Rabelani dagada electronic records management chetty law 2011


Published on

Rabelani Dagada, Author and Intellectual

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Read.
  • It is what allows us to do internet banking, online shopping and contract via email. Without it none of these things would be possible. It puts minimum security measures in place for online banking, it governs returning of goods bought online and also deals with websites & ISP’s.
  • Section 11 is one of the most important provisions in our minds. Read Out. So what it is saying is that everything you could do on paper is now valid if it’s done electronically. With some exceptions, like wills & deeds for the sale of property which still have to done on paper to be valid. You might be wondering what classifies as a data message.
  • Thank you. Any questions.
  • Rabelani dagada electronic records management chetty law 2011

    1. 1. Electronic Records ManagementJenna Cuming& Katherine ThompsonCL Johannesburg© Chetty Law 2011<br />Guest Lecture Presented During Rabelani Dagada's Technology & Information Management's Class at the Wits Business School, 3 February 2011<br />
    2. 2. Electronic Communications and Transactions ActElectronic Records ManagementElectronic Evidence & E-DiscoveryBoardroom ConversationsChecklists <br />
    3. 3. Records Management ImperativeLegal Compliance (Mandate, Industry)Evidence – Proof of Existence of FactsOperational EfficiencyGovernance ImperativeKing IIIArchives ImperativeNational Archives PrescriptionsAccess to Justice and Access to Information Imperative PAJA & PAIA (PPI Bill)<br />
    4. 4. Enter the ECT Act…..<br />© Chetty Law 2011<br />
    5. 5. Intention:To maximize the benefits of electronic transactions and internet usage by all South Africans.In effect:Electronic transactions have the same legal force as paper based transactions.<br /> In Short<br />© Chetty Law 2011<br />
    6. 6.
    7. 7. Information is not without legal force and effect merely on the grounds that it is wholly or partly in the form of a data message… or is merely referred to in such data message.<br /> ECT : Section 11(1) & (2)<br />© Chetty Law 2011<br />
    8. 8.
    9. 9.
    10. 10. Means:Data generated, sent, received or stored by electronic means and includes voice, where the voice is used in an automated transaction; and a stored record.<br /> Definition of a Data Message<br />© Chetty Law 2011<br />
    11. 11. Includes:data (electronic information) in email, internet, intranet, sms, voice between persons and stored records Excludes: voice between natural person and an automated voice response system<br /> Data Message<br />© Chetty Law 2011<br />
    12. 12. “Legal force and effect to information…referred to in a way that a reasonable person would have noticed the reference and accessible in a form in which it may be read, stored and retrieved by the other party, whether electronically or as a computer printout (able to be reduced to electronic form)”<br /> Incorporation By Reference<br />© Chetty Law 2011<br />
    13. 13.
    14. 14. Radicati Group Email Statistics Report 2010, the average corporate user sends and receives 110 e-mail messages daily. http://www.radicati.com/wp/wp-content/uploads/2010/04/Email-Statistics-Report-2010-2014-Executive-Summary2.pdf<br /> Only e-mails…<br />© Chetty Law 2011<br />
    15. 15. All sources of records!<br />
    16. 16. A record is defined in the ECT Act, as “recorded information regardless of form or medium” Can include e-mails, sms’s and instant message logs<br /> What is a record? <br />© Chetty Law 2011<br />
    17. 17. “if any other law requires the retention of documents or records, such documents and records may be retained in electronic format, subject to certain conditions”ECT sets out requirements for electronic records retention:information is accessible for subsequent reference- is in format generated, sent or received or format that accurately represents information- origin and destination of data message and date & time it was sent or received can be determined<br /> Section 16<br />© Chetty Law 2011<br />
    18. 18. ExceptionsAgreements:Alienation of LandLong term property lease Execution:Will or CodicilBill of Exchange<br />© Chetty Law 2011<br />
    19. 19. Electronic evidence must not be denied admissibility (a) on grounds that it is in electronic format or (b) if it is best evidence.Must be given due evidential weight.<br /> Section 15<br />© Chetty Law 2011<br />
    20. 20. To qualify as an original, Integrity must be maintained:- Complete, unaltered, except for endorsement or change in normal course of communication, storage or display.- Must pass assessment.Capable of being displayed or produced to person to whom it is presented..<br /> Original ito Section 14<br />© Chetty Law 2011<br />
