Electronic records as evidence: the case for Canada's new standard: when Canada's Electronic Records as Documentary Evidence standard is released later this year, it will represent one big step for electronic records everywhere.

At the Core

This article

* examines Canada's Electronic Records as Documentary Evidence A type of written proof that is offered at a trial to establish the existence or nonexistence of a fact that is in dispute.

Letters, contracts, deeds, licenses, certificates, tickets, or other writings are documentary evidence. standard

* provides some detail about the standard's structure and content

* explores the future of this standard and related ones

In Canada there have been initiatives on providing guidance and national standards for managing electronic records so that they meet evidentiary ev·i·den·tia·ry
adj. Law
1. Of evidence; evidential.

2. For the presentation or determination of evidence: an evidentiary hearing.

Adj. 1. requirements in courts of law, but to date nothing has been formalized for·mal·ize
tr.v. for·mal·ized, for·mal·iz·ing, for·mal·iz·es
1. To give a definite form or shape to.

2.
a. To make formal.

b. . This situation, however, is soon to be remedied with the passage of the Electronic Records as Documentary Evidence standard (C** CGSB-72.34) later this year.

When the standard is released, it will establish requirements for organizations to follow when creating digital electronic records in any form--text, databases, image, and audio in order to demonstrate the records' authenticity. By following the standard's requirements, organizations will be able to demonstrate the integrity of the system that recorded or stored the electronic record. The authenticity of the electronic record itself is demonstrated by extension.

The standard is much needed and eagerly anticipated; only one other draft standard (regarding genetically modified genetically modified
Adjective

(of an organism) having DNA which has been altered for the purpose of improvement or correction of defects

genetically modified genetic adj [food etc] → foods) has spurred greater public feedback to the Canadian General Standards Board (CGSB CGSB Canadian General Standards Board
CGSB Chatham Grammar School for Boys (Chatham, Kent, UK)
CGSB Canadian Geomatics Source Book ).

For all its fanfare, however, the standard will not guarantee that an electronic record will be accepted as evidence in court; both these decisions rest solely with the court.

It Began with PIPEDA PIPEDA Personal Information Protection and Electronic Documents Act (Canada) ...

A recognized need for a "made-in Canada" solution was not perceived to be in great demand until the Personal Information Protection and Electronic Documents Act The Personal Information Protection and Electronic Documents Act (abbreviated PIPEDA or PIPED Act) is a Canadian law relating to data privacy. It governs how private-sector organizations collect, use and disclose personal information in the course of commercial (PIPEDA) was enacted in 2000, with subsequent legislation at the provincial level. PIPEDA's goal is to support and promote electronic commerce by protecting personal information that is collected, used, or disclosed in certain circumstances. PIPEDA provides for the use of electronic means to communicate or record information or transactions and amends AMENDS. A satisfaction, given by a wrong doer to the party injured for a wrong committed. 1 Lilly's Reg. 81.
     2. By statute 24 Geo. II. c. 44, in England, and by similar statutes in some of the United States, justices of the peace, upon being notified of an the Canada Evidence Act The Canada Evidence Act is an Act of the Parliament of Canada, first passed in 1893, that regulates the rules of evidence. As law of evidence is largely set by common law, the Act is not comprehensive. , the Statutory Instruments Act, and the Statute Revision Act.

The need for such a standard arose when federal, and later, provincial Evidence Acts were amended to include electronic document standards as a means of demonstrating the authenticity, integrity, and reliability of an electronic record for admissibility ad·mis·si·ble
adj.
1. That can be accepted; allowable: admissible evidence.

2. Worthy of admission.

ad·mis purposes. For example, section 31.5 of the Canadian Evidence Act, as amended, states that

   "for the purpose of determining
   under any rule of law whether an
   electronic document is admissible,
   evidence may be presented in respect
   of any standard, procedure, usage or
   practice concerning the manner in
   which electronic documents are to be
   recorded or stored, having regard to
   the type of business, enterprise, or
   endeavor that used, recorded, or
   stored the electronic document and
   the nature and purpose of the electronic
   document."

