SlideShare a Scribd company logo

GautraiSerene

Download as PPT, PDF
G
gautrais

More and more, web players must document their data preservation practices. While in traditional evidence law, one must use documents produced by third parties to prove something (a signature, documents produced by the opposite side, etc.), digital evidence introduced in front of the courts must be accompanied by explanations of the conditions under which these documents were created, hosted, archived, transmitted.Whether it is an html page, a screen capture, a word file, or a Wikipedia entry, each new piece of evidence, to be admitted, must explain how the document was managed. A new major principle therefore emerges:documentation. Breaking somehow established legal traditions, each stage of a document’s lifecycle must beconsidered beforehand. This process often rests on technical norms and standards designed by the industry(ISA, ARMA, COBIT). But these technical norms precisely require companies to adopt procedures and policies demonstrating their due diligence in how their protect their data.

Law
1 of 64
cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015
considering legal aspects of i.t. privacy evidence contract copyright business etc.
Vincent Gautrais, La preuve technologique, Lexis / Nexis, Montréal, mars 2014.
conclusion Individual normativity is the good tool …
conclusion but we need more control on them !
plan 1.State of the Art + Individuel Normativity 1. State of the Art in General (facts) 2. State of the Law (law) 2.Suspicious + Individual Normativity 1. Suspicious about I.N. Process (facts) 2. Suspicious about I.N. Law Recognition (law)
1 – State of the art of individual normativity phenomenon 1
1.1 – generalisation of individual normativity in general 1.1
documentation accountability modelisation code of conduct audit etc. guidelines privacy by design
LawsRegulations Contract Policies Formal Level Informal Level Documentation Level Standards Guidelines Norms Methods Codes of Conduct Principles Procedures
Certification Service Provider ExampleCertification Service Provider Example
in all laws, documentation was the main issue that CSPs had to provide
2 main reasons behind this phenomenon
1 – complexity
2 – technology
Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman, Information Accountability, (2007)
“This paper argues that debates over online privacy, copyright, and information policy questions have been overly dominated by the access restriction perspective. We propose an alternative to the “hide it or lose it” approach that currently characterizes policy compliance on the Web. Our alternative is to design systems that are oriented toward information accountability and appropriate use, rather than information security and access restriction.”
“In many cases it is only by making better use of the information that is collected, and by retaining what is necessary to hold data users responsible for policy compliance that we can actually achieve greater information accountability”
process of security
process of security
1.2 – generalisation of individual normativity in specific legal context 1.2
example 1 law + security
An Act to Establish a Legal Framework for Information Technology, CQLR c C-1.1
Documentation and Quebec Law Transfer (17) Communication (30 + 34) Retention (21) Evidence in general
Quite the same at the federal level (Canada evidence act) (31.3) the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (…) the computer system or other similar device used by the electronic documents system was operating properly (…)
legal revolution
1 – respect of double evidence rule document itself documentation on document
2 – document managed by yourself
example 2 law + privacy
