The Inadequacy of Analysis of Electronic Records Management for Evidence and Discovery-法搜-中国法律信息搜索网

　　6. Electronic Records in Electronic Records Systems are like Drops of Water in a Pool of Water

　　Electronic records are not like paper records, but rather like drops of water in a pool of water. We cannot define or describe an electronic record in an electronic record system by describing the history of a particular group of electrons, no more than we can describe the history of a drop of water after it falls into a pool of water. When drops of water later emerge from the pool of water, we cannot associate any of them with particular drops that entered the pool of water. That comparison identifies the critical difference between traditional “paper” records management and electronic records management. A paper record maintains its physical, separate existence and identity while in its records system. Therefore the reliability of a paper record can be proved by proving its own particular history from its creation until it is used as evidence in a court, quite apart from the reliability of its record system. But an electronic record does not maintain its existence as a particular group of electrons in its records system, no more than a drop of water maintains its existence and identity in a pool of water. The molecules of the drop of water are subject to everything that happens to the pool of water. To prove the fate of any drop of water requires proof of what has happened to the pool of water, e.g., the purity of any drop in the pool of water requires proof of the purity of the pool of water as a whole. Similarly, once an electronic record is entered into an electronic records system, it is subject to everything that happens to that electronic record system and can possibly happen to that system, including its state of standards-compliance, security, and vulnerability to the Internet. It can be accessed, but remains subject to the state of its records system.

　　7. An Electronic Record is no better than the Electronic Records System in which it is Recorded or Stored

　　Therefore proof of an electronic record’s integrity requires proof of its electronic records system’s integrity. That is what the electronic records provisions of the Evidence Acts in Canada require—proof of the “integrity of electronic records system in which the record is recorded or stored.” Unlike a paper record, an electronic record is no better than the electronic records system in which it is recorded or stored. Therefore, if the quality of a records system must be proved before its records can be accepted as evidence, one should have to make disclosure of the means by which its “system integrity” is proved.[23] There is no valid argument that proving the “system integrity” of an electronic record requires merely proof of the “system integrity” of that part of the records system in which the record existed—every record and its records system are part of the same, single, whole electronic “pool.” However, if parts of an organization’s records operations are sufficiently independent in operation, management, structure, and purpose, such parts may each constitute an “electronic records system” for purposes of proving “system integrity,” and therefore the admissibility of any particular electronic record. And therefore there is no valid argument that the “system integrity” test of admissibility is unworkable because it requires proof of the integrity of all of an organization’s local, national or international records management operations in order to use a single printout as evidence.

　　8. A Certification Procedure for “Standards and ‘Legal’ Compliance”

　　However, a formalized, process for certifying compliance with national and international standards of electronic records management, and therefore proving “system integrity,” would greatly facilitate proceedings determining the admissibility and “weight” of electronic records as evidence.[24] Given the régime of “legal compliance” with laws requiring electronic records in which records systems now exist, a certification process would ensure, or greatly increase the probability of having the high quality of records management made necessary by laws based on records.

　　9, The Common Defects of Electronic Records Management Systems Undermine Disclosure and Discovery

　　There should be cross-examination to reveal the serious defects in the management of electronic records systems to show the state records management “system integrity.” Among the most common defects, routinely found in the systems of large organizations, including those of government departments and agencies, universities, public utilities, and commercial organizations are these:[25]

　　- the extent of the records holdings is not known;

　　- records are not properly classified nor indexed such that retrieval of records relevant to any particular subject is very difficult if not impossible;

　　- no definitive classification system among institutional, transitory, and personal records (e.g., which research and business records are those of each professor, and which are those of the university?);

　　- no records manual, or one that isn’t kept current, or is not complied with;

　　- no bylaws (or orders of comparable authority from senior management) dealing with the records system—essential for establishing an organization’s “usual and ordinary course of business” in regard to its records system;

　　- email is not classified, indexed nor pruned, or possibly not retained; there is no “email protocol” operative throughout the organization;

　　- records repositories are not well defined nor centrally accessible;

　　- no central policy for records management thus allowing the many divisions of the organization each to operate its own independent records system according to its own rules and practices;

　　- original paper records are not disposed of after being put into digital storage in a secure records management environment (with the exception of industry, professional, or special legal requirements as to retaining designated originals);

　　- image quality is not verified when original paper records are converted to electronic images, and there is no imaging manual dealing with the technical requirements for scanning paper records into electronic storage;

　　- metadata (data about data - data as to the management of records through time) is not used, therefore the biographical and bibliographical information about records is not used and properly maintained, therefore, e.g., there are extensive duplicates and an inability to track official or original versions;

　　- no audit trails or controls detailing deletions, i.e., when, who, by what retention-destruction/disposal authority?;

　　- no clear definition and practice as to what is the “deletion” of a record such that, e.g. records may or may not continue to exist in backup storage thus diminishing knowledge of the extent of records holdings and their control;

　　- changes in technology result in unaccounted for and undocumented changes in records practice;