PIPEDA resulted from the recognition that electronic records are routinely admitted in all Canadian courts; therefore, the courts must have a means of establishing the reliability of the evidence if it is electronic. Thus, there is a need to establish a consistent approach to validating the reliability of the electronic records.

The legislation provided direction on how to demonstrate the integrity of the electronic record for evidentiary purposes, something that is accomplished by proving the integrity of the electronic records system in which the data was recorded and/or stored. Prior to PIPE DA, the authenticity of the paper record that was stored in a filing cabinet had to be demonstrated. Now, if the integrity of the filing cabinet can be demonstrated, then anything stored or recorded in the filing cabinet inherits the integrity of the filing cabinet. This, in turn, could be demonstrated by following a standard that identifies how electronic records are to be recorded or stored and the nature and purpose of the electronic record.

A 1993 standard--Microfilm and Electronic Images as Documentary Evidence (CAN/CGSB-72.11)--already existed but addressed only digital images. Instead of incorporating that standard into the new one, it was decided that the two standards were complementary and should be kept and maintained separately. This is in part a result of copyright issues and the widely held recognition that the other standard was recognized as the "imaging standard."

The Underlying Philosophy

The underlying philosophy of the new standard is that of providing a framework for an organization to manage electronic records in a manner so as to "maximize the probability of their admissibility as evidence in court," if they are so required. The standard is meant to specify "the policies, procedures, practices, and documentation required [for] establishing the integrity and authenticity of recorded information as an electronic record in an electronic information and records management system."

Demonstrating the integrity of a specific record through policies, procedures, practices, and documentation is analogous to the relationship of an onion to its skins. At an onion's core is the record. Each layer surrounding the core is represented by a policy, a procedure, a practice, or documentation. Although each is separate, each relies on the proceeding layers to give it the value to support the next layer (the system). Each layer in and of itself is not substantial, but the totality TOTALITY. The whole sum or quantity.
2. In making a tender, it is requisite that the totality of the sum due should be offered, together with the interest and costs. Vide Tender. of the layers together give the onion its integrity, The more layers, the greater the integrity and, in turn, the more reliable the system--and, by extension, the record housed within it.

To appreciate how the standard has been developed, it is important to understand the authoring organization, the individuals involved in drafting the standard, the process followed in developing it, as well as what it actually covers.

The Authoring Body

The CGSB is a federal organization accredited accredited

recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria.

accredited herds
cattle herds which have achieved a low level of reactors to, e.g. by the Standards Council of Canada The Standards Council of Canada is a Crown corporation based in Ottawa, Ontario, and is Canada's member body of the International Organization for Standardization. External links

scc.ca

(SCC SCC - strongly connected component ) to develop national standards of Canada in a broad range of subject areas that support economic, regulatory, procurement, health, safety, and environmental interests. Standards are developed through a voluntary consensus process. Managed by CGSB representatives, there are more than 350 technical committees whose work is supported by 4,000 volunteers from public and private sectors, academia, consumer groups, and the general public. Membership on a standards committee is open to those who are technically qualified or otherwise knowledge able in the committee's subject area. An existing committee, the CGSB Committee on Micrographics The production, handling and use of microfilm and microfiche. Images are created by cameras or by COM units that accept computer output directly. The documents are magnified for human viewing by readers, some of which can automatically locate a page using indexing techniques. and Image Management (72/0), which had developed the Microfilm A continuous film strip that holds several thousand miniaturized document pages. See micrographics.

Microfilm and Microfiche and Electronic Images as Documentary Evidence standard, initiated the development of the new Electronic Records as Documentary Evidence standard.

The committee's membership is divided into four categories: users, producers, general interest, and regulatory. With both voting and non voting members, the CGSB ensures that the committee membership is reasonably balanced so that no single category represented dominates the standard. All representatives within each group bring forward their own expertise or view with the goal of finding common ground in terms of terminology, philosophy, or approach on a specific standard.