34 PIPEDA 4.1 Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles. (…) 4.1.4 Organizations shall implement policies and practices to give effect to the principles, including • (a) implementing procedures to protect personal information; • (b) establishing procedures to receive and respond to complaints and inquiries; • (c) training staff and communicating to staff information about the organization’s policies and practices; and • (d) developing information to explain the organization’s policies and procedures.
on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))
example 3 law + environment
example 3 Quebec environment quality act (RLRQ c Q-2)
Etc. Program (39) Policies (15) Plans (22) Mesures (93) Strategy (2) Norms (90) Plan (129)
Suspicious about individual normativity 2
“the possible over-inclusiveness or under- inclusiveness of existing legal rules as applied to new practices” (L. Bennett-Moses, 2010)
Suspicious about individual normativity process 2.1
1 – lack of protection
ex.: Global Reporting Initiative (“GRI”) for sustainability reporting
Example of Hydro-Quebec
2 – too much norms
ex.: ISO
1. ISO/IEC 27018:2014, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. 2. ISO/IEC 29100:2011, Information technology -- Security techniques – Privacy framework. 3. ISO/IEC WD 29134, Privacy Impact Assessment – Methodology. 4. ISO 13008:2012 – Information and Documentation – Digital records conversion and migration process. 5. ISO 13008:2012 – Information and documentation – Digital records conversion and migration process (PDF) 6. ISO/TR 23081-3:2011– Information and Documentation – Managing Metadata for Records – Part 3: Self-Assessment Method. 7. ISO 23081-1: 2006 – Information and Documentation – Metadata for records – Part 1 – Principles. 8. ISO 23081-2:2009 Information and documentation – Managing metadata for records – Part 2: Conceptual and implementation issues. 9. ISO/TR 26122:2008 Information and documentation – Work Process Analysis for Records. 10. ISO 16175-1:2010 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 1: Overview and statement of principles. 11. ISO 16175-2:2011 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 2: Guidelines and functional requirements for digital records management systems. 12. ISO 30300:2011 Information and Documentation – Management Systems for Records - Fundamentals and Vocabulary. 13. ISO 30301:2011 Information and Documentation – Management Systems for Records - Requirements. 14. ISO 15489-1, Information and Documentation – Records Management, Part. 1 – General, 2001. 15. ISO/TR 15489-2, Technical Report, Information and Documentation – Records Management, Part. 2 – Guidelines, 2001
3 – who controlled ?
4 – cost of standardization
ex.: afnor (fr) / bsi (uk)
ex.: Sarbanes-Oxley Act
Suspicious about individual normativity legal recognition 2.2
jurisprudence is mainly on favor of new technologies
ex 1: email acceptance (vandal c. Salvas, 2005 QCCQ 40771)
ex 2: wikipedia page (reference to the page history)
ex 3: paper version of “.xls” (Stadacona, s.e.c./Papier White Birch c. KSH Solutions inc., 2010)
ex 4: digital picture (with no reference to metadata)
No respect of double evidence rule document itself documentation on document
Mainstream Canada v. Staniford, 2012 BCSC 1433 « [23] Among other things, Cermaq has published the principles governing its sustainability program and reported on the company’s performance, using the standards set by the Global Reporting Initiative (“GRI”) for sustainability reporting. Since 2010, the sustainability reporting is also subject to review by KPMG’s sustainability team. Ms. Bergan explained further that, if Cermaq deviates from the indicators that are part of the GRI, Cermaq must disclose the manner in which it has done so. This manner of reporting, using the GRI standards, applies to both Cermaq and Mainstream, according to Ms. Bergan. »
cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015

