Proceedings of the Standing Senate Committee on Legal and Constitutional Affairs, 32nd Parl, 1st Sess, No 67 (23 June 1983)
By: Canada (Parliament)
Citation: Canada, Parliament, Proceedings of the Standing Senate Committee on Legal and Constitutional Affairs, 32nd Parl, 1st Sess, No 67 (23 June 1983).
Other formats: Click here to view the original document (PDF).
Thirty-second Parliament, 1980-81-82-83
SENATE OF CANADA
Proceedings of the Standing
Senate Committee on
The Honourable JOAN NEIMAN
Thursday, June 23, 1983
Issue No. 67
Fifteenth proceedings on:
Bill S-33, “An Act to give effect, for
Canada, to the Uniform Evidence Act
adopted by the Uniform Law Conference
(See back cover)
THE STANDING SENATE COMMITTEE ON
LEGAL AND CONSTITUTIONAL AFFAIRS
The Honourable Joan Neiman, Chairman
The Honourable Richard A. Donahoe, Deputy Chairman
The Honourable Senators:
*Ex Officio Members
ORDER OF REFERENCE
Extract from the Minutes of the Proceedings of the Senate, December 7, 1982:
“Pursuant to the Order of the Day, the Senate resumed the debate on the motion of the Honourable Senator Lewis, seconded by the Honourable Senator Barrow, for the second reading of the Bill S-33, intituled: “An Act to give effect, for Canada, to the Uniform Evidence Act adopted by the Uniform Law Conference of Canada”.
After debate, and—
The question being put on the motion, it was—
Resolved in the affirmative.
The Bill was then read the second time.
The Honourable Senator Frith for the Honourable Senator Lewis moved, seconded by the Honourable Senator Olson, P.C., that the Bill be referred to the Standing Senate Committee on Legal and Constitutional Affairs.
The question being put on the motion, it was—
Resolved in the affirmative.”
Charles A. Lussier
Clerk of the Senate
MINUTES OF PROCEEDINGS
THURSDAY, JUNE 23, 1983
The Standing Senate Committee on Legal and Constitutional Affairs met this day at 11:20 am., the Chairman, the Honourable Senator Joan B, Neiman, presiding.
Present: The Honourable Senators Deschatelets, Godfrey, Lapointe, Neiman and Rousseau. (5)
In attendance: Mrs. Monique Hébert, Research Officer, Law and Government Division, Research Branch, Library of Parliament.
From the Association of Records Managers and Administrators:
Mr. Jake Knoppers;
Mr. Ron Taylor;
Mr. Mark Hopkins.
The Committee resumed consideration of Bill S-133 intituled: “An Act to give effect, for Canada, to the Uniform Evidence Act adopted by the Uniform Law Conference of Canada”.
On motion by the Honourable Senator Godfrey, it was agreed,—That the brief presented by the Association of Records Managers and Administrators be printed as an appendix to this day’s proceedings. (See Appendix 67-A).
Mr. Knoppers made a statement, and he and the other witnesses answered questions.
At 12:20 p.m., the Committee adjourned until the call of the Chair.
Clerk of the Committee
Ottawa, Thursday, June 23, 1983
The Standing Senate Committee on Legal and Constitutional Affairs to which was referred Bill S-33, to give effect, for Canada, to the Uniform Evidence Act adopted by the Uniform Law Conference of Canada, met this day at 11.15 a.m., to give consideration to the bill.
Senator Joan Neiman (Chairman) in the Chair.
The Chairman: Honourable senators, I thank you for being here today. We have with us today witnesses from the Association of Records Managers and Administrators. I understand, first, that the brief which has already been circulated to honourable senators will not be read but that our guests will simply comment on various aspects of it. Therefore, I should like a motion to append the brief to the record of the proceedings.
Senator Godfrey: I would like to point out that I have read the brief and that, therefore, I enthusiastically move that we do not hear it reread and that it be appended to today’s proceedings.
The Chairman: Is it agreed, honourable senators?
Hon. Senators: Agreed.
(For text of brief, see Appendix.)
The Chairman: Perhaps, Mr. Knoppers, you would like to introduce your colleagues, after which you can proceed with your remarks, which will be followed by questioning.
Mr. Jake Knoppers, member of the Canadian Legislative and Regular Affairs Committee of the Association of Records Managers and Administrators: Thank you, Madam Chairman. Honourable Senators, I am very glad to be here today representing the Association of Records Managers and Administrators. I would like to introduce to you, on my left, Mr. Ron Taylor, who is an expert in computer systems for big companies and on my riht Mr. Mark Hopkins, who is also an archivist and a manager who has done several studies on the problem of the admissibility of evidence from a practical standpoint.
We are members of the Canadian Legislative Affairs Committee on the Association of Records Managers and Administrators. We represent about 900 information and records managers, who are professionals across Canada. They are the people in the trenches who are responsible for the maintenance of record-keeping systems in paper, microfilm, and, increasingly, in machine-readable form.
During the past few years we have seen a tremendous increase in the introduction of microfilm and automated support systems for record keeping. Although initially just an administrative tool in areas of finance, computerized recorder information-keeping systems have developed to the stage where they have become indispensable to the day-to-day operations of organizations. In many cases today, an organization could not function—it would go out of business—if it did not make use of these technologies. At the same time, to remain
competitive domestically as well as internationally, Canadian businesses both large and small must make use of these new computer communication technologies.
On a day-to-day basis, record managers are faced with having to give advice to senior management on the cost saving in switching from one record-keeping system to another. Because most of the record managers are also responsible for the vital records program of an organization that they serve, from a practical point of view they also have to look at the question of the admissibility of evidence.
Regarding the Uniform Evidence Act, we applaud whole-heartedly the work done by Mr. Tollefson and his group. As to Bill S-33, we support its intent, direction and the idea of a single form of legislation at the different jurisdictional levels. When we took the bill to the lawyers in the different companies we serve, we received conflicting advice as to what it would mean to the day-to-day operations of a business.
Basically, from a practical point of view, we offer three suggestions to honourable senators. As an organization we are quite aware of and keep track of all legislation which impacts on record-keeping practices. First, we would very much like to see a uniform definition of the word “record”, because we have noticed some discrepancies. If this is not possible, we would like at least the assurance that the definition of “record” in federal statutes is consistent and in harmony from one statute to another, and that it does address the realities of computer communications. We make specific reference, in this respect, to the Access to Information Act and the Privacy Act, which will become law on July 1—I suppose it is our Canada Day present this year—wherein there is a definition of “record” which is going to serve the federal government as a whole. It also introduces a new legal concept—and we are more concerned here with the concept-that a record which does not exist but which can be created using existing computer hardware, software and expertise, should be considered a record for the purposes of the act. Should a person have cause to obtain information from the federal government, it would be our wish that that information be admissible in court as evidence in any dispute that might arise.
The Bank Act was recently amended. Section 157 allows banks to change recorded information from one form to another with the Bank being equally applicable. This is also a concept we would like to see extended to records in general.
What is also important to us concerns proposed changes under the Criminal Code relating to data abuse or records abuse. One would certainly want to have some assurance that if unauthorized alteration or destruction of records or data is going to be constituted as mischief, that that also will be admissible in court and that the terms of a definition in both acts, would be consistent.
There is also the copyright aspect, but that is a hornets’ nest of a different nature. We would also suggest that the definition of “record” include “sets of instructions”, thereby covering software.