Headed by Vigi Gurushanta, chair of the e-evidence standard and CGSB Standards Committee, the committee made several necessary decisions in order to define what the new standard would and would not cover. One point on which there was wide agreement was the need to ensure that the standard could bridge the continuing evolution of the technology. The CGSB has a standing requirement that all standards be reviewed and, where required, revised every five years. As anyone who has worked in the information technology (IT) field will attest To solemnly declare verbally or in writing that a particular document or testimony about an event is a true and accurate representation of the facts; to bear witness to. To formally certify by a signature that the signer has been present at the execution of a particular writing so as , five years is a lengthy lifetime in the field. Therefore, to ensure that the standard's shelf life would be longer than that of a Canadian summer, a conscious decision to make it technology-neutral was implemented by excluding references to specific hardware or software technology.

Applicability of the Standard

The "... standard is applicable to recorded information in IT systems used by both individuals and organizations, whether they are based in the private or public sector and whether or not they operate on a profit or not for-profit basis. The standard is applicable to both electronic records created by a person as well as those entered as a result of electronic data interchange See EDI.

(application, communications) electronic data interchange - (EDI) The exchange of standardised document forms between computer systems for business use. EDI is part of electronic commerce. without intervention by a person. [It] ... is intended for use by those who want to ensure that the recorded information in their IT systems (electronic records and transactions) is trustworthy, reliable, and recognized as authentic."

One concern raised within the committee as well as during public review was the perceived difficulty that small organizations or individuals would have in implementing the standard. As one member pointed out, "How is the guy running his business out of his basement going to be able to meet the standard?"

Regardless of size or type of institution, the standard applies to all who wish to demonstrate that their electronic document systems are reliable and, by extension, that the documents in the system are authentic, but there are no legal requirements to do so. In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke"
put differently , electronic documents can still be submitted in a court of law even if the owner of those records did not use the standard. The onus remains the same: proving the integrity of the system/record.

The approach of a non-mandatory compliance or "government by suggestion and recommendation" has been successfully used in the adoption of other standards. It has proven to be an effective approach to gaining national acceptance without requiring legislation.

Structure and Content

The Electronic Records as Documentary Evidence standard relies on several principles: having a program in place, having appropriate procedures and processes in place to support the program, and following those procedures. The standard itself is divided into nine sections:

1. Introduction

2. Scope

3. Terms and Definitions

4. Abbreviated Terms

5. Legal Requirements for Electronic Records as Evidence

6. Establishing an Electronic Records Management Program

7. Quality Assurance Program

8. Audit Trail

9. Notes (reference)

All standards, regardless of their purpose, start from the point of definitions in order to minimize the range of interpretation of terms. Many of the definitions used by the CGSB are taken from texts/terms approved by the International Organization for Standardization International Organization for Standardization (ISO)

Organization for determining standards in most technical and nontechnical fields. Founded in Geneva in 1947, its membership includes more than 100 countries. (ISO (1) See ISO speed.

(2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. ). Even so, it was difficult to reach consensus on definitions for key terms such as "records" "data," and "document." These terms are used in the standard interchangeably INTERCHANGEABLY. Formerly when deeds of land were made, where there Were covenants to be performed on both sides, it was usual to make two deeds exactly similar to each other, and to exchange them; in the attesting clause, the words, In witness whereof the parties have hereunto in part because the term "document" is used in the Canada Evidence Act and PIPEDA while the term "record" is used in ISO/IEC ISO/IEC International Organization for Standardization/International Electrotechnical Commission (ITU-T M 3000) (International Electrotechnical Commission See IEC.

(standard, body) International Electrotechnical Commission - (IEC) A standardisation body at the same level as ISO. ) standards. The standard currently under development uses the term record or, as appropriate, a set of recorded information.

