Sheila Taylor is a well known consultant, educator, speaker and writer with more than 20 years of experience in the information management (IM) field.
Sheila Taylor is a well known consultant, educator, speaker and writer with more than 20 years of experience in the information management (IM) field.
We substantially revised our RIM Professional Development in Canada: Records and Information Management Competencies, Positions, Education, and Certifications white paper which was originally published as a fall 2013 supplement to Carswell’s Records and Information Management service.
In addition to updating URLs, publication titles, statistics, and fees if/as required, several sections of the white paper were significantly revised including the lists and descriptions of AIIM and ARMA International training/certificates, the CRM certification maintenance categories (reduced from 1o to 4 this summer), and the IGP certification maintenance requirements (announced this spring). For ease of reference, all substantive revisions are highlighted.
We hope existing and future RIM practitioners and employers will continue to find this unique resource helpful. We plan to continue updating it at least once per year for the benefit of the (Canadian) RIM community.
Although the article focuses on information governance (IG) in law firms, the information and guidance provided are applicable to any organization struggling with operational or legal concerns regarding information. The article provides information on what IG is and why it is needed, some excellent advice on starting an IG program, and tips on preventing data breaches by establishing good IG practices.
Sheila is a recognized expert in information governance, and Ergo is actively promoting good IG practices to the records and information management (RIM), legal and IT communities through consulting and by writing/presenting on the topic. Contact us here if you have any information governance related enquiries.
Note: The article is freely accessible at this time, however, a paid subscription will likely be required to access the article as of the next issue.
The Canadian General Standards Board (CGSB) standards for documentary evidence (Electronic Records as Documentary Evidence (CAN/CGSB 72.34-2005) and Microfilm and Electronic Images as Documentary Evidence (CAN/CGSB 72.11-93) were recently used to establish the admissibility of records in a case before the Provincial Court of Alberta. The judge’s ruling (R. v. Oler, 2014 ABPC 130) concerns a drunk driving case in which the admissibility of the Calgary Police Service’s electronic breathalyzer records were challenged.
This is an important ruling for the Canadian records and information management (RIM) community because it validates these standards as important benchmarks for RIM managers to consider and follow in all Canadian organizations. It’s also significant because it was the first time in Canada that a RIM practitioner was an expert witness on records admissibility. See my interview with Uta Fox, CRM of the Calgary Police Service (CPS) for her take on the experience.
The Records in Question
The ruling concerns the admissibility of two types of records in CPS’s electronic records system (OpenText Content Server, formerly Livelink):
a) Electronic records (images) consisting of set up worksheets for the Intoxilyzer 5000C (a breathalyzer for estimating blood alcohol content from a breath sample), the simulator worksheets, and the instrument’s annual maintenance sheets as created from paper/hard copy records which were destroyed after scanning. These records are referred to in the ruling as Tabs 2, 3, and 4 of Exhibit 1.
b) A ‘maintenance log’ in Microsoft Word (MS Word) format which is referred to in the ruling as Tab 1 of Exhibit 1.
The Judge’s Ruling
The judge ruled as follows:
1. The witnesses’ testimony was accepted. Both witnesses were deemed “credible, reliable” witnesses. The witnesses were two CPS employees: Uta Fox, CRM (Manager, Records and Information) and Sgt. Richard Butler (a member of the team of police officers who maintain CPS’s electronic records system).
2. Re: Tabs 2, 3, and 4 of Exhibit 1 (the images), the Crown met “the onus that lies upon it in connection with admissibility of electronic records . . . These electronic records . . . can be introduced as evidence in the trial proper . . . The evidentiary rules of authenticity, integrity and reliability have all been satisfied.”
3. Re: Tab 1 of Exhibit 1 (the MS Word document), this record “is an ordinary business record, a Live document capable of additions, deletions or amendments, from time to time” which “may be introduced into the trial or proceedings as an ordinary business record” with “weight to be given to it subject to ordinary evidentiary rules governing business records.” This record “does not meet the standards for admission as an electronic document under CAN/CGSB 72.11-93 or CAN/CGSB 72.34-2005.”