    21. 21. Assessed in terms of:- reliability of the manner in which it was generated, stored or communicated & manner in which integrity was maintained- manner in which originator was identified- any other relevant factor.(Course of business) Data message certified be to correct by an officer in service of company will be admissible as evidence. <br /> Evidential Weight<br />© Chetty Law 2011<br />
    22. 22. Where law prescribes a signature, must use advanced signatures, other cases consensus between parties is sought (includes “click-wrap” and “browse-wrap” agreements).<br /> Signatures <br />s13<br />© Chetty Law 2010<br />
    23. 23. Electronic Signaturevs.Advanced Electronic Signature<br /> Signatures <br />s13<br />© Chetty Law 2011<br />
    24. 24. The Electronic Evidence Issue Paper <br />© Chetty Law 2011<br />
    25. 25. Judge HCJ Flemming (1996): Video Conferencing?Letter to Minister of Justice (1997): Telecommunication Technology in TrialsLaw Reform Commission (1997): Investigation Recommendation: use of “audio-visual links” – e.g. leave to appealProject 113 – Project 126Facilitate a focused debateAllow stakeholders opportunity to raise relevant matters<br />Rationale for Issue Paper<br />© Chetty Law 2011<br />
    26. 26. Rapid developments in technologyAnonymity, Abundance, AssumptionsMultiple sources and formats,Ease of manipulationObsolescenceReading dataMetadataECT Act PresumptionsInteraction with rule against hearsay<br />Rationale for Issue Paper<br />© Chetty Law 2011<br />
    27. 27. -Legal Issue of indirect evidence, challenges for cross-examination<br />-Level of reliance that can be placed on such evidence<br />
    28. 28. The Promotion of Access to Information Act (PAIA) <br />© Chetty Law 2011<br />
    29. 29. Promotion of Access to Information Act/ Intention “PAIA gives effect to the constitutional right of access to any information held by the State and any information by another person that is required for the exercise or protection of any rights”<br />© Chetty Law 2011<br />
    30. 30. Promotion of Access to Information Act/ Non Disclosure “Where the information requested relates to certain confidential information of a third party: IO must refuse the request for access to information, if the disclosure thereof would amount to a breach of a duty of confidence owed to the third party in terms of an agreement”<br />© Chetty Law 2011<br />
    31. 31. Head of private body must compile & keep updated a manual containing:Address, phone, fax and emailGuide to request recordsCategories of recordsDescription of recordsDetail to facilitate a requestSubjects and categories of records<br />
    32. 32. What needs to be done?Head of private body must compile & keep updated a manual containing:Address, phone, fax and emailGuide to request recordsCategories of recordsDescription of recordsHow to requestCosts of requestSubjects and categories of records<br />© Chetty Law 2011<br />
    33. 33. Protection of Personal Information Bill<br />© Chetty Law 2011<br />
    34. 34. Purpose“To protect the privacy with regard to the processing of personal information; and balance the right to privacy against other rights such as the right of access to information.” <br />© Chetty Law 2011<br />
    35. 35. Data Subject “data subject” = the person to whom personal information relates <br />© Chetty Law 2011<br />
    36. 36. Personal Information Information relating to an identifiable, living, natural person & where it’s applicable, an identifiable, existing juristic person, including but not limited to: *Race, gender, sex, pregnancy, marital status,national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;* Education or the medical, financial, criminal or employment history of the person;* Any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;* The blood type or any other biometric information of the person; <br />© Chetty Law 2011<br />
    37. 37. * The personal opinions, views or preferences of the person;* Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;* The views or opinions of another individual about the person; and* The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal informationabout the person; <br />© Chetty Law 2011<br />
    38. 38. Processing Any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:-(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use; (b) dissemination by means of transmission, distribution or making available in any other form; or(c) merging, linking, as well as blocking, degradation, erasure or destruction of information <br />© Chetty Law 2011<br />
    39. 39. The 8 PrinciplesPrinciples of Processing (1) Accountability(2) Processing Limitation(3) Purpose Specification (Specific, Defined, Deletion, Retention) (4) Further Processing Limitation (compatibility) (5) Information Quality(6) Openness(7) Security Safeguards(8) Data Subject Participation<br />© Chetty Law 2011<br />
    40. 40. Trans-border FlowNot Transfer to 3rd party in foreign country unless recipient subject to law, code, contract which upholds principles substantially similar to principles in Act and includes provisions similar to section relating to further transferconsent transfer necessary for contract performance (DS & RP)transfer is for benefit of DS and not reasonably practicable to obtain consent to transfer / DS would have consented if reasonably practicable<br />© Chetty Law 2011<br />