Section 5 of the standard provides an outline of the requirements to be met in order for electronic records to be entered in court as evidence in Canada. It also provides the legal concepts on which the other sections of the standard have been developed. For evidentiary purposes, four concepts must be proven before the electronic records are admitted into evidence in a legal proceeding:

* A record made in the usual and ordinary course of business

* The circumstances of the making of the record

* Electronic records system integrity

* Electronic record(s) integrity

Based on these principles, an organization should authorize To empower another with the legal right to perform an action.

The Constitution authorizes Congress to regulate interstate commerce.

authorize v. to officially empower someone to act. (See: authority) an individual "to create and to keep current an authorized au·thor·ize
tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es
1. To grant authority or power to.

2. To give permission for; sanction: procedures manual of recordkeeping and information management procedures in support of approved recordkeeping policies." The goal is to be able to demonstrate in a formal manner 10 key elements to prove an organization's "usual and ordinary course of business," and the integrity of its electronic records system. Therefore, the integrity of any record recorded or stored within that system must also be demonstrated, including:

* Sources of data--The source organization originating the data involved must be identified.

* Contemporaneous con·tem·po·ra·ne·ous
adj.
Originating, existing, or happening during the same period of time: the contemporaneous reigns of two monarchs. See Synonyms at contemporary. recording--The electronic records were captured and recorded contemporaneously con·tem·po·ra·ne·ous
adj.
Originating, existing, or happening during the same period of time: the contemporaneous reigns of two monarchs. See Synonyms at contemporary. with, or within a reasonable time after, the events to which they relate (but contemporaneous recording within a particular database is not required).

* Routine business data--The data within a record is of a type regularly supplied to the originating organization during its normal activities.

* Privileged data--In legal proceedings All actions that are authorized or sanctioned by law and instituted in a court or a tribunal for the acquisition of rights or the enforcement of remedies. , the use of data from an electronic record does not violate any legal principles prohibiting the disclosure of privileged or confidential data.

* Data entry--The data capture and entry procedures are part of the "usual and ordinary course of business" of the organization.

* Industry and national standards - The organization conforms to all appropriate standards for electronic record management systems--inputting, importing, storing data, and preserving the reliability of data and the electronic record management system that stores and transmits the data.

* Business reliance The organization itself relies upon the electronic records in its databases to make business decisions.

* Software reliability software reliability - See also formal methods, safety-critical system.

ftp://ftp.sei.cmu.edu/pub/depend-sw. Mailing list: depend-sw@sei.cmu.edu. The software reliably processes the data.

* Recording of system alterations--A record of system changes is kept.

* Security--There must be proof of the security features used to guarantee the integrity of the total electronic records management system; at the least, the following points of security should be able to be proved:

* Protection against unauthorized access to data and permanent records

* Processing verification of data and information in records

* Safeguarding communications lines

* Maintaining backup copies A disk, tape or other machine readable copy of a data or program file. Making backup copies is a discipline most computer users learn the hard way-- after months of work is lost. See backup and LAN free backup. of records to verify or replace falsified, lost, or destroyed permanent or temporary records

* Retention and disposition of electronic records in compliance with legislated retention periods and dispositions requirements, and documenting such compliance and disposition schedules

* A disaster-recovery program for electronic records and associated data is in place

In essence, the standard lays out the need for electronic recordkeeping policies, procedures, systems, and processes starting with an infrastructure that formally recognizes the need to manage electronic information in the first place.

While the first five sections of the Electronic Records as Documentary Evidence standard are important to set the context for Canadian evidentiary requirements/experiences, the "meat" of the standard is found in sections 6 through 8. Each section identifies what is considered mandatory (shall) and what is recommended (should) in such a system in order for it to comply with the needs articulated in section 5.

Section 6, Establishing the ERMP ERMP Extended Range Multi Purpose (UAV)
ERMP Emergency Response Management Plan
ERMP Enterprise Risk Management Program
ERMP Electronic Records Management Practitioner (AIIM)  (electronic records management program), identifies the mandatory elements to be documented and implemented. This includes establishing the program, identifying the purpose of the program, the authority invested in the creation of the program, the authority invested in an identified corporate records officer, and a method for recording and certifying that the program is carried out. This section also lists what the policy shall include as it relates to the information covered under the policy or bylaws The rules and regulations enacted by an association or a corporation to provide a framework for its operation and management.