From our perspective-and this is our second recommendation—Bill S-33 would be strengthened if it embodied these basic concepts and if it also allowed for regulations which would apply those concepts to particular forms of record keeping and appropriate technologies. In other words, we recommend that the bill allow for the establishment of criteria whereby the output of various types of record-keeping systems would be admissible or would have a high probability of admissibility as evidence in court. One cannot, in a sense, I suppose, tie the hands of the court. However, as we are in a position where we must give advice today on the installation of a record-keeping system that the company or organization, public or private, will be stuck with for the next five years, we would like to have some assurance that, five years from now when hard copy records have been destroyed or if the records may never have existed in hard copy form, that records generated by such systems would be admissible in court.
Finally, we recommend that, in order to address present realities and future trends, Bill S-33 also be amended to allow for the concept of the admissibility of records not necessarily made in the usual and ordinary course of business but those created with a view to submitting evidence, being an accurate picture of records or of a series of events which took place at a particular point in time. More and more information is kept in data bases. Monthly or quarterly reports are produced, and if one has a certain question, the record will be created at that time. For most of the systems, especially the ones that are fairly well set up, it is possible to recreate the state of the record as it was two years before. It is then possible, in light of a demand made with respect to litigation, to create a record of what took place two years prior to the demand.
Senator Deschatelets: Madam Chairman, perhaps the witness could give a more precise explanation in this regard. Let us consider a specific case of what he has already said. Could he try to do so? I think it would be more easily understood.
Mr. Knoppers: Take, for example, a personnel record, a payroll record or a pension record, perhaps in the Canadian government system. It is maintained as a data base. An address in that data base serves not only as the address for payroll purposes, but as the address for tax records, pension records and so on. Suppose that that address is changed. If the computer system is well set up, it keeps transaction logs of all changes that were made. This accumulates over time so that, if you want to prove that a person lived at a certain address three years ago, it is possible, by going through all of the transac-
tions, to recreate the state of that record as it was three years ago.
Perhaps Mr. Taylor has an additional comment to make.
Mr. Ron Taylor, Member of the Canadian Legislation and Regulatory Affairs Committee, the Association of Records Managers and Administrators: I would like to point out that, particularly on large computer systems, there is a complete record of all transactions, changes and updates, which constitutes the history.
Senator Deschatelets: This is my point. I am thinking especially of a claim in court, and I would be satisfied with an enumeration of all the transactions.
Mr. Taylor: To be specific, in business in general, if we are looking at a claim which is a kind of exception, we would want to look at a specific month or period in the year to which the claim related, and we then go back in a computer or a microfilm record history and find the appropriate area. We would much prefer, as business, to look at our computer or microfilm system rather than have to go through a whole mountain of paper. If we are talking about an older situation that is being queried, this paper could well be in secondary storage, in the archives or in the basement somewhere.
Senator Deschatelets: I would not even contest it if it is a microfilm, a photostatic copy or a copy of any kind if I am a defendant, as long as I am able to contest one claim out of a number of transactions, because I could say, “I did not buy at that time.” You understand my point?
Mr. Taylor: Absolutely.
Senator Desehatelets: As long as I am able to do that there is nothing I can complain of; I have a right to full defence. That is my point. I do not mind whether it is a microfilm or a photostatic copy. I am ready to accept that as long as I have a full defence, and in order to have a full defence, if you have a claim against me, I need to have you show me a list of transactions and figures.
Mr. Knoppers: Our point is that that question did not arise two years ago, so the information we kept in the data base but was never put out in that form, that is as a hard-copy record. We recreate the state of the data base as it was two years ago. There are certain checks and criteria, of course, that have to be followed, which was our second recommendation. Then we create the record, in a sense, in response to litigation. I read the reports of some of your earlier sessions, where the point was made that these rights should be available equally to plaintiff and defendant, and we wholeheartedly endorse that principle.
What we would like to see in the law is recognition, as a legal principle, that, in so far as we are able to meet certain criteria to show that it is an accurate reflection of the informa-
tion used for decision-making in business or in an organization two or three years ago, we can create a printout of that situation which would be admissible in court. It is something totally different from making-up a typewritten document and back-dating it. What we are really saying is that we are confident enough about the way systems operate to say that they have the ability to prove that we did use these transaction logs and would be willing to look at them from an audit or an external inspection point of view, in confidence if necessary where trade secrets were involved.
The other aspect is that the record as such may be scattered across Canada, where we have distributed processing and data bases and have bits of information existing, which are pulled together whenever somebody asks to have them pulled together to create a record. The Access to Information Act, has a special section that recognizes that, so in our opinion what is good for the federal government may be good for society as a whole.
Senator Godfrey: When you talked about recreating records I was under the impression that you were saying you had certain basic information, but two years ago you never had any reason to have a printout of that or use it because it was not relevant to your business. When a lawsuitcomcs along it may be relevant, if you are relying on the information; you can go back and recreate this new information. You used the illustration ofa change of address, but you had the address originally, and it no doubt appeared on records. You also talk about something that never appeared on the printout.
Mr. Taylor: These are two different situations. The change of address is an update of a record.
Senator Godfrey: That is right.
Mr. Taylor: We might want to show that the person lived at that previous address earlier.
Senator Godfrey: But that has nothing to do with recreating a record from information.
Mr. Taylor: We store the record today in a series of data elements, which could represent transactions, addresses or whatever the business is into. With regard to a previous business record, if there is a transaction that took place in the normal business process three years ago, what we are faced with today is that we now have a query and might be into litigation, so we would like to query our computer or microfilm system to generate a paper document that we can now use as admissible evidence in court. Busincss’s primary reason for discussing this situation is that previously when we dealt with paper; there is generally a paper record of a transaction at the point of sale, or something like this. Business does not want to carry that paper nor can it afford to or continue to do so. We tanslate the information about the transaction for which the initial invoice, shipment, advice or whatever, was given into the computer system; then we look at that computer system at any time we want to in the future to see how profligate we were in business and to answer any queries, or whatever, as they occur. This is our requirement.
Senator Godfrey: As a layman, I can recall that Eaton’s had a disaster with a computer in respect of sending out their bills. Have you cleaned up your act since then?
The Chairman: You had better speak to Eaton’s senator.
Senator Godfrey: I am asking the industry. It is no good trying to get a law through to accept computer evidence at a time when there is all this adverse publicity and the computer is an absolute disaster in dealing with the customers’ records at Eaton’s. I just wondered whether the state of the art had improved since the days when the Bank of Montreal had a disaster which resulted in the loss of $75 million.
Mr. Taylor: I would suggest that computers have been used for 30 or 40 years, and particularly in the last 20 years, so we are on to third generation computers. The total state of the art as practised by Canadian business and Canadian government is very reliable.
Mr. Knoppers: This is why in recommendation 2 we want to allow for the establishment of criteria of what constitutes reliable systems appropriate to the technologies. For example, the government has a site inspection team for security. In more and more large companies it has started to form part of the audit stream. If those criteria were met with respect to a particular technology one would then have a high probability of the record being admissible in court. You look at the law in terms of the basic concepts and then look at the criteria as the application to the different technologies occurs, because there are different technologies and within technologies there are different levels of standards.
Senator Godfrey: On page 14 of your brief you say:
The question of data or information integrity is potentially more problematic in computer than in manual systems. A few computer commands can delete or modify digitized information while countless hours would be required to alter similar information if kept in hard copy in a manual system.
Everybody knows that even the experts found difficulties when faced with the so-called Hitler diary. They had to test the ink and and so on. With computers it is easy to fake. Yesterday we had evidence from the Canadian Bar Association, when Mr. Guthrie pointed out the difference in integrity between a computer system and using accountants and different employees whereby no one person could really do something. In a small business, let us say a one-man show, there is a computer and records. There is no problem for that man to change them some night. How do you deal with that situation in the criteria? You do not deal with that problem specifically.
You talk about security. Must the judge decide whether he is an honest man, that he has not changed it? How do you handle that problem?