4. “The Crown has provided full and fair disclosure to the Defence in Exhibit 1” and “The evidence in the voir dire [a legal term denoting the part of the trial connected with the admissibility of evidence] may be introduced into the trial proper.”
The Significance of this Ruling
According to Stuart Rennie, a lawyer and RIM consultant in British Columbia, this ruling is significant for several reasons.
First, Mr. Rennie says it is “the first Canadian court to consider the admissibility of electronic records with reference to specific standards [i.e. the two CGSB standards for the admissibility of documentary evidence].” Specifically, the court assessed “complex” records and information management (RIM) software, deemed it acceptable to destroy paper/hard copy source documents after imaging, and accepted electronic records as evidence. The judge reproduces in her ruling several sections of the CAN/CGSB-72.34-2005 standard which she says were “directly relevant to the considerations of the Court.”
Second, this ruling was made in a criminal case in which there is a higher standard of proof than in a civil case.
Third, Mr. Rennie believes this is the first time a Certified Records Manager (CRM) was called as an expert witness in a Canadian court and that the court has demonstrated a strong assessment towards the CRM.
Fourth, this ruling sets precedent: an Alberta court has ruled that the CGSB documentary evidence standards are acceptable in a criminal matter. While not binding on Alberta courts other than the Provincial Court of Alberta or on courts elsewhere in Canada, Mr. Rennie hopes the ruling will be cited in similar cases in the future. He also hopes that case law will be enacted to define the ‘standards’ under the Canada Evidence Act by which an electronic document may be determined admissible, thus helping the provincial evidence acts to define their ‘standards’ for electronic records admissibility.
Fifth, this ruling validates CPS’s policy, procedures, and technology for creating, storing, and managing Intoxilyzer 5000C records in electronic format. As Mr. Rennie said, “There was a lot riding on this decision for the CPS. If the records weren’t deemed admissible, then CPS’s past cases of this type would be called into question.”
Darren M. Oler was charged with impaired driving under the Criminal Code of Canada. His lawyer sought production of CPS’s records for three different Intoxilyzer 5000C instruments, specifically “maintenance logs, maintenance records, certificates of annual inspection, maintenance manuals, technician work sheets, and site installations work sheets”. In response, the Crown Prosecutor provided a CD containing maintenance records for every Intoxilyzer 5000C used in Calgary since 1995.
The requested records were provided in electronic format because it is CPS policy to destroy original handwritten documents associated with the Intoxilyzer 5000C during the process of converting them to electronic format (imaged copies) for storage in the force’s electronic records system (OpenText Content Server, formerly Livelink).
The judge ruled that “The question of admissibility of an electronic record in general must be dealt with before the Court can address the issue of the Charter arguments raised by the defence”. The judge then directed CPS “to retain counsel and to make submissions to the Court on the question of admissibility of electronic evidence . . . which are now maintained [by CPS] in an electronic database”.
The Court heard evidence from two CPS witnesses on the operation of the electronic records system and the manner in which CPS introduces documents into that system for storage. The Court also examined the integrity of CPS’s system for recording and storing electronic records.
Uta Fox, CRM (Manager, Records and Information at CPS) was accepted as an expert witness deemed to have “specialized knowledge necessary to render opinion evidence to the Court in connection with processes and procedures for the maintaining of the integrity of electronic records.” She testified that “The principles and procedures outlined by the Canadian General Standards protocol is intended to enhance the potential for admissibility of electronic documents and reliance upon these documents as authentic for the purpose of business and Court proceedings” and that the CGSB’s standards provide that “records and documents including electronic images by or stored in a computer can stand in place of original paper source records or copies of paper source records.”
Ms. Fox also testified to CPS’s creation and management of electronic records according to the CGSB standards. Specifically, she testified regarding CPS’s ‘scanning to PDF process’ including comparison between the original document and the PDF image, page counting, perfect match protocols, and quality checks, and the service’s program for destroying paper records after they have been scanned. She was also questioned – reportedly at length – about the possibility of unauthorized access and changes to electronic imaged documents.