Recommended

Desing thinking 2
Desing thinking 2Desing thinking 2
Desing thinking 2David Reyes
 
Docker
DockerDocker
Dockerpriyatnananda10
 
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriTasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriEzgi Ezdar Onur, MSc.
 
Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Ezgi Ezdar Onur, MSc.
 
Success factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiSuccess factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiitelligence TR
 
Desing thinking
Desing thinkingDesing thinking
Desing thinkingXabier Iraola
 
Desing thinking workshop
Desing thinking workshopDesing thinking workshop
Desing thinking workshopDesign Thinking Workshop
 
Crash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsCrash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsBoard of Innovation
 

Recommended

Desing thinking 2
Desing thinking 2Desing thinking 2
Desing thinking 2David Reyes
 
Docker
DockerDocker
Dockerpriyatnananda10
 
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriTasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriEzgi Ezdar Onur, MSc.
 
Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Ezgi Ezdar Onur, MSc.
 
Success factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiSuccess factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiitelligence TR
 
Desing thinking
Desing thinkingDesing thinking
Desing thinkingXabier Iraola
 
Desing thinking workshop
Desing thinking workshopDesing thinking workshop
Desing thinking workshopDesign Thinking Workshop
 
Crash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsCrash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsBoard of Innovation
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceDr. Richard Otieno
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptxYashPatel132112
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introductionFederico Costantini
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemCSCJournals
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptxBhagyasriPatel2
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Emerson Bryan
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20worldAqib Memon
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptxHappyness Mkumbo
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revjackpopo
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensiknewbie2019
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 
Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2gautrais
 
Signature
SignatureSignature
Signaturegautrais
 

More Related Content

Similar to GautraiSerene

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceDr. Richard Otieno
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introductionFederico Costantini
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemCSCJournals
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Emerson Bryan
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20worldAqib Memon
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revjackpopo
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensiknewbie2019
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 

Similar to GautraiSerene (20)

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 

More from gautrais

Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2gautrais
 
Preuve2015
Preuve2015Preuve2015
Preuve2015gautrais
 
Sécurité juridique + médias sociaux
Sécurité juridique + médias sociauxSécurité juridique + médias sociaux
Sécurité juridique + médias sociauxgautrais
 
Gestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationGestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationgautrais
 
AAPI gestion courriel
AAPI gestion courrielAAPI gestion courriel
AAPI gestion courrielgautrais
 
Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0gautrais
 
Snowden20140402vgv2
Snowden20140402vgv2Snowden20140402vgv2
Snowden20140402vgv2gautrais
 
Preuve gautraisv2
Preuve gautraisv2Preuve gautraisv2
Preuve gautraisv2gautrais
 

More from gautrais (11)

Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2
 
Signature
SignatureSignature
Signature
 
Preuve2015
Preuve2015Preuve2015
Preuve2015
 
Gautrais
GautraisGautrais
Gautrais
 
Sécurité juridique + médias sociaux
Sécurité juridique + médias sociauxSécurité juridique + médias sociaux
Sécurité juridique + médias sociaux
 
Gestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationGestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducation
 
AAPI gestion courriel
AAPI gestion courrielAAPI gestion courriel
AAPI gestion courriel
 
Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0
 
Crime 2.0
Crime 2.0Crime 2.0
Crime 2.0
 
Snowden20140402vgv2
Snowden20140402vgv2Snowden20140402vgv2
Snowden20140402vgv2
 
Preuve gautraisv2
Preuve gautraisv2Preuve gautraisv2
Preuve gautraisv2
 

Recently uploaded

如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书Fir L
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书SD DS
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 

Recently uploaded (20)