Mr. Knoppers: Senator, you have made two points. First you have dealt with the trustworthiness of systems, and, secondly, the difference between large and small computers. I will let Mr. Taylor talk about trustworthiness and I will say something about large and small computers. You have mentioned some of the tremendous mistakes made by companies. There is nothing like losing $75 million to make one learn a lesson and ensure that one gets it right the next time. For example, usually people can only add data to a system, they cannot delete data. Those who delete data have to go through the normal check or verification process.
With respect to the differences between small and large businesses, yes, that is true, and one could seek, for example, different sets of criteria for systems of a certain nature or size. A small businessman like myself uses packaged programs. We keep a lot of our records in machine readable form only. If I mail a certain letter to 10 people, I use, for example, mailing list number five, my draft letter is on another disc, and I make a notation “Copy of letter sent to mailing list number five”. I do not have hard copies of that. It may be more difficult for me to present proof than it is for large companies. However, in my record-keeping practice, the records that I keep and maintain have to have the same degree of trustworthiness. It is really something for the court to decide. With respect to larger systems, a more standardized set of criteria would apply.
Mr. Taylor: On the subject of larger systems, it is in everyone’s interest—government, military, business and even individuals—to have the computer running to some form of standard. Whenever we put in a system which involves hardware and software, that system will be benchmarkcd to certain criteria. We are very much concerned that it will do an effective job for us on an ongoing basis. If we were into a testing procedure and had a computer system involving various operational tests, recovery, security and full audit, we would want that system to do a good job for us, so that we could stand up in court and say that our system was running effectively and that we could prove it, and know that our records will be accepted. If business has a target to aim at with regard to microfilm systems—there exists the national standard of Canada microfilm documentary evidence standard— then big business could actually run its microfilm systems to that, so that we were all running to an accepted standard. We suggest that there should be similar standards laid down for computer systems. They can be easily installed, checked and controlled on larger systems, which would be good for both business and the individual.
With regard to small systems, it is much more difficult, since they do not have the same security, audit and recovery capabilities. The mini-computer business in Canada is booming. Both large business and individuals will be using their own small desk top computers, and we should take into consider-
ation the fact that we need to do something in that area, because it is in the individuals interest that records from smaller computer systems are also admissible.
The Chairman: I just want to interject at this stage to ask a supplementary. In drawing these criteria, can you suggest a reliable line of demarcation between the two kinds of computer systems? Is there technical demarcation where you could say “These are the systems that should come under this particular set of criteria and the rest should go into another set”?
Mr. Taylor: It is much easier to meet criteria on a large system that will be used by large and medium-size business.
The Chairman: When you say “a large system,” are you talking about the machinery or the company that uses it—the quantity?
Mr. Taylor: I am talking about the total computer equip- ment and system that a company would be using.
Senator Godfrey: To focus on my point, let us say there is a one-man operation, where, as you have pointed out, it is much more difficult to have security. What kind of criteria should we have for that kind of situation? Are we to insist that the man swears under oath that he has not altered it, because he could alter it very easily? How do we solve that problem?
Mr. Taylor: For taxation purposes, the one-man operation or small business would keep supporting documentation to substantiate what had been entered as new records into that system, however small. There can be a way of keeping such records to indicate that the system constitutes an electronic record of the original paper document transaction entered into the system.
Senator Godfrey: So there is a way that an auditor can check on a small businessman to see that he has not altered anything.
Mr. Taylor: There could be a foundation established to say that even with a small system it was legitimately and effectively completed. It would be much more labour intensive to do that on small systems than on the general purpose business computer that small, medium and large business would use. They have a lot of system checks for all parts of the system as it is used, right from the start of transactions to final management reporting. There are a lot of self-checks.
Mr. Knoppers: Mr. Hopkins has some comments to make. Technology is changing fast, and I believe that it should be up to the individual or company to show that they could meet the criteria and be able to demonstrate that in court. They would have to show that they met the criteria, be it through audit, annual statements or inspection. That is the type of approach which should be followed.
Mr. Mark Hopkins, Member of the Canadian Legislation and Regulatory Affairs Committee, the Association of
Records Managers and Administrators: We have touched on an interesting analogy that is worth developing. If I, as a small businessman, keep my own books, then perhaps, in the eyes of the court, that becomes slightly more problematical for me in attempting to enter them as evidence, than if I were a large corporation with Price Waterhouse auditing my financial activities. Part of the decision as to whether I do the books myself or hire someone else to do it, and the type of people that I hire to do it, becomes a business decision which I have to weigh. I have to consider whether the cost of it is justified in terms of the end that I am trying to achieve. It is far easier for the person with the small micro-computer system in the office to give oral evidence or first hand evidence, than it is to bring in an army of experts on a large national or international system. So I think that in additin to the comments made by my colleagues about applicability of criteria of trustworthiness, there is also a practical aspect, that being, who can come into court and give evidence.
The Chairman: Mr. Taylor, we will now hear your presentation.
Mr. Taylor: The concern of most businesses is that the Canada Evidence Act reflect the times in which we live. Increasingly, computers are being used by smaller businesses and individuals. It is effective for businesses to keep their records on computer and microfilm systems. For instance, many large companies have electronic word processing equipment, which has replaced the typewriter. These word processors can often be connected throughout a company to form a network. So rather than move paper documents around the business, it is moving electronic documents, in terms of electronic mail, to the principal so that the principal can make effective business decisions. This system is also available for the principal to obtain information as it is needed and it is much more effective from a business point of view to obtain information out of the computer or microfilm system than to go searching through a lot of paper. It is convenient, cost-effective and it is good for Canadian competitiveness on a world scale.
So what we would like to see are standards similar to that, for instance, the government instituted with regard to microfilm, apply to computer systems. We would like to work with you to develop these standards. That is my main point. If we have these standards suggested by Canadian bankers, British computer legislation, etc., business will be pleased to comply.
The Chairman: Mr. Hopkins?
Mr. Hopkins: Perhaps the first consideration for anyone litigating evidence is to get in as much of your evidence as possible and keep out as much of your opponent’s evidence as possible. In looking at the development of the Evidence Act and common law aspects of evidence one of the problematic outcomes is te extensive case law that we have, such as the ten volume work of Wigmore on evidence. We are somewhat
concerned that this growth may continue to develop in the area of business records, although in the 1960s evidence acts were being adjusted to meet the existing work situations in private and government offices. In other words, the industrialization of office activities is to some extent met by the inclusion of sections dealing with business records where you have anonymous people doing various things to pieces of paper. When we move into the computer era, we will have even more anonymized activities going on, since we will not know who exactly wrote a certain thing. We may also have a situation where a hard copy document was never even created.
I think that the thrust of present evidence law tends to deal with classes of records. For example you have public records, business records, bank records, medical records. From a layman’s point of view, I suggest that what the courts and people need is trustworthiness, not classes of records. So the recommendations that we have set out in our brief are aimed at working towards establishing trustworthiness because that is what the courts, business and society needs.
Senator Deschatelets: First, I would like a little more information about your association. You are speaking on behlaf of the Association of Records Managers and Administrators. Where are you situated in this computer era?
Mr. Knoppers: Records management came into being after World War II when both business and government paper system began to expand. These people are in charge of keeping the company’s records, organizing the filing systems and so on; a costly, voluminous andlabour intensive exercise. At first, microfilm became the new technology for the storage, ease of copying and ease of use of information. From an organizational and operational point of view, the idea is to microfilm documents which are used in the daily course of business. This led to the question of the legality of microfilm as evidence in court. That was our first encounter, you might say, with the new technologies.
Over the past 20 years, computers have become involved in more areas when such routine administrative areas as finance and personnel records where things are rather straightforward. Now, more and more of the total information being handled in a company may exist in electronic form only.