Sgt. Richard Butler, who is responsible for maintaining the records up to the point of ensuring secure storage in OpenText Content Server, was called to testify regarding the creation and maintenance of the Intoxilyzer 5000C records in question. He described the process whereby handwritten maintenance logs are transcribed to MS Word and PDF documents, and then shredded once transcription is complete. He also explained that the maintenance log is “essentially a partial summary of original records”.
The Defence had no issue with CPS’s electronic records system or with Ms. Fox’s testimony regarding the propriety of CPS’s imaging policy.
However, the Defence said CPS’s Alcohol and Drug Recognition Experts Unit did not follow CPS procedure when converting certain handwritten documents to electronic format and subsequent storage in the electronic records system. Specifically, the Defence said the approved maintenance logs – which were originally in handwritten format and then typed into a MS Word document – were “not exact duplicates of the original handwritten document, did not pass quality control standards, omitted information from the original handwritten document and were recreated in a different format with different columns, different descriptions, and omission of relevant information contained in the original maintenance log.” The Defence submitted “that this process of typing handwritten documents into a typed format gives rise to serious evidentiary issues in connection with authenticity and reliability of the Maintenance Log.” In addition, the Defence submitted that the electronic record produced for one Intoxilyzer did not include software modification information and contained potential inaccuracies in connection with annual maintenance being recorded on different dates.
As an Intervener in the case, CPS filed a detailed brief with the Court on ‘electronically stored information’ (ESI) and the conditions precedent for admissibility in legal proceedings. The judge’s ruling includes extracts from that brief, including the factors to establish the integrity of a records management system and a detailed description of how CPS’s electronic records system meets those integrity requirements. The Court accepted the Intervener’s submission in its entirety.
If you’re like me, you’ve likely read articles by or heard conference presentations from Records Managers in the US who have testified in court regarding their organizations’ RIM practices. To the best of my knowledge, Uta Fox, CRM – the Manager, Records and Information @ the Calgary Police Service – is the first Records Manager to testify as an expert RIM witness in a Canadian court.
Ms. Fox testified twice before the Provincial Court of Alberta regarding electronic records admissibility issues in an impaired driving case (R. v. Oler, 2014 ABPC 130). (For information on the judge’s admissibility ruling, see this post)
I recently interviewed Ms. Fox about her experience as an expert witness. The following post is based on our conversation.
1. How did you become involved in this case?
Sgt. Butler is one of the Calgary Police Service (CPS) officers who maintains the Intoxilyzer 5000C records prior to their secure storage in OpenText Content Server (formerly Livelink). The Intoxilyzer is a breathalyzer for estimating blood alcohol content from a breath sample.
The Court instructed Sgt. Butler to return to court with the ‘original’ records for the Intoxilyzer 5000C and be prepared to talk to the court about how CPS follows the Sedona Canada e-discovery guidelines. Sgt. Butler knew he couldn’t provide the ‘original’ records because the paper/hard copy records in question were destroyed after imaging as per CPS policy and he couldn’t speak to the Sedona Canada guidelines. So he came to see me and after some discussions with counsel, it was decided that I would accompany him when he next went to court regarding this case.
[Note: CPS’s external counsel later determined that the Sedona Canada e-discovery principles have no impact on criminal cases so CPS did not testify about them.]
2. This ruling concerns the admissibility of selected electronic records as evidence. Which CPS records were involved in this case?
Defence counsel requested CPS to produce its records for the Intoxilyzer 5000C. As stated in the judge’s ruling, those records include “maintenance logs, maintenance records, certificates of annual inspection, maintenance manuals, technician work sheets, and site installations work sheets”.
3. How did you prepare to testify in court?
I met with CPS staff to review the processes for creating and storing these records, and for destroying the paper/hard copy records after imaging. I also met with legal counsel – both our in-house lawyers and external counsel – to review the types of questions I might be asked in court.