    41. 41. And let’s hand over to Katherine….<br />
    42. 42. Electronic Discovery <br />© Chetty Law 2011<br />
    43. 43. What is E-Discovery?“Parties to litigation have the right to receive copies of the “records” to be used as evidence during the litigation process.Failure to provide such “records” results in the inadmissibility of such records as evidence”<br />© Chetty Law 2011<br />
    44. 44. E-Discovery Challenges“includes email messages (including backups and deleted messages), instant messages (IM), web site information whether in text, graphic or audio format, log files, voicemail messages and logs, data files (documents, spreadsheets, database files, etc.), program files, cache files, cookies”<br />© Chetty Law 2011<br />
    45. 45. Responding to requests has become more complex<br />Need to pull Data from voicemail, email, sms, instant messaging <br />Still no Policies for preservation of electronic evidence<br />Significant risk <br />http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202426600692<br />
    46. 46. Coleman vs. Morgan Stanley“Morgan Stanley & Co. Inc. has agreed to pay a $15 million civil fine to settle federal regulators' charges that it repeatedly failed to provide tens of thousands of e-mails that they sought in major investigations over several years”Numerous misstatements about practices<br />© Chetty Law 2011<br />
    47. 47. Zubulake vs. UBS Warburg“A $29 million verdict was returned against UBS because the company had destroyed email messages that were demanded as evidence in the case”<br />© Chetty Law 2011<br />
    48. 48. Arndt vs. First Union Banks“Evidence has been received that tends to show that certain profit and loss statements and E-mails were in the exclusive possession of the defendant, First Union; and, [sic] have not been produced for inspection, by the plaintiff or his counsel, even though defendant, First Union, was aware of the plaintiff's claim. From this, you may infer, though you are not compelled to do so, that the profit and loss statements and the E-mails would be damaging to the defendant”<br />© Chetty Law 2011<br />
    49. 49. Edgars Consolidated Stores Limited (EDCON) v CCMA Ms A, an employee of Edgars, received an email from another Edgars employee. The email had racist connotations. Ms A did not consider the email as offensive– in fact she thought it was funny – and she in turn forwarded the email to family members and friends, none of whom were employed by Edgars.“used the Company’s electronic mail to transmit offensive mail internally and externally, thereby causing harm to the Company’s reputation” <br />© Chetty Law 2011<br />
    50. 50. SIHLALI, MAFIKA v SABC Resignation/Firing by SMS?Contract of Employment with SABC, sent sms to Chairman of the Board resigning.Resignation accepted, tried to go back but Court said no. © Chetty Law 2011<br />
    51. 51. Companies Act 71 of 2008 <br />© Chetty Law 2011<br />
    52. 52. “electronic communication’’ has the meaning set out in section 1 of the Electronic Communications and Transactions Act“present at a meeting’’ means to be present in person, or able to participate in the meeting by electronic communication, or to be represented by a proxy who ispresent in person or able to participate in the meeting by electronic communication”<br />Companies Act / Definitions<br />© Chetty Law 2011<br />
    53. 53. “An unaltered electronically or mechanically generated reproduction of any document, other than a share certificate, may be substituted for the original for anypurpose for which the original could be used ito the ActIf, in terms of this Act, a notice is required or permitted to be given or published to any person, it is sufficient if the notice is transmitted electronically directly to that person in a manner and form such that the notice can conveniently be printed by the recipient within a reasonable time and at a reasonable cost”<br />Companies Act / E-Documents<br />© Chetty Law 2011<br />
    54. 54. National Archive and Record Services (NARS) Act <br />© Chetty Law 2011<br />
    55. 55. Act requires the retention of records for reasons including the preservation of the social memory of the organisation. While the National Archives Act impacts mainly public institutions, it would also impact the records practices of companies to whom public institutions outsource certain services. Records are needed to serve as evidence that the functions of the entity have been fulfilled, required for management, accountability, operational continuity, legal evidence and disaster recovery, part of the organisations memory and cultural heritage and may be intrinsically linked to the rights of citizens.<br />NARS<br />© Chetty Law 2011<br />
    56. 56. King III Code <br />© Chetty Law 2011<br />
    57. 57.