Where do records managers fit into the scheme of things in a corporation? Some may be at the bottom of the totem pole and others may be in charge of the information management for the whole company.
Senator Deschatelets: But are companies hiring your services to determine what kind of system they should install and are you supervising the installation of the system? Is this what you are involved in?
Mr. Knoppers: We are involved in the actual running of the records within an organization, setting up the filing system, microfilm retrieval, cost benefit analysis and so on. Every company has a records analyst or people of that nature. As the company begins to look upon information as an asset, records managers, information managers, EDP people, microfilm people etc. are converging together. The involvement of records management spans everything from a straightforward filing clerk to people in charge of organizations dealing in information.
Senator Deschatelets: At the bottom of page 12 of your brief you give criteria which the government should follow in amending Bill S-33. The criteria include proof of the sources of the information recorded, proof that the information in the data base was recorded, proof that the entries into the data base upon which the printout is based were in the regular course of business and so on. Recently we had before this committee the Canadian Payments Association.
Let me just refer to one of the recommendations of the Canadian Payments Association which is much simpler. They said:
It seems to us that, subject to certain safeguards to which we will later refer, a better approach would be to declare that an intelligible record produced over the hand
of an officer of a financial institution. . .
(i) is an original of the transaction;
(ii) is admissible into evidence as proof of that transaction; and
(iii) in the absence of contradictory evidence, is conclusive in law of the accuracy of the information therein recorded.
That agency and other corporations which operate in this field told us that they did not want to be hauled into court to prove and to establish the complexity of these computers, because that would require more than one expert and there would be no end to the matter. It would be very expensive. They don’t want that.
In view of the fact that you have established a system and give advice to companies about what in your view is the best system, I am somewhat surprised at your position. You list a number of criteria here and there seems to be no end to it. If we were to put that into Bill S-33 it would cause great difficulty for these organizations. Surely you don’t want that.
Mr. Knoppers: I don’t think there is a contradiction here. We are looking for certain criteria so that a system, if it met those criteria, could be certified so that from a practical point
of view there would be no need to bring in a whole army of experts.
For example, here we give some of the criteria which, although not in the law itself, would come out as regulations or would be pursuant to the law in terms of a legal instrument, and that would make for a practical applicability.
Actually, with respect to the Canadian Payments Association or the Canadian bankers, although their systems seem fairly complex, they are really relatively simple in that they are single-function organizations. Consequently, there should be no difficulty in having their systems certified by a party who would be acceptable to both plaintiff and defendant and perhaps to the court.
We are saying here that the proof of the sources of the information recorded is that one does have an adequate set of documentation with respect to how the data is to be entered, or was actually entered at a certain point in time. That would involve being able to show how the information was entered and that the way in which it was entered left little chance for error or alteration. In other words, these are really data integrity criteria which could be used as a set of standards which one would have to meet and with which one could deal.
When you talk about business records in general, you also have to include textual information, information, which never appears in hard-copy form, such as words, graphics, etc. as opposed to numbers or payments or financial records or things of that sort. We would like to see some of these things generalized as concepts in law and made equally applicable to all businesses.
Certain types of businesses will find it easier in the beginning to meet these criteria. They are large and well organized and cannot afford to make mistakes. A number of businesses operate in the same areas—for example, banks and financial institutions—and perhaps they could work out with the appropriate authorities just what might be considered an acceptable set of criteria or standards in that specific area.
The reason we included these criteria was to give you some indication of what we consider to be elements of data integrity, emphasizing what Mr. Hopkins referred to as “trustworthiness.” We are saying that if these criteria or standards are met and one can demonstrate that as a fact—and perhaps one would not necessarily have to do that in court but could do it through some audit procedure—then there would be a high probability of the admissibility of the evidence.
Senator Deschatelets: Would you agree, then, with the recommendation of the Canadian Payments Association that an intelligible record could be produced over the hand of an officer of a financial institution to be recognized as an original record of the transaction without the necessity of an accompanying affidavit? Would you be satisfied with that?
Mr. Hopkins: I have a concern with that, senator, in that I believe it tends toward the area of introducing self-serving evidence.
Senator Deschatelets: Yes, I can see that.
Mr. Hopkins: Yes, I would have some concerns about that. There was an interesting editorial in the Globe and Mail some time ago which commented on the review being done with respect to trust companies which had run into problems in Ontario. Apparently one comment by the person in charge of the business was that, of the files that he reviewed, there was not a single file that was complete. It might be possible to record the conjecture that had Greymac Trust gone forward to court prior to the situation in which they found themselves an officer might have been quite willing to sign some document. I have some concerns about that.
Senator Deschatelets: I think we have to keep in mind that there are classes of documentation that do disappear after a certain length of time. For example, banks do not keep their cheques forever. In such cases it will be impossible for the banks to produce the original documents.
Mr. Knoppers: There we look at the data base as the total record from which you can make a mini-record at any point in time. Again it is a question of legal concepts which could be worked out in practice. For example, the record of a transaction that takes place in an automated teller exists, but it exists only as part of a large data base which exists in different places. Because there is one record for the whole company which is now dynamic and is changing and is spread out over the whole of Canada, if you want an extract of the company record, it is created at the time. Moreover, at the time it is created it is an original. The terms, “originals” and “duplicates” and so on are hard-copy concepts in terms of a record.
Therefore, if a business relies on its data base for day-to-day decision-making and deems that to be the best information available for its decision-making, then that is the basis on which it makes its decisions and that perhaps should also be the basis on which that information should be judged admissible.
Senator Deschatelets: I think everyone would agree that we have already entered the electronic era and that that has begun to affect many aspects of our way of life. Obviously, we must adjust to the changes and so must the legislators. Perhaps one of the purposes of Bill S-33 is to try to make such an adjustment. But in adjusting to this electronic fact, we must not forget the human aspects. Do you agree?
Mr. Knoppers: This is why I think Mr. Hopkins made the point about trustworthiness, and we would very much like to see this type of legislation introduce basic principles which apply, regardless of the technology to date. At present the law is rather narrowly focused and within itself includes a number of definitions which were tied in to a certain mode of representation or transmission of records. What the use of computers and communications has brought into focus is that if the law is tied to a particular technology—in this case hard copy and to
some degree perhaps microfilm—that quite soon inequalities, conflict in the law and therefore frustrations with the law will occur. This is why the three recommendations which we have made are fairly short. These are not nickel-and-dime recommendations but an effort to refine, in the area of evidence, a uniform definition of record; the ability under regulatory powers to apply these basic principles to certain technologies that are being used in the creation of information and records. In the third recommendation is really the recognition of a principle; it is really the same concept that was adopted by Parliament in the access to information legislation—that a record which does not exist but which can, in response to an inquiry, be created from the organizational record and shall be deemed to be an accurate record under this bill. The criteria would have to be worked out, but it would be based on data integrity or the general term of trustworthiness, insofar as any organization using these technologies can meet these criteria. For some it would be easier than for others but they should have some degree of assurance that the records which are produced—these extracts—would be admissible as evidence in a court of law.
Senator Lapointe: Even if the system is trustworthy, as you say, where do the computer criminals fit into your scheme of things?
Mr. Knoppers: A few months ago, the Department of Justice was kind enough to sponsor a national conference on proposed changes to the Criminal Code of Canada in Toronto, in which ARMA, the Canadian Information and Processing Association and others took part and there, with respect to those proposed changes, we made the same point; that those changes should be of two sorts, One, is where the computer is an object of abuse—and this is the other part of the telecommunication device unauthorized acts or theft of time—We said that with respect to data abuse, it is unwise to tie yourself into a particular form of information because that fostes inequality, It would be preferable to talk about record abuse—that is unauthorized alteration, destruction and modification of records—under the control of an organization which by-passes the ownership question of the records that were being used. We made the same point there, basically, about information being used in an organization, in whatever form, and we introduced the concept of record abuse, where someone takes action against that information being used and causes an individual or an organization some harm, and that harm is of sufficient weight to warrant being a mischief under the act, Again, it would have to be up to the organization to show that the record was under its control; that it had adequate safeguards in place and the person could not plead innocence.