如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 

GautraiSerene

  • 1. cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015
  • 2.
  • 3. considering legal aspects of i.t. privacy evidence contract copyright business etc.
  • 4. Vincent Gautrais, La preuve technologique, Lexis / Nexis, Montréal, mars 2014.
  • 5.
  • 6.
  • 8. conclusion but we need more control on them !
  • 9. plan 1.State of the Art + Individuel Normativity 1. State of the Art in General (facts) 2. State of the Law (law) 2.Suspicious + Individual Normativity 1. Suspicious about I.N. Process (facts) 2. Suspicious about I.N. Law Recognition (law)
  • 10. 1 – State of the art of individual normativity phenomenon 1
  • 11. 1.1 – generalisation of individual normativity in general 1.1
  • 12.
  • 15. Certification Service Provider ExampleCertification Service Provider Example
  • 16. in all laws, documentation was the main issue that CSPs had to provide
  • 17. 2 main reasons behind this phenomenon
  • 20. Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman, Information Accountability, (2007)
  • 21. “This paper argues that debates over online privacy, copyright, and information policy questions have been overly dominated by the access restriction perspective. We propose an alternative to the “hide it or lose it” approach that currently characterizes policy compliance on the Web. Our alternative is to design systems that are oriented toward information accountability and appropriate use, rather than information security and access restriction.”
  • 22. “In many cases it is only by making better use of the information that is collected, and by retaining what is necessary to hold data users responsible for policy compliance that we can actually achieve greater information accountability”
  • 25. 1.2 – generalisation of individual normativity in specific legal context 1.2
  • 26. example 1 law + security
  • 27. An Act to Establish a Legal Framework for Information Technology, CQLR c C-1.1
  • 28. Documentation and Quebec Law Transfer (17) Communication (30 + 34) Retention (21) Evidence in general
  • 29. Quite the same at the federal level (Canada evidence act) (31.3) the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (…) the computer system or other similar device used by the electronic documents system was operating properly (…)
  • 31. 1 – respect of double evidence rule document itself documentation on document
  • 32. 2 – document managed by yourself
  • 33. example 2 law + privacy
  • 34. 34 PIPEDA 4.1 Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles. (…) 4.1.4 Organizations shall implement policies and practices to give effect to the principles, including • (a) implementing procedures to protect personal information; • (b) establishing procedures to receive and respond to complaints and inquiries; • (c) training staff and communicating to staff information about the organization’s policies and practices; and • (d) developing information to explain the organization’s policies and procedures.
  • 35. on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))
  • 36. example 3 law + environment
  • 37. example 3 Quebec environment quality act (RLRQ c Q-2)
  • 38. Etc. Program (39) Policies (15) Plans (22) Mesures (93) Strategy (2) Norms (90) Plan (129)
  • 40. “the possible over-inclusiveness or under- inclusiveness of existing legal rules as applied to new practices” (L. Bennett-Moses, 2010)
  • 41. Suspicious about individual normativity process 2.1
  • 42. 1 – lack of protection
  • 43. ex.: Global Reporting Initiative (“GRI”) for sustainability reporting
  • 45.
  • 46. 2 – too much norms
  • 48. 1. ISO/IEC 27018:2014, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. 2. ISO/IEC 29100:2011, Information technology -- Security techniques – Privacy framework. 3. ISO/IEC WD 29134, Privacy Impact Assessment – Methodology. 4. ISO 13008:2012 – Information and Documentation – Digital records conversion and migration process. 5. ISO 13008:2012 – Information and documentation – Digital records conversion and migration process (PDF) 6. ISO/TR 23081-3:2011– Information and Documentation – Managing Metadata for Records – Part 3: Self-Assessment Method. 7. ISO 23081-1: 2006 – Information and Documentation – Metadata for records – Part 1 – Principles. 8. ISO 23081-2:2009 Information and documentation – Managing metadata for records – Part 2: Conceptual and implementation issues. 9. ISO/TR 26122:2008 Information and documentation – Work Process Analysis for Records. 10. ISO 16175-1:2010 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 1: Overview and statement of principles. 11. ISO 16175-2:2011 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 2: Guidelines and functional requirements for digital records management systems. 12. ISO 30300:2011 Information and Documentation – Management Systems for Records - Fundamentals and Vocabulary. 13. ISO 30301:2011 Information and Documentation – Management Systems for Records - Requirements. 14. ISO 15489-1, Information and Documentation – Records Management, Part. 1 – General, 2001. 15. ISO/TR 15489-2, Technical Report, Information and Documentation – Records Management, Part. 2 – Guidelines, 2001
  • 49. 3 – who controlled ?
  • 50.
  • 51.
  • 52. 4 – cost of standardization
  • 53. ex.: afnor (fr) / bsi (uk)
  • 55.
  • 56. Suspicious about individual normativity legal recognition 2.2
  • 57. jurisprudence is mainly on favor of new technologies
  • 58. ex 1: email acceptance (vandal c. Salvas, 2005 QCCQ 40771)
  • 59. ex 2: wikipedia page (reference to the page history)
  • 60. ex 3: paper version of “.xls” (Stadacona, s.e.c./Papier White Birch c. KSH Solutions inc., 2010)
  • 61. ex 4: digital picture (with no reference to metadata)
  • 62. No respect of double evidence rule document itself documentation on document
  • 63. Mainstream Canada v. Staniford, 2012 BCSC 1433 « [23] Among other things, Cermaq has published the principles governing its sustainability program and reported on the company’s performance, using the standards set by the Global Reporting Initiative (“GRI”) for sustainability reporting. Since 2010, the sustainability reporting is also subject to review by KPMG’s sustainability team. Ms. Bergan explained further that, if Cermaq deviates from the indicators that are part of the GRI, Cermaq must disclose the manner in which it has done so. This manner of reporting, using the GRI standards, applies to both Cermaq and Mainstream, according to Ms. Bergan. »
  • 64. cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015