    58. 58.
    59. 59. Associated Policies <br />© Chetty Law 2011<br />
    60. 60. - Establish guidelines & responsibilities for use- Avoid risk- Achieve compliance- Accountability <br />Why do you need policies?<br />© Chetty Law 2011<br />
    61. 61. <ul><li>Lost a disk with details 370 000 policy holders
    62. 62. Password protected but not encrypted
    63. 63. Posted</li></ul>http://www.dofonline.co.uk<br />
    64. 64. <ul><li>Details of affairs, debts and drugs
    65. 65. Memory stick encrypted with password on sticky note
    66. 66. Memory stick with government information -</li></ul> subcontractor<br />http://www.bbc.co.uk<br />
    67. 67. <ul><li>Personal financial details on a computer sold on e-bay
    68. 68. Bank customers</li></ul> Account details, signatures, contact details, family details <br />http://www.bbc.co.uk<br />
    69. 69. Electronic Communications Policy pertaining to acceptable and unacceptable use of the electronic communications facilities of the company; Interception and Monitoring Policy that specifies the circumstances under which the company shall intercept and/or monitor personnel communications; the procedures to the be followed by the company in compliance with RICA; and limitations placed on the manner in which the records emanating from such interception or monitoring shall be used; <br />Typical Electronic Records Policies<br />© Chetty Law 2011<br />
    70. 70.  Electronic Records Management Policies pertaining to the proper storage and management of electronic records; the treatment of email records and website records; the mandatory and specific metadata to be retained in respect of electronic records; Disaster Recovery and Business Continuity Strategies, Statements and Policies that specify the steps taken by the company internally and by technology providers to ensure the availability of electronic records systems and electronic records and the procedures for recovery to business interruptions;<br />Typical Electronic Records Policies<br />© Chetty Law 2011<br />
    71. 71.  Records Retention Schedules that specify the retention period and the appropriate date for destruction for electronic records including email records; E-mail Management Policies that provide more detailed and contextualised information on e-mail and e-mail records management specifically<br />Typical Electronic Records Policies<br />© Chetty Law 2011<br />
    72. 72. Case Study 1 <br />© Chetty Law 2011<br />
    73. 73.
    74. 74.
    75. 75.
    76. 76.
    77. 77.
    78. 78. SA Records Retention Periods Example<br />
    79. 79. Case Study 2 <br />© Chetty Law 2010<br />
    80. 80. Write <br />© Chetty Law 2011<br />
    81. 81. Basic Health-Check -Official Records created, captured upon creation or receipt in appropriate records management system-Access managed - policies and procedures-Found on demand and reliable as evidence-Managed and planned strategically- Employees and personnel are trained- Reporting and accountability- Policies and procedures are updated <br />© Chetty Law 2011<br />
    82. 82. http://www.lib.az.us/records/GuidanceAndRelatedResources/21st_century_rm_checklist.pdf<br />
    83. 83. http://www.lib.az.us/records/GuidanceAndRelatedResources/21st_century_rm_checklist.pdf<br />
    84. 84. http://www.whitefoot-forward.com/iso_15489-1.pdf<br />
    85. 85. Getting started<br />© Chetty Law 2011<br />
    86. 86. Jenna Cuming<br />jenna@chettylaw.co.za<br />Katherine Thompson<br />katherine@chettylaw.co.za<br />011 463 63 68<br />
    87. 87. www.chettylaw.co.za<br />http://twitter.com/ChettyLaw<br />
    88. 88. Road Block- Records Retention vs. Wikileaks- Practical use of electronic signatures<br />