The same kind of data integrity, trustworthiness and checks in use in these organizations could also serve as a bench mark
with respect to any criminal proceedings, should the Criminal Code be amended to address these technologies also.
We are very much concerned about this question. At present there is no action that one can take against an employee who maliciously, on his last day of work, alters something in the system which does not show up until two years later, or against people who try to break into the system, which we distinguish from making changes to the records themselves. We also feel very strongly that that legislation should be amended, and the point we are making here is that any definition of record abuse or any amendment under the mischief section should be in harmony with the evidence act so that that kind of evidence can be admitted in a court of law. That may sound trite, but I think it is something that has to be kept in mind that, as Senator Deschatelets said, when different pieces of legislation are being amended, they should all have the same basic objectives, and then the basic principles of law pertaining to evidence and the Criminal Code can be applied to those independent technologies. If we use practical types of regulations which can be tested in court and which are in harmony with these principles, this would give practical guidance to the people who work with records.
Senator Lapointe: We heard from a group who asked that the words “which reflect accurately” be deleted from the bill. Are you of the same opinion, or what do you think about that?
Mr. Taylor: I would like to continue on the point of security in the criminal aspect, if I may. Is that still timely?
The Chairman: Yes, certainly. We will come back to this other question later.
Mr. Taylor: Business very much wants to protect itself from fraud or from the malicious employee, and most business systems will be backed up, as we explained earlier, by complete key transactions, records and histories so that even if there is some malicious intervention, as soon as you find this you should be able to go back and see what the previous date of employment was, and make an adjustment.
In business, most systems are duplicated as part of the normal operation. For instance, in banking systems, each transaction is duplicated so that if one copy of that transaction is mislaid in some way, we still have failsafe system which is protecting our business. Obviously, this also protects the individual.
Mr. Knoppers: Senator Lapointe, you had another question?
Senator Lapointe: I asked a question relating to clause 130 of the bill. We had a group here previously who wanted the words “which reflect accurately” deleted from this clause. What do you think about that?
Mr. Knoppers: In order for businesses and people to make decisions, they have to have accurate and timely information. Personally, I cannot see why that should be deleted. Thar strikes at the heart, in a certain sense, of the admissibility question, that these records accurately represent the state of information on which business decisions are made. I have difficulty understanding the context in which such a suggestion would be made. It would certainly damage the integrity and the credibility, which is really what one is asking the court to accept with this type of proof. Senator Godfrey alluded earlier to expert witnesses on ink, handwriting and paper etc. This is of a totally different nature from that of the electronic mode.
Senator Lapointe: So you do not object to that?
Mr. Knoppers: We would want it to accurately reflect the fact, at least, that business decisions are made on accurate and timely information. I do not really understand the context in which one would want to have that deleted.
Senator Deschatelets: I do not want to encourage the discussion which we had with others a week ago, but perhaps the phrase “comprehensive output” would be better than “intelligible output”. I do not like the word “intelligible”.
Mr. Knoppers: Comprehensive may be misread at some point in time as a complete dump or printout of the whole computer system’s information. It may give cause for that, but perhaps some other accommodation can be found.
Senator Deschatelets: Perhaps the one who drafted this is more knowledgeable than I. It is only at first sight that I do not like the word “intelligible”.
The Chairman: On behalf of the members of the committee, I should like to thank the witnesses for their very helpful presentation this morning.
The committee adjourned.
ON BILL S-33
THE CANADA EVIDENCE ACT, 1982
SUBMITTED BY THE
CANADIAN LEGISLATIVE AND
REGULATORY AFFAIRS COMMITTEE
ASSOCIATION OF RECORDS MANAGERS AND
GERANTS ET ADMINISTRATEURS
GESTION DES DOCUMENTS TO THE
SENATE COMMITTEE ON LEGAL AND
23 June, 1983
TABLE OF CONTENTS
II. MAIN ISSUES
B. Uniformity in federal legislation of the definition of record
C. Need for a Code, Standards or Set of Guidelines Governing the Practical Aspects of Admissibility of Records as Evidence
D. Admissibility of Records “Created” from computer data bases at time of litigation
A. Uniform definition of “record” in federal legislation
B. Need for a Code, Standards or Set of Guidelines governing the practical aspects of admissibility of Records as evidence
C. Admissibility of Records “created” from computer data at time of litigation
IV. CONCLUDING REMARKS
The association of Records Managers and Administrators, Inc. (ARMA) is a non-profit professional association organized to promote interest in records and information management. It provides a forum for research, education, professional standards and exchange of ideas.
ARMA’s goals are to foster professionalism, develop workable standards and practices,and to furnish a source of guidance to more than seven thousand (7,000) Canadian and U.S. information and records management professionals in business, industry, government and education.
This brief is written and submitted on behalf of the more than nine-hundred (900) information and records management professionals organized in ten Chapters Across Canada. In their capacity, they assist in the development of policies and
strategies affecting the production, distribution, storage, protection and final disposition of information regardless of the media or process used during its life cycle.
In particular, on a day-to-day basis it is the ARMA professional who is charged with ensuring the most efficient and cost-effective management of the information resources (or records) of the institution served. This more often than not includes responsibilities for micrographic operations and essential or vital records programs. In other words, ARMA members are on the front line ensuring proper management and protection of the information assets of the corporation or government institution which they serve.
Therefore, as key members of a large interdisciplinary team involved in the information process within an organization, we are acutely aware of the present difficulties encountered in the admissibility of records of an organization as evidence before the Courts especially when they are presented in the same form and format as they are actually used in the day-to-day operations of the organization, i.e. microfilm or computer-generated records.
II. MAIN ISSUES AND CONSIDERATIONS
The records manager has had the historic functional responsibility for the control, storage, maintenance, retrieval and disposition of the records of the organization. In addition, the records manager also has responsibility for the vital records program. As such, ARMA members represent those in the organization who have the line responsibility for managing and protecting the organization’s information assets as represented by the records under its control.
During the past few years, records in micrographic or in machine-readable form and associated automated or computer support systems have grown markedly in their importance to the functioning of the organization. Although initially more of a planning and administrative support tool, computerized record/information-keeping systems (CRIKS) have developed to the stage where they have become indispensible to the day-to-day operations of the organization. Not only is this true for large companies and government agencies but also increasingly so for medium and small-sized entreprises. For most organizatons and especially business, the prevalence of use of CRIKS is essential to their corporate survival and ability to reduce costs so that they can remain competitive in their field. In addition, an increasing number of functions essential to either the operation of the company itself or to the delivery of products and services are not possible to execute without the use of computer/communication technologies which is now widely used in the usual course of business.
As a result, it is no longer just a question of admissibility of evidence resulting from the conversion from paper records to microfilm or computerized systems but more importantly of record-keeping systems which may rarely have output in a hard-copy form. Yet at the same time, paper records will continue to be used for some time to come.
From a records manager’s point of view, a record remains a record regardless of its physical characteristics or medium of storage. Whether one chooses to call it data, information or record makes no difference from a corporate point of view. A record is that informational entity which both records the actions and provides the input into decision-making processes of the organization.
