SlideShare a Scribd company logo

GautraiSerene

Download as PPT, PDF
G
gautrais

More and more, web players must document their data preservation practices. While in traditional evidence law, one must use documents produced by third parties to prove something (a signature, documents produced by the opposite side, etc.), digital evidence introduced in front of the courts must be accompanied by explanations of the conditions under which these documents were created, hosted, archived, transmitted.Whether it is an html page, a screen capture, a word file, or a Wikipedia entry, each new piece of evidence, to be admitted, must explain how the document was managed. A new major principle therefore emerges:documentation. Breaking somehow established legal traditions, each stage of a document’s lifecycle must beconsidered beforehand. This process often rests on technical norms and standards designed by the industry(ISA, ARMA, COBIT). But these technical norms precisely require companies to adopt procedures and policies demonstrating their due diligence in how their protect their data.

1 of 64
cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015
considering legal aspects of i.t. privacy evidence contract copyright business etc.
Vincent Gautrais, La preuve technologique, Lexis / Nexis, Montréal, mars 2014.
conclusion Individual normativity is the good tool …
conclusion but we need more control on them !
plan 1.State of the Art + Individuel Normativity 1. State of the Art in General (facts) 2. State of the Law (law) 2.Suspicious + Individual Normativity 1. Suspicious about I.N. Process (facts) 2. Suspicious about I.N. Law Recognition (law)
1 – State of the art of individual normativity phenomenon 1
1.1 – generalisation of individual normativity in general 1.1
documentation accountability modelisation code of conduct audit etc. guidelines privacy by design
LawsRegulations Contract Policies Formal Level Informal Level Documentation Level Standards Guidelines Norms Methods Codes of Conduct Principles Procedures
Certification Service Provider ExampleCertification Service Provider Example
in all laws, documentation was the main issue that CSPs had to provide
2 main reasons behind this phenomenon
1 – complexity
2 – technology
Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman, Information Accountability, (2007)
“This paper argues that debates over online privacy, copyright, and information policy questions have been overly dominated by the access restriction perspective. We propose an alternative to the “hide it or lose it” approach that currently characterizes policy compliance on the Web. Our alternative is to design systems that are oriented toward information accountability and appropriate use, rather than information security and access restriction.”
“In many cases it is only by making better use of the information that is collected, and by retaining what is necessary to hold data users responsible for policy compliance that we can actually achieve greater information accountability”
process of security
process of security
1.2 – generalisation of individual normativity in specific legal context 1.2
example 1 law + security
An Act to Establish a Legal Framework for Information Technology, CQLR c C-1.1
Documentation and Quebec Law Transfer (17) Communication (30 + 34) Retention (21) Evidence in general
Quite the same at the federal level (Canada evidence act) (31.3) the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (…) the computer system or other similar device used by the electronic documents system was operating properly (…)
legal revolution
1 – respect of double evidence rule document itself documentation on document
2 – document managed by yourself
example 2 law + privacy
34 PIPEDA 4.1 Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles. (…) 4.1.4 Organizations shall implement policies and practices to give effect to the principles, including • (a) implementing procedures to protect personal information; • (b) establishing procedures to receive and respond to complaints and inquiries; • (c) training staff and communicating to staff information about the organization’s policies and practices; and • (d) developing information to explain the organization’s policies and procedures.
on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))
example 3 law + environment
example 3 Quebec environment quality act (RLRQ c Q-2)
Etc. Program (39) Policies (15) Plans (22) Mesures (93) Strategy (2) Norms (90) Plan (129)
Suspicious about individual normativity 2
“the possible over-inclusiveness or under- inclusiveness of existing legal rules as applied to new practices” (L. Bennett-Moses, 2010)
Suspicious about individual normativity process 2.1
1 – lack of protection
ex.: Global Reporting Initiative (“GRI”) for sustainability reporting
Example of Hydro-Quebec
2 – too much norms
ex.: ISO
1. ISO/IEC 27018:2014, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. 2. ISO/IEC 29100:2011, Information technology -- Security techniques – Privacy framework. 3. ISO/IEC WD 29134, Privacy Impact Assessment – Methodology. 4. ISO 13008:2012 – Information and Documentation – Digital records conversion and migration process. 5. ISO 13008:2012 – Information and documentation – Digital records conversion and migration process (PDF) 6. ISO/TR 23081-3:2011– Information and Documentation – Managing Metadata for Records – Part 3: Self-Assessment Method. 7. ISO 23081-1: 2006 – Information and Documentation – Metadata for records – Part 1 – Principles. 8. ISO 23081-2:2009 Information and documentation – Managing metadata for records – Part 2: Conceptual and implementation issues. 9. ISO/TR 26122:2008 Information and documentation – Work Process Analysis for Records. 10. ISO 16175-1:2010 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 1: Overview and statement of principles. 11. ISO 16175-2:2011 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 2: Guidelines and functional requirements for digital records management systems. 12. ISO 30300:2011 Information and Documentation – Management Systems for Records - Fundamentals and Vocabulary. 13. ISO 30301:2011 Information and Documentation – Management Systems for Records - Requirements. 14. ISO 15489-1, Information and Documentation – Records Management, Part. 1 – General, 2001. 15. ISO/TR 15489-2, Technical Report, Information and Documentation – Records Management, Part. 2 – Guidelines, 2001
3 – who controlled ?
4 – cost of standardization
ex.: afnor (fr) / bsi (uk)
ex.: Sarbanes-Oxley Act
Suspicious about individual normativity legal recognition 2.2
jurisprudence is mainly on favor of new technologies
ex 1: email acceptance (vandal c. Salvas, 2005 QCCQ 40771)
ex 2: wikipedia page (reference to the page history)
ex 3: paper version of “.xls” (Stadacona, s.e.c./Papier White Birch c. KSH Solutions inc., 2010)
ex 4: digital picture (with no reference to metadata)
No respect of double evidence rule document itself documentation on document
Mainstream Canada v. Staniford, 2012 BCSC 1433 « [23] Among other things, Cermaq has published the principles governing its sustainability program and reported on the company’s performance, using the standards set by the Global Reporting Initiative (“GRI”) for sustainability reporting. Since 2010, the sustainability reporting is also subject to review by KPMG’s sustainability team. Ms. Bergan explained further that, if Cermaq deviates from the indicators that are part of the GRI, Cermaq must disclose the manner in which it has done so. This manner of reporting, using the GRI standards, applies to both Cermaq and Mainstream, according to Ms. Bergan. »
cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015