Bylaws may specify the qualifications, rights, and liabilities of membership, and the powers, duties, and grounds for the dissolution of an , its operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. , applications software, communications infrastructure, and enabling technologies and their management and use in the lifecycle of the recorded information. Also listed are entity and attribute definitions, metadata capture and preservation (including all evidentially significant information about records held within the organization and the physical and logical structure of its information systems and communications infrastructure), and security classification and the method of, and criteria for, implementation, retention, and destruction policies. Included are roles and responsibilities for all personnel managing and monitoring compliance with this policy and scheduled system and procedure audits for compliance to this policy.

Section 7 identifies the requirement for a quality assurance program and its role in ensuring that the ERMP is monitored and judged. This would include monitoring or measuring the quality control operations used to validate the ERMP.

When preparing electronic records for use as evidence, it is often necessary to detail the storage date of the information, the movement of the information from medium to medium, and the evidence of the controlled operation within the electronic records environment. These details are known as the audit trail information. Section 8 identifies the requirements for the audit trial and states that it "shall contain sufficient and necessary information to provide evidence of the authenticity of stored records." This section lists the minimum content to be included in the audit trail (e.g., the system function applied, the object that the system function was applied to, and the date and time of the event) as well as the overall management of the audit records themselves, including controlled access and storage in a secure environment for as long as the pertinent information is maintained. In the case of audit trail data not generated automatically by the system, the procedures for generating such data are required to be documented in the recordkeeping procedures manual. If the authenticity of stored records is questioned, the integrity of the audit trail may be fundamental in establishing authenticity and, thus, affecting the evidential ev·i·den·tial
adj. Law
Of, providing, or constituting evidence: evidential material.

ev weight of the stored records.

How It Compares to Other Standards

Although intended as a standard to support evidence requirements at a federal and provincial level, Electronic Records as Documentary Evidence is consistent with international standards. Developed under the criteria of the National Standards System of Canada and aligned with the requirements of ISO, these criteria were applied to the content of the standard. The committee adopted the models of ISO and British records management standards as well as endorsed the applicability of ISO 15489 and other ISO/IEC standards and definitions where appropriate. However, because the standard attempts to maintain technology neutrality and does not itemize To individually state each item or article.

Frequently used in tax accounting, an itemized account or claim separately lists amounts that add up to the final sum of the total account on claim. the functional requirements See information requirements and functional specification.

(specification) functional requirements - What a system should be able to do, the functions it should perform. of a specific application, it is not directly comparable to other standards such as the American standard DoD 5015.2-STD, Design Criteria Noun 1. design criteria - criteria that designers should meet in designing some system or device; "the job specifications summarized the design criteria"
criterion, standard - the ideal in terms of which something can be judged; "they live by the standards of their Standards for Electronic Records Management Software Applications or Britain's Public Record Office Requirements for Electronic Records Management Systems. Unlike these wall-respected standards, the Canadian standard's purpose is not to be a checklist used to validate specific pieces of software for recordkeeping purposes but rather to identify the overall environment in which any electronic system operates.

The Future of the Standard

One issue that came out of the standard-creation process was that there are several other related areas in this field that require some form of standard to be developed. Recognizing the complexity of drafting the first standard, it was decided not to incorporate the requirements of additional standards into the initial document. The longer-term goal is to develop and publish three additional complementary standards as proposed by the committee, including:

* Electronic signatures and evidentiary requirements

* Codes representing retention and disposal requirements

* Long-term preservation of digital information

The draft standard is currently undergoing revisions based on public input. After appropriate revisions have been incorporated and the committee has voted on and approved the draft, it will be forwarded to the SCC for consideration as a National Standard of Canada. The standard's content will be reviewed and revised at the end of its five-year cycle to ensure continuity and consistency for all who use it, rims providing flexibility in an environment that is continually changing.