It is true that in most organization, responsibility for managing CRIKS has been segmented in a variety of ways among DEDP managers, word processing managers, users the records manager and others. However, the latter still retains basic line responsibilities for identifying and protecting the organization’s vital records. The fact that information is an important resource or asset of the organization is accepted by all and is finding its expression in the appearance of the Information or Information Resource Manager.
In the meantime, ARMA members have become very concerned about the fact that they cannot take full advantage of the new technologies to provide more efficient and cost-effective services to their organization. If they do they may jeopardize their potential for successful litigation, as either defendant or respondent.
To date, case law or jurisprudence offers conflicting points of view and provides no clear picture of procedures or guidelines to be followed by record keepers to ensure that records created with the use of new technologies will be admissible as evidence in court now or five, ten or twenty years hence. They find themselves and their organizations facing difficulty and uncertainty when considering the possibility of being involved in litigation in that some records created in the normal course of business may not be admissible as evidence in court.
Consequently, ARMA whole heartedly endorses the efforts of the federal government to amend the Evidence Act so that it applies to and is made relevant to the use of a variety of proven technologies which businesses now use (cannot afford not to use) to maintain and manage their data or records. It should also be noted that the introduction of new technologies in business is a key in ensuring that Canadian businesses will stay competitive in world markets.
B. UNIFORMITY IN FEDERAL LEGISLATION OF THE DEFINITION OF RECORD
Rapid advances and increasingly wide diffusion of computer/communications/information technologies have a profound impact on society and in a number of new areas of activity. There is a need for laws and regulations which state what are appropriate codes of conduct or practices in these areas. Many existing laws and regulations have been rendered either obsolete or irrelevant by the use of new information technologies. In addition, policy conflicts are arriving as the technologies converge, e.g. one can send electronic mail using Tclidon either via cable or telephone. If sent via cable the carrier is responsible for content, if via telephone the carrier is not.
In response, the federal government is either amending existing legislation to cope with the new technologies or in new legislation has sections which attempt to address issues raised by the new technologies.
However, there appears to be a lack of uniformity in revised and new federal legislation in the definition of record.
1. The Proposed Uniform Evidence Act
The draft Uniform Evidence Act (Bill S-33) defines a record in Section 2 as,
“the whole or any part of any book, writing, other document, card tape, photograph within the meaning of section 130 or other thing on, in by means of which data or information is written, recorded, stored or produced”.
The Section 130 referred to defines “original” as meaning:
“(a) in relation to a records, the record itself or any facsimile intended by the author of the record to have the same effect,
(b) in relation to a photograph, the negative and any print made from it, and
(c) in relation to stored or processed data or information, any printout or intelligible output shown to reflect accurately the data or information”.
The Ontario Evidence Act (1980) addressed the question of records kept in micrographic or machine-readable form by giving a very broad definition of “record”. Section 35(1) defines a record as,
“any information that is recorded or stored by means of any device”.
2. Interpretation Act (1970)
The Interpretation Act (1970) defines “writing” as,
“writing or any term of like import includes words printed, type-written, painted, engraved, lithographed, photographed, or represented or reproducted by any mode of representing or reproducing words in visible form”.
3. Bank Act (1980)
In 1980, Parliament revised legislation pertaining to banks. The Bank and Banking Law Revisions Act (1980) takes into account the new information technologies. In Section 157, “form of records” is defined as follows,
“(1) All registers and other records required or authorized by this Act to be prepared and maintained by a bank including any entries, books, vouchers, paid instruments, signature cards, signing authorities and other documents and papers in the possession of the bank may be in a bound or loose-leaf form, or in a photographic film form, or may be entered or recorded by any system of mechanical or electronic data processing or any other information storage device that is capable of reproducing any required information in intelligible written form within a reasonable time and
registers and records maintained in any may and be converted to any other form”.
The Bank Act thus defines record in a technology independent fashion. For the purpose of this Act, the changing from one form of recorded information to another is allowed for with the provisions of Act remaining equally applicable.
The Bank Act also provides some guidance with respect to data integrity and the unauthorized alteration or destruction of records when by assigning certain responsibilities and setting certain requirements with respect to the management and protection of bank records. Section 157 (3) reads,
“A bank and its agents shall take reasonable precautions to,
(a) prevent loss or destruction of;
(b) prevent falsification of entries in; and,
(c) facilitate detection and correction of inaccuracies in the registers and records required or authorized by this Act to be prepared and maintained.”
The question posed in the context of Section 157 (3), “What recourse does one have under law (apart from common law or torts) against persons who cause conditions (a) and (b) to occur in the recorded information of an organization?” But more importantly, from the perspective of a revised Evidence Act, “What are considered to be reasonable precautions to ensure data integrity?
4. Access to Information Act (1983)
More recently Parliament passed the Access to Information and Privacy Act (Bill C-43). While this legislation has yet to be proclaimed, (it is expected to be proclaimed in July, 1983), it does very deliberately address the question of machine-readable records in two specific ways. First of all, it defines a “record” as including,
“any correspondence, memorandum, book plan, map, drawing, diagram, pictorial or graphic work, photograph, film, microform, sound recording, videotape, machine-readable record, any other documentary materials, regardless of physical form or characteristic and any copy thereof”.
Further, the Act recognizes that data in CRIKS is basically stored as dissaggregrated data elements which through utilizing the appropriate software are produced in an intelligible form. Section 4(3) states that,
“For the purpose of this Act, any record requested under this Act that does not exist but can, subject to such limitations as may be prescribed by regulation, be produced from a machine-readable record under software and technical expertise normally used by the government shall be deemed to be a record under the control of the government institution”.
This section thus introduces an aspect of “records” which in our opinion will be very useful when considering amendments to the Evidence Act. The ability to manipulate disaggregated data for specific outputs is done in the usual course of business in many government and private sector organizations.
5. Draft Bankruptcy Act
It is also useful to note that the proposed Bankruptcy Act (Bill C-12) defines a “record” as
“any data or information relating to the property or affairs of a person including data or information prepared or maintained in a bound or loose-leaf form or in a photographic film form entered or recorded by any system of mechanical or electronic data processing or any other information storage device that is capable of reproducing any required information in intelligible written form within a reasonable time”.
6. Draft Combines Investigation Act Amendments (1977)
Amendments proposed in 1977 to the Combines Investigation Act, dealt with the question of machine-readable records by extending the definition of book, paper, record or other document to include “other things” and under Section 10(1) would grant the Competition Policy Advocate the power to,
“Examine, copy or take away or is in the course of examining, copying or taking away any book paper, record or other document or any thing on which information is or may be recorded.”
7. Proposed Amendments to the Criminal Code pertaining to computer crime and data / record abuse
Finally but most importantly, one should note that the Department of Justice is currently in the process of drafting amendments to the Criminal Code which would in effect make a “mischief” unauthorized destruction, alteration, falsification or creation of computer date, i.e. date abuse. While no firm proposal to this effect have yet emerged in the public forum, we do have a strong opinion that such an amendment to the Criminal Code has a definition of record which is in total harmony with Bill S-33. One must be certain that any and all information, documention date or record abuse, if made a Criminal offense, be admissible in court as evidence.
One must also not lose sight of the need to amend Section 300 and 324 dealing with fraudulent destruction of documents of title and forgery. Currently, a “document” is defined here as “any paper, parchment or other
material used for writing marked with a matter capable of being read, but does not include trade marks or articles of commerce or inscriptions of stone or metal or other like material”.
In light of the increasing use of CRIKS to store records of significant legal and financial value such a change is necessary as magnetic tapes, magnetic disks and even film and video disks depend on a magnetized metallic strata to record information and are thus in fact “inscriptions of metal or other like material”.
