LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Recreated .MSG file - A Legal Record?
From:	Maureen cusack <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Fri, 24 Feb 2006 10:33:53 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (90 lines)

In response to John:

<There's a case called Public Citizen v. Carlin that explicitly rejects the 
argument that metadata must be preserved.>


The Sedona Guidelines are all about reasonableness in recordkeeping 
practices as a response to unreasonable spoliation challenges and charges 
like what must have come about in the 1999 case mentioned above. But the 
above ruling, and Sedona, doesn't mean that metadata preservation is not 
important. It does contribute to evidentiary value of records, especially 
where computer-generated audit trails help trace chain of custody like in 
J.'s issue about migrating MS Outlook content between repositories. There 
are 3 much-cited cases (below) which went the opposite way from Public 
Citizen v. Carlin.

In response to Chris:

<While it would be my recomendation that all metadata be retained and be 
migrated with the record, I don't think ther eis a legal requirement to do 
so.>

Here in Ontario, the Evidence Act, R.S.O. 1990, c. E.23, s. 34.1(5.1)(7) 
specifies audit trails as a means of proving system reliability and 
integrity which is necessary to establish authenticity which in turn is 
necessary to establish relevance which is required for admissibility.

Case law is useful if we're talking "legal requirements" . Here's what I've 
taken away: Case law and legal commentators in Canada and the US have made 
it clear that anyone seeking to admit an electronic record must lay a proper 
foundation for reliability. It's also a Canadian standard CAN/CGSG 72.34 
2005 Electronic Records as Documentary Evidence, written by the federal 
government standards board.  I consider repeated rulings on the same issue 
to be pretty strong indication of a "requirement" and something you would 
want to mention in a risk management report or guideline - especially if it 
justifies your job and your efforts. In these 2 cases courts refused to 
admit evidence because there was no proof of system reliability:
R. v. Sheppard (1992), 97 Nfld & P.E.I.R. 144 (Nfld. S.C.);
R. v. Rowbotham (1977), 33 CCC (2d) 411 at 416 (Ont. Co. Ct.)

In the US case People v. Holowko, (1985), 486 N.E.2d at 878-79 the fact that 
records were computer-generated made the evidence admissible (because it was 
reliable not because it was a business record exception to the hearsay 
rule). Presumably the FBI proved they were computer-generated. Audit trail 
reports indicate whether something is human-authored or computer-authored. 
Audit trails that are automated can also prove that a record was created in 
an ERMS contemporaneous with the activity it is evidence of (as opposed to 
being created after the fact when litigation was anticipated -scrambling to 
create exculpatory evidence and all that). This contemporaneous rule is 
actually legislated: Evidence Act, R.S.O. 1990, c. E.23, s. 33(3) . Also 
there's a US case which upheld this rule: United States v. Blackburn, 992 
F.2d 666 (7th Cir. 1993)

The Canadian Standard CAN/CGSG 72.34 2005  specifies in section 8 "audit 
trail" what audit metadata needs to describe, how it should be created, that 
it must be backed up, be unalterable etc.


<The records "profession" has ot defined metadata as being a required 
component to ensure record integrity>

It has. The  2002 PRO (UK) section 2, Metadata, makes many statements like 
this: page 2, section 1:  "when properly implemented, records management 
metadata does this (prevents alteration and proves where alteration has 
occurred) by:

...establishing the provenance of the record....
....showing whether the record's integrity is intact....
.....demonstrating that the links between documents, held separately but 
combining to make up a record, are present".

So in a project like J.'s I would preserve the metadata records from every 
system the record has ever existed in permanently.  The ideal would be 
metadata harvesting ability between systems that capture the old metadata 
into the new system - and treat that old metadata record with same controls 
as audit metadata. Also the event of exporting records from one system to 
another should ideally be captured as system-generated audit trail metadata.

What would any of you do?




Maureen Cusack, B.A.H., T.E.S.L., M.I.St.

http://www.maureencusack.net

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US