Recommended

Desing thinking 2
Desing thinking 2Desing thinking 2
Desing thinking 2
David Reyes
 
Docker
DockerDocker
Docker
priyatnananda10
 
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriTasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Ezgi Ezdar Onur, MSc.
 
Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking"
Ezgi Ezdar Onur, MSc.
 
Success factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiSuccess factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimi
itelligence TR
 
Desing thinking
Desing thinkingDesing thinking
Desing thinking
Xabier Iraola
 
Desing thinking workshop
Desing thinking workshopDesing thinking workshop
Desing thinking workshop
Design Thinking Workshop
 
Crash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsCrash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeets
Board of Innovation
 

Recommended

Desing thinking 2
Desing thinking 2Desing thinking 2
Desing thinking 2
David Reyes
 
Docker
DockerDocker
Docker
priyatnananda10
 
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriTasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Ezgi Ezdar Onur, MSc.
 
Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking"
Ezgi Ezdar Onur, MSc.
 
Success factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiSuccess factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimi
itelligence TR
 
Desing thinking
Desing thinkingDesing thinking
Desing thinking
Xabier Iraola
 
Desing thinking workshop
Desing thinking workshopDesing thinking workshop
Desing thinking workshop
Design Thinking Workshop
 
Crash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsCrash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeets
Board of Innovation
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
Lisa Catanzaro
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
Mayank Diwakar
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
Dr. Richard Otieno
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
YashPatel132112
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
Federico Costantini
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Anne ndolo
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
CSCJournals
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
BhagyasriPatel2
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
Davide Gabrini
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...
Emerson Bryan
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
Costas Katsavounidis
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
Atul Rai
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
Happyness Mkumbo
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
jackpopo
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
newbie2019
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
Editor IJCTER
 
Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2
gautrais
 
Signature
SignatureSignature
Signature
gautrais
 

More Related Content

Similar to GautraiSerene

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
Lisa Catanzaro
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
Mayank Diwakar
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
Dr. Richard Otieno
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
YashPatel132112
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
Federico Costantini
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Anne ndolo
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
CSCJournals
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
BhagyasriPatel2
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
Davide Gabrini
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...
Emerson Bryan
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
Costas Katsavounidis
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
Atul Rai
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
Happyness Mkumbo
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
jackpopo
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
newbie2019
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
Editor IJCTER
 

Similar to GautraiSerene (20)