No doubt other federal legislation exists which introduces legal definitions of a “record”. The examples cited above do indicate a lack of uniformity in definition. From a very practical point of view, records managers and the organizations they represent would very much favour a single definition of “record”, for all jurisdictions (federal, provincial). If this is not possible, one should at least have the assurance of harmony of federal legislation so that from a practical point of view, the application of definitions of record are uniform.
C. NEED FOR CODES, STANDARDS OR SET OF
GUIDELINES GOVERNING TIIE PRACTICAL
ASPECTS OF ADMISSIBILITY OF RECORDS AS
Even if what is a “record” under Bill S-33 is defined in a technology independent fashion, which appears to be the intent of S-33, the Bill contains no guidelines as to what criteria would significantly heighten the probability of “recorded information” being accepted as evidence in legal proceedings, and given proper weight.
ARMA does recognize that the Task Force of Uniform Rules of Evidence did state in its report that (p.399),
the majority of the Task Force feels that it is not necessary to refer to the standard bccause standards in the technological field such as this one tend to change fairly quickly, and the Act could become out of data almost as soon as it was passed . . . The Task Force does, however, strongly recommend that government and industry follow the procedures as set out from time to time in the National Standards of Canada on Microfilm as Documentary Evidence. (i.e. CAN. 2-72.11-79).
Arma’s is of the opinion that as for microfilm that standards or criteria appropriate to the information technology utilized be developed and recognized in law.
ARMA is also aware of the serious objections raised by the Canadian Bar Association. (in their preliminary brief on Bill S-33) against the codification of procedural matters in litigation especially in those areas where the current version of S-33 may cause problems in the court where civil law applies.
With respect to technical questions in the computer field, ARMA defers to the position of Canadian Information Processing Society (CIPS). In particular, CIPS has made recommendations pertaining to Section 171 (1), Section 30 and the question of “usual and ordinary course of business”.
Nevertheless, ARMA is strongly of the opinion that Bill S-33 should include mechanisms which provide for criteria for enhancing the admissibility of various forms of “recorded information.” We do so from a very practical perspective.
In a number of areas, the use of the new technologies has passed the point of no return, ie. one would go out of business if one had return to paper or hard copy operations. Each day records managers are confronted with questions from manage ment about converting from paper-based systems to microimage systems, computer systems and combinations of both. Such systems represent considerable amount of investment and are put into place with a time horizon of five, ten or even twenty years; i.e. once the decision is made to go to these systems most changes down the road relate to improvements.
The entry of the information (data entry) and recording of the information can take place simultaneously at several different places. This is at variance with the fact that in general the law prefers documents which are produced at the same time and in the same place as the events which they record.
Those undertaking the actual conversion or those carrying out the actual “record transaction”, e.g. data input, data managers, etc. may not be alive or locutable when the time comes to give evidence in Court. Courts generally prefer testimony from individuals having direct personal knowledge of the transaction. In addition, what is considered a “transaction” can involve several people, i.e. the programmer who developed the applications software, the company who manufactured the hardware (and operating system), the data entry person (responding to a telephone call), the data manager, the manager of the EDP centre, etc.
To remain competitive businesses have no choice but to adapt to the use of computers as quickly as possible. This is just as true for the large multinational company with its huge mainframes as the small businessman with his microcomputer. Economic pressures leave no other choice. Even individuals are starting to use microcomputers to keep track of daily household activities, expenses and correspondence. (A 5 or 10 megabyte Winchester disk drive can store most of one’s per sonal records for a year or two.)
A conversion to a CRIKS whether by a large multinational, a small businessman or even an individual is usually a necessary and irreversable step. Guidance is needed as to what procedures must be followed to maximize the probability that the information so recorded will be admissible as evidence in Court.
To date, case law or jurisprudence provides a confusing and conflicting picture. Bill S-33 in its present form does not give assurance that this will change.
If it is not possible to codify admissibility criteria in Bill S-33, at the minimum Bill S-33 should allow for regulations which would give the government, in consultation with all parties concerned, the power to enact regulations which would set the standards and procedures to be followed for ensuring the admissibility of various kinds of “recorded information”.
Bill S-33 as it stands does not provide clear guidelines as to what actions records managers should take or what procedures they should follow to ensure that the output from their CRIKS will be admissible as evidence in Court.
From a practical perspective, we strongly urge the Committee to consider inclusion in Bill S-33, if necessary through the regulatory powers, (which can be adapted to changing technologies) a set of conditions precedent to admissibility of micrographic and computer generated records.
What is urgently needed are criteria or acceptable procedures which would ensure admissibility of recorded information in court. Hopefully, data integrity of companies would be verified as part of audit procedures. As a matter of fact, regulations on data integrity (i.e. admissibility as evidence) should eventually form part of established audit procedures. Also for financial audit and reporting purposes, information stored in CRIKS should bejust as acceptable as paper reports. The time is not that far off, that the information assets (and data integrity) of a company will be audited in the same manner as its physical and financial assets.
Members of ARMA are quite willing to assist the federal government, in cooperation with other associations, in estab lishing criteria which would have to be met precedent to the admissibility of computer-generated and micrographic records.
D. ADMISSIBILITY OF RECORDS “CREATED” FROM COMPUTER DATA AT THE SAME TIME OF LITIGATION
In response to litigation, it will often be necessary to generate a business record from data containing in a computer system in logically-connected but physically separated files in order to produce a visual, readable document or printout. Such paper records are thus not made in the usual and ordinary course of business but rather are reproductions or creations of
the “recorded information” i.e. data elements, under the control of business at a certain point in time.
By definition, a business record means a record made in the usual and ordinary course of business (Section 159) while under Section 1 a record includes the whole or any part of a tape or other things by means of which data is stored, i.e. a physical record. Advances in computer/communication technologies, have rendered obsolete the traditional concept of a “record”, as a unique entity fixed in time and place created at or near the time of the event which is recorded. In CRIKS a record is really analogous to a file folder in which bits of information or data are entered and deleted as the record is being kept up to date, In addition, these bits of data or data elements can and are utilized by several operational areas at once.
i.e. a change of address of a person if entered on a CRIKS will automatically change the employment record, the payroll record, the UIC record, the pension plan record, etc.
These “records” are logical records composed of different combinations of data elements.
Secondly, while “records” are made from data bases in the usual and ordinary course of business, these tend to be more and more in the form of daily, weekly or monthly reports on the records. Increasingly, “records” are being created on an “as needed basis” by querying the data base.
Consequently, while the data or information may exist the “record” as such, or as an object of dispute, does not exist until such a time that the “record” (i.e. any combination of data elements) is needed. In addition, the introduction of distributed data processing and distributed data bases has led to situations where parts of a “record” are scattered among several linked computer installations. Thus, an action by a person in one place may change a record or data element in a data base elsewhere. The elements of uniqueness of records frozen in time and in place which apply to physical or hard copy records thus have little or no relevance to CRIKS.
Parliament has already recognized this fact with respect to the records of the federal government by stating such in a legal principle found in Section 4(3) of Bill C-43 which reads,
“For the purposes of this Act, any record requested under this Act that does not exist but can, subject to such limitations as may be prescribed by regulation, be produced from a machine-readable record under the control of a government institution using computer hardware and software and technical expertise normally used by the government shall be deemed to be a record under the control of the government institution”.
For the purposes of the Evidence Act, the principle laid down here is “If it is possible to create a record which does not currently exist but can be created from a data base managed and maintained in the ordinary and usual course of business such records should qualify as evidence in Court.”
In addition, if it is possible to recreate the state of the data base or record at the time in question, eg the status of the personnel record or bank account as it was two or three years ago, such records should be admissible in court if that certain criteria are met. In this the criteria developed to ensure data integrity will form one of the keys.
