you can point to. Have someone responsible (CRO) (+ witness)

21 IQPC February 25, 200421 The CGSB Standard and you Characteristics of the Standard: high level language it applies to lots of records it applies to lots of record-keepers question: small and medium-sized enterprises technology neutral it is flexible in its application now it is adaptable to evolution of technology it does not make business choices for its users

22 IQPC February 25, 200422 The CGSB Standard and you Complying with the Standard Authorization: senior management have to buy in formally someone is put in charge responsibilities apply even if outsourced work the policy is documented, changes are documented Electronic Records Management Program Policy” “closely aligned” with the information management security policy

23 IQPC February 25, 200423 The CGSB Standard and you Policy contains statements on, among other things, data file formats and version control enabling technologies quality assurance metadata capture and preservation information and records covered by the policy includes physical and logical structure of info held by the organization security classification and how to implement it

24 IQPC February 25, 200424 The CGSB Standard and you Policy contains statements on, among other things (contd) security processes and procedures including user authentication and permission control firewall protection systems backups disaster recovery retention and destruction policies system and procedure audits for compliance

25 IQPC February 25, 200425 The CGSB Standard and you The Policy manual: Keep a manual complete and current It may refer to other standards and procedures It authorizes the life-cycle metadata of records It tells how data is captured and stored It controls data migration and conversion Indexing (self-explanatory)

26 IQPC February 25, 200426 The CGSB Standard and you Authenticated data output for legal proceedings: you display the contents of the e-records by printouts or live display or electronic display (e.g. CD) you have to be able to show that what you are displaying is the same as what is in the computer. Signature of authorized person may be used have to document the reasons for any change in format

27 IQPC February 25, 200427 The CGSB Standard and you Security and protection: document details of all levels of access need notification of and protection against unauthorized access to documents maintain environment according to suppliers’ recommendations and (inter)national standards encryption may improve security and integrity need key management, certificate management take caution on self-modifying electronic records consider use of time and date stamps document any correction of errors control who has access to clocks

28 IQPC February 25, 200428 The CGSB Standard and you Audit trail: A historical record of all significant events associated with the e-record management system date of storage of information movement of info from medium to medium evidence that controls operate and are effective Provides evidence of authenticity of records Contains system- and operator-generated logs. Standard gives lengthy list of contents.

29 IQPC February 25, 200429 Conclusions E-records need extra care and control Partly because of lack of familiarity Essence is integrity of information measured over the life-cycle of the record Compliance with the Standard is a good way to take the care required Compliance with the Standard will help in meeting common-law and statutory tests of admissibility

30 IQPC February 25, 200430 Conclusions If your electronic records can meet these tests, then evidence law does not make you produce the paper even if the paper still exists, i.e. you don’t have to destroy it but you can BUT there are other laws that require retention of records, e.g. tax law, industry-specific regs SO you may have to keep the paper anyway. A sound records retention and destruction schedule can only help.

31 IQPC February 25, 200431 SOME SOURCES Uniform Electronic Evidence Act http://www.ulcc.ca/en/us/index.cfm?sec=1&sub=1u2 Implementation status http://www.ulcc.ca/en/cls/index.cfm?sec=4&sub=4d Ontario Evidence Act, R.S.O. 1990 c.E.23 as amended http://www.e-laws.gov.on.ca/DBLaws/Statutes/English/90e23_e.htm Canada Evidence Act R.S.C. 1985 s.C-5 as amended http://laws.justice.gc.ca/en/c-5/text.html

32 IQPC February 25, 200432 Some Sources Canadian General Standard Board http://www.pwgsc.gc.ca/cgsb/home/index-e.html Chasse “Computer-produced records in Court Proceedings” (1994 ULCC) http://www.ulcc.ca/en/poam2/index.cfm?sec=1994&sub=1994ac CICA on Information Security principles and audits Information Technology Control Guidelines (3d ed.) http://www.cica.ca/index.cfm/ci_id/1004/la_id/1.htm Conference in March 2004 on Auditing IT systems www.cica.ca/itaudit

33 IQPC February 25, 200433 Some Sources Industry Canada – Authentication materials http://e-com.ic.gc.ca/epic/internet/inecic- ceac.nsf/vwGeneratedInterE/h_gv00090e.html http://e-com.ic.gc.ca/epic/internet/inecic- ceac.nsf/vwGeneratedInterE/h_gv00090e.html -Authentication principles (draft 2003) http://e-com.ic.gc.ca/epic/internet/inecic- ceac.nsf/vwapj/authentication_principles.pdf/$FILE/authentication_principl es.pdf http://e-com.ic.gc.ca/epic/internet/inecic- ceac.nsf/vwapj/authentication_principles.pdf/$FILE/authentication_principl es.pdf American Bar Association – “Record Retention and Destruction: Current Best Practices” http://www.abanet.org/buslaw/newsletter/0019/materials/ recordretention.pdf http://www.abanet.org/buslaw/newsletter/0019/materials/ recordretention.pdf

Download ppt "IQPC February 25, 20041 ELECTRONIC RECORDS INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE John D. Gregory Ministry of the Attorney General (Ontario)"

Similar presentations

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
E-Commerce and ODR Conference Seoul September 2012 John D. Gregory.

E-Commerce and ODR Conference Seoul September 2012 John D. Gregory.
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.

1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
Legality of Electronic Images under the Electronic Transactions Ordinance Presentation by Mr Alan Siu, Deputy Secretary for Information Technology and.

Legality of Electronic Images under the Electronic Transactions Ordinance Presentation by Mr Alan Siu, Deputy Secretary for Information Technology and.
Naklo, 22.10.2004 A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.

Naklo, A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.
Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.

Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.
Business Excellence Day November 2009 Putting trust in your electronic information store Alan Shipman Group 5 Training Limited.

Business Excellence Day November 2009 Putting trust in your electronic information store Alan Shipman Group 5 Training Limited.
Electronic Records as Documentary Evidence Standard (CAN-CGSB 72.34) A Case Study from The University of Calgary By Regina Landwehr © University Archives.

Electronic Records as Documentary Evidence Standard (CAN-CGSB 72.34) A Case Study from The University of Calgary By Regina Landwehr © University Archives.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Information Security Policies and Standards

Information Security Policies and Standards
INSURANCE CLAIMS IN MEXICO INSURANCE CONTRACT 1.Insurer shall be a company duly authorized to carry out business as an Insurer in accordance to Federal.

INSURANCE CLAIMS IN MEXICO INSURANCE CONTRACT 1.Insurer shall be a company duly authorized to carry out business as an Insurer in accordance to Federal.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Electronic evidence in Spanish civil procedure: where wishes clash against reality Julio Pérez Gil Universidad de Burgos.

Electronic evidence in Spanish civil procedure: where wishes clash against reality Julio Pérez Gil Universidad de Burgos.
Author(s): David A. Wallace and Margaret Hedstrom, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative.

Author(s): David A. Wallace and Margaret Hedstrom, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative.

Similar presentations

Ads by Google