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 

More from gautrais

Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2
gautrais
 
Signature
SignatureSignature
Signature
gautrais
 
Preuve2015
Preuve2015Preuve2015
Preuve2015
gautrais
 
Gautrais
GautraisGautrais
Gautrais
gautrais
 
Sécurité juridique + médias sociaux
Sécurité juridique + médias sociauxSécurité juridique + médias sociaux
Sécurité juridique + médias sociauxgautrais
 
Gestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationGestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationgautrais
 
AAPI gestion courriel
AAPI gestion courrielAAPI gestion courriel
AAPI gestion courrielgautrais
 
Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0gautrais
 
Snowden20140402vgv2
Snowden20140402vgv2Snowden20140402vgv2
Snowden20140402vgv2
gautrais
 
Preuve gautraisv2
Preuve gautraisv2Preuve gautraisv2
Preuve gautraisv2
gautrais
 

More from gautrais (11)

Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2
 
Signature
SignatureSignature
Signature
 
Preuve2015
Preuve2015Preuve2015
Preuve2015
 
Gautrais
GautraisGautrais
Gautrais
 
Sécurité juridique + médias sociaux
Sécurité juridique + médias sociauxSécurité juridique + médias sociaux
Sécurité juridique + médias sociaux
 
Gestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationGestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducation
 
AAPI gestion courriel
AAPI gestion courrielAAPI gestion courriel
AAPI gestion courriel
 
Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0
 
Crime 2.0
Crime 2.0Crime 2.0
Crime 2.0
 
Snowden20140402vgv2
Snowden20140402vgv2Snowden20140402vgv2
Snowden20140402vgv2
 
Preuve gautraisv2
Preuve gautraisv2Preuve gautraisv2
Preuve gautraisv2
 

Recently uploaded

Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?
RoseZubler1
 
Capital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptxCapital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptx
OmGod1
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
bhavenpr
 
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
onduyv
 
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
uhsox
 
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
aypxuyw
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
veteranlegal
 
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
ooqzo
 
It's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of InterestIt's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of Interest
Parsons Behle & Latimer
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
gjsma0ep
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee
 
Corporate Governance : Scope and Legal Framework
Corporate Governance : Scope and Legal FrameworkCorporate Governance : Scope and Legal Framework
Corporate Governance : Scope and Legal Framework
devaki57
 
PPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx llPPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx ll
MohammadZubair874462
 
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
fexbqa
 
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
woywevt
 
17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf
ssuser0dfed9
 
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
pdeehy
 
suture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgicalsuture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgical
AlanSudhan
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
MasoudZamani13
 
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
ucoux1
 

Recently uploaded (20)

Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?
 
Capital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptxCapital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptx
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
 
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
 
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
 
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
 
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
 
It's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of InterestIt's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of Interest
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
 
Corporate Governance : Scope and Legal Framework
Corporate Governance : Scope and Legal FrameworkCorporate Governance : Scope and Legal Framework
Corporate Governance : Scope and Legal Framework
 
PPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx llPPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx ll
 
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
 
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
 
17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf
 
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
 
suture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgicalsuture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgical
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
 