4. The ruling states that you have “specialized knowledge necessary to render opinion evidence to the Court in connection with processes and procedures for the maintaining of the integrity of electronic records.” What types of questions were you asked in court before being accepted as an expert witness?
I was asked about my education (I have a Master’s degree), and how long I had worked for CPS and in what capacity. I was also asked about my RIM qualifications. I explained that I’m a CRM (Certified Records Manager) certified by an international body – the ICRM (Institute of Certified Records Managers). My qualifications were accepted without cross-examination by defense counsel and the judge didn’t question my qualifications either.
5. For how long did you testify?
I testified for about 2.5 hours in total, split over two court sittings. When testifying I was questioned by CPS counsel, defence counsel, and the judge.
6. Was this the first time you or any other CPS RIM employee was called upon to testify in court as an expert witness?
For me, this was the first time. I believe this was also the first time a RIM employee testified as an expert witness since CPS established its Records Management Section in 1998.
7. If you could use only one word, which word best describes your experience as an expert witness in court?
“Exhilarating! It was a lot of work, but it was exhilarating to be able to show that this is a credible discipline and our work is recognized legally.”
8. What tips do you have for other Records Managers who may be called upon to testify in court as an expert witness?
In case you missed the announcement earlier this year, all of the iSchool Institute’s courses (including its two records management certificates) are now run by the university’s School of Continuing Studies.
With one exception, the fall 2014 term courses will be taught by the same instructors as in past years. Katherine Chornoboy, Steve Knight, Caroline Werle and yours truly (Sheila Taylor) will teach the Certificate in RM Fundamentals (Toronto classroom) and David Hopkins will teach the online equivalent while Christine Ardern, Caroline Werle, and myself will teach the Certificate in RM Practice (Toronto classroom).
New to the teaching roster is Paula Lederman who will teach the online equivalent of the Certificate in RM Practice. At this time, in classroom courses are not offered in Ottawa or Edmonton as in the past.
You’ve likely heard of Snapchat, the beloved app of teenagers (and others) for sending disappearing selfies. And you’ve likely discounted this popular service (which sends approximately 400M photos/day) as appealing only to consumers.
But wait . . . there’s evidence that the vendor community is already developing corporate equivalents of Snapchat’s disappearing functionality that may move this type of technology into daily business use just like other applications such as instant messaging (IM). IM moved into the corporate/enterprise space when vendors developed secure/enterprise equivalents (e.g. Jive and IBM Sametime) to overcome the perceived security risks of public IM services (e.g. Yahoo! Messenger and ICQ).
Confide is likely the first of many apps RIM professionals need to monitor. Run by a former AOL executive (Jon Brod) and the CEO (Howard Lerman) of the location services company Yext, Confide is a text-baed iOS app in which you read a message by ‘wanding’ over it with your finger. Check out the company’s home page to see how that works.
Each message disappears after being read once – you can’t store or forward it. And you can’t take a screen shot because a message is hidden until you ‘wand’ over it and only a limited number of characters are revealed at any one time. Further, Confide will alert you (and the recipient) if the recipient attempts to take a screen shot.
Confide’s creators argue that “Off-the-record conversations happen all the time in the offline world — phone calls, hallway discussions, meet-ups, grabbing lunch or coffee” and their goal is to “bring this offline experience online, in a fast and efficient way.” Also according to the app’s FAQ, they anticipate the following three primary cases for using Confide for “honest, unfiltered, off-the-record conversations”:
Why was Confide developed? Here’s what the creators say:
“We think the concept of the digital permanent record is crazy. Why should all of our online communication be around forever, with copies of things being spewed and stored in people’s inboxes and various clouds? Imagine if everything you ever SAID (spoken words) were stored like that and the person you said it to had a copy of it. We think this is fundamentally broken and we set out to fix it. We created Confide to bring off-the-record professional communication to the digital world.”