The Bill S-33 as currently drafted does not itself, or via regulatory authority address these questions. However, we anticipate that during the next few years most machine-readable or electronically stored information will be created, maintained and disposed of in this manner.
Unless the new Evidence Act addresses these realities, records managers (and the organizations they represent) will continue to be faced with the same dilemna as today whereby for operational purposes of efficiency and cost-effectiveness, CRIKS are used. However, “just to be safe” one must continue the very costly practice of creating and maintaining literally tons of printouts or thousands of records on microform in case such records be needed as evidence in court. In fact, competitive business pressures are forcing the use of risk analysis to weigh the cost of storing information against the potential loss in unsuccessful litigation should admissibility be a potential problem. Surely business on expect more from the legal system.
A. UNIFORM DEFINITION OF “RECORD” IN FEDERAL LEGISLATION
The federal government should adopt one uniform definition of “record” or if this is not possible, at the least ensure that all definitions of “records” in federal statutes are in harmony with each other and do address the reality of computer/communcation/micro-image technologies.
Such a definition of “record” should embody the legal concepts set forth in other federal legislation such as,
1. Access to Information and Privacy Acts (Bill C-43) where “record” is defined in Section 2. It both defines a record as basically “recorded information” regardless of storage media and introduces the concept of “under the control of”. This relates to date integrity, (On this see further recommendation 2 below).
Section 4(3) of Bill C-43 which introduces a new legal concept to machine-readable records by stating that a
record which does not exist but can be created . . . is to be considered a record for the purposes of this Act.”
2. The Bank Act where Section 157 allows one to change “recorded information” form one from to another with the Act being equally applicable.
3. Ensuring that the definition of “record” under Bill S-33 is in harmony with proposed changes to the Criminal Code pertaining to computer data or records abuse.
4. Ensuring that proposed changes to the Copyright Act (not yet made public) addressing the new technologies and a “recording” of an original set of data or information in whatever form is compatible with S-33.
5. To include in the definition of record “sets of instructions” to ensure the inclusion of software in whatever form.
B. NEED FOR CODES, STANDARDS OR SETS OF GUIDELINES GOVERNING THE PRACTICAL ASPECTS OF ADMISSIBILITY OF RECORDS AS EVIDENCE
The federal government should amend Bill S-33 either directly or via regulatory powers to allow for the establishment of criteria whereby the output of various types of CRIKS would be admissible (or have a high probability of admissibility) as evidence in Court.
In particular such data integrity criteria might include the following conditions.
1. Proof of the sources of the information recorded in the data bases upon which the printout a microform is based;
2. Proof that the information in the data base was recorded, in some fashion, contemporaneously with, or within a reasonable time after the events to which such information relates, but contemporaneous recording within the data base itself would not be required;
3. Proof that the data upon printout is based is of a type regularly supplied to the computer during the regular activities of the organization or person from which the printout comes;
4. That the information upon which the statement in the printout are based, would in itself be admissible as evidence supporting those statements; (or that the data upon which the printout is based does not violate the other rules of evidence);
5. Proof that the entries into the data base upon which the print-out is based were in the regular course of business;
6. Proof that the input procedures in adding to the data base conform to standard practices in the industry;
7. Proof that there has been reliance upon the data base in making a business decision(s);
8. Proof that the computer program(s) in producing the printout, reliably and accurately processes the data in the data base;
9. Proof that from the time of the input of the data into the date base upon which the printout is based, until the time of the production of the printout, records have been kept by a responsible person in charge of the computer, and that all alterations to the mechanism and processes of the computer during that period were made under the authority of a responsible person; and,
10. Proof of the security features used to guarantee the integrity of the total record-keeping system upon which the printout is based, and of the effectiveness of such features. Further, in determining whether the security features of a computerized record-keeping system are sufficient to justify the admissibility of its printouts, a judge and/or jury should have regard to the following criteria for security:
1. Protection against unauthorized access to data and to permanent records;
2. Process for the verification of integrity of data and of statements in records; and,
3. The existence of back-up copies of records for purposes of verification or replacement of falsified, lost or destroyed permanent and temporary records.
In determining whether the security features of a computerized record-keeping system are sufficient to justify the admissibility of the printout tendered, a judge and/or jury should have regard to the degree of security appropriate for records of the type upon which the printout is based.
The purpose of this recommendation is to ensure,
1. that the onus of demonstrating the reliability of the CRIKS which produced the computer printouts tendered as evidence, is shifted onto the proponent of their admissibility, (thus preventing an onus of adducing evidence of unreliability being placed upon the opponent of admissibility merely because the proponent has established a prime face case that the printouts were created in the usual and ordinary course of business, which is the case under the present rules);
2. to establish criteria which are compatible with CRIKS and to replace those of the present statutory and common-law business-document exceptions to the hearsay rule which are not compatible with CRIKS; and,
3. to establish the criteria of admissibility for computer printouts in a legal instrument such as a statute, so as to “occupy the field”, thus preventing the case-law developing conflicting admissibility criteria or developing criteria in a slow fragmented fashion.
The question of data or information integrity is potentially more problematic in computer than in manual systems. A few
computer commands can delete or modify digitized information while countless hours would be required to alter similar information if kept in hard copy in a manual system. Development of a set of criteria for trustworthiness of CRIKS is a natural and necessary adjunct to a new Evidence Act. From the side of business, there is a push for the development of comprehensive, effective and efficient information systems, properly documented and managed. Records created by such systems should warrant complete confidence a prirna facie evidence. Records managers need to know from a practical day-to-day operational perspective what the basic criteria are that micrographic and computer-based record-keeping systems must meet (and records generated from such systems must have) in order to be admitted as evidence in court.
C. ADMISSIBILITY OF RECORDS “CREATED” FROM COMPUTER DATA AT TIME OF LITIGATION
In order to address present realities and definite future trends in computer-based records/information keeping systems, Bill S-33 should be amended to allow for admissiblity of records not necessarily made in the usual and ordinary course of business but created with the view of submitting such as evidence being an accurate picture or record of a series of events that were recorded by some means at or near the time such events took place.
In short we recommend that the principle set forth in Section 4(3) of Bill C-43 also be included in S-33.
ARMA feels that this is a feasible and practical recommendation. It follows naturally from the two previous recommendations and is based on the assumption that such records created in this matter would be generated by CRIKS which meet the basic set of criteria called for in the previous section.
The adoption of the principle put forward in this recommendation in a revised Evidence Act should greatly heighten the assurance that Bill S-33 will not become outmoded within a year or two after enactment.
IV. CONCLUDING REMARKS
The Association of Records Managers and Administrators (ARMA) is pleased to have had this opportunity to present its views (albeit in draft form) on Bill S-33 to the Senate Committee on Legal and Constitutional Affairs.
We do feel that the Evidence Act in its present form is in urgent need of revision. This urgency stems from the increasing difficulties we are facing in exercising our professional responsibilities as records managers in trying to reconcile the need for improvements in record keeping systems with uncertainties in admissibility as evidence.
The recommendations we propose are made from a practical point of view. We do need means whereby we can give some assurance that when manual record-keeping systems are being
converted to micrographic and computer-based systems the results have a reasonable chance of being admitted as evidence in court. On basic principles of equity, individuals should also be able to submit as evidence their computer-generated records. We need “record” to be defined in a uniform and technology independent fashion in all jurisdictions (federal, provincial, territorial). We need to know what the criteria are for admissibility of documents created by the new technologies. We need to have the law recognize the changed nature of record-keeping systems. Not only has their physical form changed but the logical constructs as well.
We are of course willing to provide whatever assistance we can and provide further elaboration if necessary of our views.
From the Association of Records Managers and Administrators:
Mr. Jake Knoppers;
Mr. Ron Taylor;
Mr. Mark Hopkins.