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
 

GautraiSerene

  • 1. cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015
  • 2.
  • 3. considering legal aspects of i.t. privacy evidence contract copyright business etc.
  • 4. Vincent Gautrais, La preuve technologique, Lexis / Nexis, Montréal, mars 2014.
  • 5.
  • 6.
  • 8. conclusion but we need more control on them !
  • 9. plan 1.State of the Art + Individuel Normativity 1. State of the Art in General (facts) 2. State of the Law (law) 2.Suspicious + Individual Normativity 1. Suspicious about I.N. Process (facts) 2. Suspicious about I.N. Law Recognition (law)
  • 10. 1 – State of the art of individual normativity phenomenon 1
  • 11. 1.1 – generalisation of individual normativity in general 1.1
  • 12.
  • 15. Certification Service Provider ExampleCertification Service Provider Example
  • 16. in all laws, documentation was the main issue that CSPs had to provide
  • 17. 2 main reasons behind this phenomenon
  • 20. Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman, Information Accountability, (2007)
  • 21. “This paper argues that debates over online privacy, copyright, and information policy questions have been overly dominated by the access restriction perspective. We propose an alternative to the “hide it or lose it” approach that currently characterizes policy compliance on the Web. Our alternative is to design systems that are oriented toward information accountability and appropriate use, rather than information security and access restriction.”
  • 22. “In many cases it is only by making better use of the information that is collected, and by retaining what is necessary to hold data users responsible for policy compliance that we can actually achieve greater information accountability”
  • 25. 1.2 – generalisation of individual normativity in specific legal context 1.2
  • 26. example 1 law + security
  • 27. An Act to Establish a Legal Framework for Information Technology, CQLR c C-1.1
  • 28. Documentation and Quebec Law Transfer (17) Communication (30 + 34) Retention (21) Evidence in general
  • 29. Quite the same at the federal level (Canada evidence act) (31.3) the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (…) the computer system or other similar device used by the electronic documents system was operating properly (…)
  • 31. 1 – respect of double evidence rule document itself documentation on document
  • 32. 2 – document managed by yourself
  • 33. example 2 law + privacy
  • 34. 34 PIPEDA 4.1 Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles. (…) 4.1.4 Organizations shall implement policies and practices to give effect to the principles, including • (a) implementing procedures to protect personal information; • (b) establishing procedures to receive and respond to complaints and inquiries; • (c) training staff and communicating to staff information about the organization’s policies and practices; and • (d) developing information to explain the organization’s policies and procedures.
  • 35. on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))
  • 36. example 3 law + environment
  • 37. example 3 Quebec environment quality act (RLRQ c Q-2)
  • 38. Etc. Program (39) Policies (15) Plans (22) Mesures (93) Strategy (2) Norms (90) Plan (129)
  • 40. “the possible over-inclusiveness or under- inclusiveness of existing legal rules as applied to new practices” (L. Bennett-Moses, 2010)
  • 41. Suspicious about individual normativity process 2.1
  • 42. 1 – lack of protection
  • 43. ex.: Global Reporting Initiative (“GRI”) for sustainability reporting
  • 45.
  • 46. 2 – too much norms
  • 48. 1. ISO/IEC 27018:2014, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. 2. ISO/IEC 29100:2011, Information technology -- Security techniques – Privacy framework. 3. ISO/IEC WD 29134, Privacy Impact Assessment – Methodology. 4. ISO 13008:2012 – Information and Documentation – Digital records conversion and migration process. 5. ISO 13008:2012 – Information and documentation – Digital records conversion and migration process (PDF) 6. ISO/TR 23081-3:2011– Information and Documentation – Managing Metadata for Records – Part 3: Self-Assessment Method. 7. ISO 23081-1: 2006 – Information and Documentation – Metadata for records – Part 1 – Principles. 8. ISO 23081-2:2009 Information and documentation – Managing metadata for records – Part 2: Conceptual and implementation issues. 9. ISO/TR 26122:2008 Information and documentation – Work Process Analysis for Records. 10. ISO 16175-1:2010 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 1: Overview and statement of principles. 11. ISO 16175-2:2011 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 2: Guidelines and functional requirements for digital records management systems. 12. ISO 30300:2011 Information and Documentation – Management Systems for Records - Fundamentals and Vocabulary. 13. ISO 30301:2011 Information and Documentation – Management Systems for Records - Requirements. 14. ISO 15489-1, Information and Documentation – Records Management, Part. 1 – General, 2001. 15. ISO/TR 15489-2, Technical Report, Information and Documentation – Records Management, Part. 2 – Guidelines, 2001
  • 49. 3 – who controlled ?
  • 50.
  • 51.
  • 52. 4 – cost of standardization
  • 53. ex.: afnor (fr) / bsi (uk)
  • 55.
  • 56. Suspicious about individual normativity legal recognition 2.2
  • 57. jurisprudence is mainly on favor of new technologies
  • 58. ex 1: email acceptance (vandal c. Salvas, 2005 QCCQ 40771)
  • 59. ex 2: wikipedia page (reference to the page history)
  • 60. ex 3: paper version of “.xls” (Stadacona, s.e.c./Papier White Birch c. KSH Solutions inc., 2010)
  • 61. ex 4: digital picture (with no reference to metadata)
  • 62. No respect of double evidence rule document itself documentation on document
  • 63. Mainstream Canada v. Staniford, 2012 BCSC 1433 « [23] Among other things, Cermaq has published the principles governing its sustainability program and reported on the company’s performance, using the standards set by the Global Reporting Initiative (“GRI”) for sustainability reporting. Since 2010, the sustainability reporting is also subject to review by KPMG’s sustainability team. Ms. Bergan explained further that, if Cermaq deviates from the indicators that are part of the GRI, Cermaq must disclose the manner in which it has done so. This manner of reporting, using the GRI standards, applies to both Cermaq and Mainstream, according to Ms. Bergan. »
  • 64. cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015