While its true that spoken words aren’t captured unless a recording is made or or someone later transcribes a record of what was said, the instantaneous deletion of digital communications used for business purposes is fraught with risk. It will be interesting to see if apps like Confide gain traction in the corporate world and, if they do, how regulators and the courts will look upon them.
For many years, most organizations have had policies governing employees’ use of e-mail (e.g. no political solicitations, no profanity, etc.) and the Internet (e.g. don’t download or share information that’s offensive, illegal, discriminatory, etc.). And many organizations are in the process of implementing policies to guide employees on what organizational information/data can (and cannot) be shared in social media applications such as Facebook. In addition, many organizations have a Code of Conduct requiring employees to preserve the confidentiality and privacy of the organization’s information by not using or disclosing confidential/personal information other than in the performance of their jobs or as required by law.
However, despite such requirements, the combination of organizational data/information and an Internet connection is a recipe for disaster – and often a public relations nightmare – in the hands of some employees.
In a recent Maclean’s article entitled “Open Secrets” , Tamsin McMahon illustrates “. . . just how much power today’s workers have to spill the beans on their employer’s most sensitive information. From Twitter to Facebook to professional networking sites like Glassdoor and LinkedIn, any employee with an Internet connection now has access to a limitless array of tools to instantly – and anonymously – share workplace gossip and confidential corporate data with the world.”
While much of Ms. McMahon’s article focuses on how the law is catching up to provide legal consequences for employees who discredit their employers/bosses on social media or release confidential information, she provides several thought-provoking examples of the damage an unthinking employee can cause. For example:
Some of Ms. McMahon’s examples illustrate that many breaches are made unwittingly, and sometimes by an employee’s immediate family, for example:
The need to keep tabs on their reputation and information will likely cause many organizations to implement web scanning whereby they (or their service providers) will sift through chat room conversations, Facebook posts, tweets, YouTube, etc. looking for inappropriate comments and inappropriately released information. The resulting collection of comments/information will constitute another group (or series) of information to be managed and retained for a suitable period. Because some of the inappropriate comments or inappropriately released information may be relevant in future litigation, it will be particularly important to document and manage the audit trail of the information’s collection, access, and storage and manage it according to the organization’s legal hold protocol if/when required.
RIM professionals working for organizations in competitive environments may also see an increase in the volume of competitive intelligence (i.e. information about their competitors) to be managed as their employers deploy web scanning for competitive purposes.
If you’re like me, you’ve probably read a lot of articles about SharePoint’s business benefits (e.g. collaboration, workflows, etc.) but rarely found articles that discuss the RIM implications of implementing this increasingly ubiquitous technology. You’ve also probably searched in vain for RIM information in books about SharePoint. And apart from some sessions at ARMA conferences and other RIM industry events, you’ve probably encountered very, very few speakers at SharePoint conferences who even mention RIM.
I’m often asked by clients and students to suggest resources about SharePoint’s RIM functionality and on implementing SharePoint from the RIM perspective.
I’m happy to share the following list of resources I’ve found helpful. What resources do you recommend?
Courses: Solutions for EDRMS Success: SharePoint Records Management Certificate – This ARMA International seminar teaches a 12-step methodology for successfully implementing an EDRMS (electronic document and records management system). While based on SharePoint 2010, it is fully applicable to other technology platforms. The certificate consists of a 2-day seminar and a computer-based exam taken after the seminar.
Blogs/web magazines: SharePoint is a hot topic in the blogsphere and web magazines. Here are three that regularly discuss SharePoint, often from a RIM perspective.
Books/reports/articles: You might want to check out the following resources.
The PDF/A-3 standard (ISO 19005-3:2012) defines a file format based on the portable document format (PDF) to provide a mechanism for representing electronic documents in a manner that preserves their static visual appearance over time, independent of the tools and systems used for creating, storing, or rendering the files. However, preservation of the files’ static visual appearance is only possible if conforming PDF/A files are complete in themselves and require no external resources (e.g. unembedded fonts) to render their pages properly.
