Foreword

CAN/CGSB-72.34 specifies principles and procedures for creating all forms of electronic records (text, data bases, e-mail systems, bar code, cartographic, audio, pictorial, multimedia, etc.) to enhance their admissibility as evidence in legal proceedings. Because this standard provides only general legal and technical information, users should seek expert legal and technical advice before applying its recommendations to a specific records management or record-keeping system or to an Electronic Data Interchange (EDI) between autonomous parties.

This standard reflects the ISO/IEC standards and the federal, provincial and territorial acts and regulations in place at the time of Committee deliberations. Where differences exist between an act or a regulation and this standard, the former shall prevail.

Introduction

Context

An organization must always be ready to produce its records as evidence in legal proceedings. To ensure their reliability, integrity and authenticity, organizations should consider the application of standards. To enhance the admissibility and the weight (probative value) of electronic records as evidence in legal proceedings, organizations should apply the principles and procedures outlined in this standard.

Link to Canadian legal evidentiary requirements

Records and documents including electronic images produced by or stored in a computer can stand in place of original paper source records or copies of paper source records. The legal tests to be met use phrases such as "the integrity of the electronic record system" and "the reliability of the entry". These key phrases are not defined by the law, but the Canada Evidence Act, as well as most provincial and territorial evidence acts, contains the following provision, encouraging the use of standards:

For the purpose of determining under any rule of law whether an electronic document is admissible, evidence may be presented in respect of any standard, procedure, usage or practice concerning the manner in which electronic documents are to be recorded or stored, having regard to the type of business, enterprise or endeavour that used, recorded or stored the electronic document and the nature and purpose of the electronic document.

Sources of requirements and approach

This standard specifies in broad terms the policies, procedures, practices and documentation that organizations need to establish the integrity and authenticity of recorded information as an electronic record in an electronic records management system (RMS). Its technology-neutral language allows organizations to apply the procedures to various types and combinations of Information Technology (IT). The standard provides procedures and practices that will assist them in complying with legal requirements, without dictating the types of technology required.

As a codification of best practices, organizations can rely on this standard if they implement the appropriate procedures and follow them at all times. Applying the standard to an organization's business will not eliminate the possibility of litigation, but it will make the production of electronic records easier and their acceptance in a legal proceeding more certain.

Scope

This standard applies to those who receive, create, capture, maintain, use, store or dispose of records electronically. This standard applies to private and public sector activities of Persons irrespective of whether such activities are undertaken on a for-profit or not-for-profit basis.

This standard is intended for use by those who want to ensure that the recorded information (electronic records and transactions) in their IT Systems is trustworthy, reliable and recognized as authentic. Typical users include

a) managers of private and public sector organizations;

b) IT Systems and records management system (RMS) professionals;

c) all other personnel in organizations, including those responsible for security services and risk management; and

d) legal professionals and other Persons responsible for creating and maintaining records.

This standard provides principles for developing policies, procedures, practices and documentation for the integrity and authenticity of electronically recorded information to

a) ensure that electronic records can reliably support business decisions and exchanges of commitments;

b) enhance the admissibility and the weight of electronic records in a court of law, a tribunal or an inquiry; and

c) protect the value of electronic records in documenting the content and accountability for decisions and transactions.

This standard also defines best practices for electronic storage of business or other recorded information. Therefore, organizations conforming to its recommendations benefit even when evidentiary issues are not relevant.

In addition, this standard provides guidelines for

a) records management supporting a quality process framework; and

b) identifying and implementing appropriate measures to protect the evidentiary value of electronic records, including their incorporation within systems design and management processes.