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3. the authoring committee, the requirements of the Electronic Records as Documentary Evidence standard have been set at a level that will provide the greatest service to organizations and individuals with a minimal amount of effort. Above all, it will remove the uncertainty that currently exists in the absence of an authoritative, objective legal standard for recordkeeping and information management--at least in Canada.

References

Canadian Customs and Revenue Agency. Section 12 of IC78-10R3. Available at http://www.ccra-adrc.gc.ca/E/pub/tp/ic78-10r3/README.html (accessed 10 February 2004).

Chasse chas·sé
n.
A ballet movement consisting of one or more quick gliding steps with the same foot always leading.

intr.v. chas·séd, chas·sé·ing, chas·sés
To perform this movement. , Ken and Vigi Gurushanta. "The Electronic Evidence National Standard: Proving the 'Record System Integrity' of Electronic Records." Available at http://www.cipstoronto.ca/coms/itontario/2003/IT%20ONTARIO%20-%20WIN-TER03.PDF (Portable Document Format) The de facto standard for document publishing from Adobe. On the Web, there are countless brochures, data sheets, white papers and technical manuals in the PDF format. (accessed 10 February 2004).

Paul Fisher Paul Fisher is the name of:

Paul A. Fisher (born 1921), author on the history of Freemasonry
Paul C. Fisher (born 1913), American industrialist and inventor of the Fisher Space Pen
Paul Fisher (cricketer) (born 1954), English cricketer

See also

, CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. , CDIA See CompTIA. , is a member of ARMA International's Canadian Legislative and Regulatory Affairs Regulatory Affairs (RA), also called Government Affairs, is a profession within regulated industries, such as pharmaceuticals, medical devices, energy, and banking. Regulatory Affairs professionals usually have responsibility for the following general areas:

(CLARA CLARA Clairemont Amateur Radio Association ) Committee. In this role, he is a member of the CGSB Committee drafting the national Standards for Electronic Records and Documents as Admissible Evidence admissible evidence n. evidence which the trial judge finds is useful in helping the trier of fact (a jury if there is a jury, otherwise the judge), and which cannot be objected to on the basis that it is irrelevant, immaterial, or violates the rules against hearsay in Legal Proceedings. Fisher also is a consultant in the Portals and Content Management Practice of IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) Canada, where he provides expertise in workflow, file classification and indexing systems, information retention, process analysis, and document and content management solutions to both the public and private sector. He may be contacted at fisherp@ca.ibm.com.

COPYRIGHT 2004 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Author:	Fisher, Paul
Publication:	Information Management Journal
Geographic Code:	1CANA
Date:	Mar 1, 2004
Words:	3243
Previous Article:	Strategic information management: continuing need, continuing opportunities.
Next Article:	Competitive intelligence: bridging organizational boundaries: records managers are perfectly positioned to ensure that the appropriate information is...
Topics:	Documentary evidence Analysis Laws, regulations and rules Electronic records Laws, regulations and rules Evidence, Documentary Analysis Laws, regulations and rules

Related Articles
Forensic examination of money laundering records.
Archival issues in network electronic publications.(Networked Scholarly Publishing)
Fax and E-mail qualify as "documentary evidence" for Sec. 274. (Internal Revenue Code section 274)
The InterPARES International Research Project.(International Research on Permanent Authentic Records in Electronic Systems)
The World's First International Records Management Standard.(International Organization for Standardization)
Preserving the paper (and electronic) trail: records and information management professionals will be key players in devising systems to meet the...
Risky business.(In focus: a message from the editors)(survey on records management of business enterprises)
Electronic evolution: electronic records are on the way, and payors need to watch the process closely.(Selling Insight)(adopting health information...
Electronic evidence in everyday cases: don't assume that digital information is significant only in complex, tech-heavy cases. Even the most...
Revealing incommunicado: electronic recording of police interrogations.