In a somewhat radical departure from its predecessor, PDF/A-2 (ISO 19005-2:2011) , PDF/A-3 permits the embedding of files of any format (including XML, CSV, CAD, images, binary executables, etc.) within a PDF/A file and does not require embedded files to be considered archival content. Further, a PDF/A-3 conformant reader is responsible for presenting only the primary document and permits the extraction of embedded files for use with other tools.
The U.S. National Digital Stewardship Alliance (NDSA) charged a Working Group to investigate the PDF/A-3 standard. Specifically, the Working Group researched the pros and cons of using PDF/A-3 in different preservation scenarios, including use as an extension to PDF/A-1 (ISO 19005-1:2005) and PDF/A-2 in circumstances for which those formats have been adopted or recommended, and use as a wrapping or bundling format for various digital asset/media types, such as textual, audio, video, photo, and GIS data.
In The Benefits and Risks of the PDF/A-3 File Format for Archival Institutions, the Working Group provides a comprehensive assessment of the possibilities, risks, and general pros and cons of PDF/A-3 and the scenarios in which it might (or might not) be appropriate. The report also presents a general scenario for embedding supporting data in PDFs for scholarly documents and several scenarios specific to particular contexts or institutions such as a U.S. National Archives and Records Administration (NARA) scenario for using PDF/A-3 as an acceptable container to circumvent DoD 5015.2 records management application restrictions.
The conclusions address the following topics.
The report is recommended reading for organizations (particularly archival institutions) planning to use the PDF/A-3 standard.
Cohasset Associates , ARMA International , and AIIM recently published the results of the 2013/2014 Information Governance Benchmarking Survey (download a copy here). The survey was underwritten in part by Iron Mountain .
The findings are based on responses from 1,300+ invitees including ARMA International members, AIIM members, recent attendees of Cohasset’s Managing Electronic Records (MER) Conference , selected Iron Mountain customers , and members of the Records Management LISTSERV .
Respondents work in many industries such as government, financial services/banking, professional services, and manufacturing. The majority (58%) work for ‘small’ organizations (up to 4,999 employees) followed by ‘medium’ organizations (5,000 – 24,999 employees), and ‘large’ organizations (25,000+ employees). Most respondents’ survey answers represented operations in the U.S. (58%) followed by global operations – excluding U.S. (27%), and Canada (12%). When asked to select (select all that apply) their job responsibilities related to information lifecycle management, the most frequently cited responsibilities were: implementing RIM technologies and tools (51%), enterprise RIM program including international, if organization is global (48%), RIM strategy definition (47%), and managing RIM file room or electronic repository (45%).
The survey questions address topics such as business commitment to RIM, retention schedules, records deletion/destruction, legal holds, information lifecycle management, and RIM Program maturity.
For some questions, the 2013 responses are compared to responses in past studies (the 2003, 2005, 2007, 2009, and 2011 surveys or a sub-set thereof) to illustrate trends over time. More than 12,000 individuals have responded to the survey since its inception.
According to the authors, this 8th biennial survey provides “authoritative, up-to-date benchmarking metrics on information lifecycle practices with an emphasis on electronically stored information (ESI)”. The following Survey Highlights table from the report summarizes the results and recommends implementation actions to modernize information governance (IG). The authors encourage organizations to use the table to “formulate internal action plans and to develop communications highlighting . . . [their] program’s strengths and opportunities.”
|SURVEY HIGHLIGHTS||RECOMMENDEND ACTIONS|
|1. Overall, IG programs are more prevalent, better-designed, and inclusive of ESI. However, many essential implementation elements are not being addressed.||
|2. Effective IG is increasingly recognized as an imperative for corporate compliance and risk mitigation. Coordination and integration is on the rise.||
|3. While improvements are reported in the management of some ESI, information governance must modernize or forever be losing in a game of catch-up.||
|4. Legal Hold processes are more commonplace, but over-preservation is an immense challenge to the implementation of effective information lifecycle controls, thereby contributing to future risk and complexity.||