Record impact for Practice Note 17

Record impact for Practice Note 17

May 22, 2009:Keeping business records in original electronic form instead of printing them out has been given an indirect boost with the release of Practice Note 17 issued by the Chief Justice of the Federal Court on 29 January 2009, notes Andrew Warland.

Along with a range of Federal and State/Territory legislation including the Electronic Transactions and Evidence Acts, and Australian Tax Office Ruling 2005/9 ‘Income tax: record keeping – electronic records’, there now seems to be very little justification for printing and keeping ‘born digital’ records - providing the authenticity of these documents is maintained.

The Federal Court Practice Note, which recommends the exchange and presentation of records electronically where there are more than 200 pages, was released six months after the NSW Supreme Court updated its own Practice Note (SC Gen 7, ‘Use of Technology’, dated 9 July 2008 but with effect from 1 August 2008).

As with the NSW version, the Federal Court Practice Note encourages the use of technology in civil litigation. The NSW version specifically makes the point that keeping records in their original electronic form makes litigation more efficient compared with printing them out.

The ability to exchange and then submit the original version of an electronic document as evidence, provided its authenticity can be assured, along with the rule of ‘best evidence’, has implications for the way in which records are maintained by organisations.

Although printing business documents is still common practice, keeping the original electronic version now seems to be a waste of paper and an environmentally poor practice – particularly if the best evidence available is the original electronic version that still exists on a network drive.

The authenticity of records that may be submitted as evidence is an important factor in the success or otherwise of any litigation. The NSW Practice Note makes reference to the NSW Universal Civil Procedures Rules (UCPR) 2005. Similar rules exist in other States and Territories, and in New Zealand.

The NSW UCPR contain two specific rules about the authenticity of documents.

The requesting party may require the admitting party to accept the authenticity of documents submitted. If the authenticity is not disputed within 14 days, then the document may be admitted. (Rule 17.4)A document will be admitted as an original document or a true copy unless the other party denies or disputes the authenticity of the document. (Rule 17.5)

This approach to authenticity was noted in both the 1999 case of National Australia Bank v Rusu where it was stated that the authenticity of a document could be proved by the evidence of the person who made it or one of the persons who made it, or a person who was present when it was made, and in the 2005 case of ASIC v Rich, where it was noted that it is up to the other party to challenge the accuracy and authenticity of a document admitted as evidence.

How, then, do organisations maintain the authenticity of business records kept electronically, particularly if the vast majority of such records are kept on network drives and in email?

Almost every organisation has either a legislative/regulatory or business requirement to keep a number of different types of records; ensuring that these records are authentic and reliable when they are needed or subject to external review can be a challenge, particularly given the massive volumes of electronic information that now exists.

One approach would be to implement guidelines contained in the Australian Standard for Records Management, AS ISO 15489:2002.

Part 7.2 of that Standard, ‘Characteristics of a Record’, states that a record can be considered authentic if it is what is purports to be, and the person who created or sent it, and the time it was created or sent, can be proven.

The Standard goes on to recommend that, to support authenticity requirements, organisations should have in place: (a) policies and procedures that control the creation, receipt, transmission, maintenance and disposition of records, and (b) systems or procedures to prevent their unauthorized addition, deletion, alteration, use or concealment.

This means identifying in policies and procedures what needs to be kept as a record, and having effective and (preferably user-friendly) systems in place to keep them.

Many organisations have developed and implemented a combination of policies, procedures and systems to manage their records, often with an emphasis on records that are subject to the highest levels of compliance risk.Examples including company and financial records, personnel records, records of manufacturing or construction processes, property and infrastructure type records, intellectual property, client related records and so on.

Not infrequently, many of these types of records have been kept in hard copy form because of concerns around the legality of keeping records in their original electronic form, or their admissibility as evidence.

Ironically, the printed version of such records might not be considered the best or even the most authentic evidence if the original electronic version still exists – a printed version could have been modified before it was printed and the electronic version kept without the change.

This doesn’t mean that the authenticity of records stored on network drives or in email folders is any better and can be assured. Network drives and email folders (in particular ‘personal’ email folders) have few controls (aside from access restrictions) and no audit trails recording what happens to records stored in them.

Documents stored on network drives and emails keep no record of who accessed, copied, moved, printed or deleted the record. Apart from naming conventions that explicitly show a version number, there can also be uncertainly about which version is the final.

The only effective way to ensure the authenticity of an unstructured record is to protect it. This means keeping a record of changes made, the individuals who have accessed it, and actions taken on it.Organisations seeking to manage and therefore protect their unstructured electronic records (including emails) in their original form, and maintain their authenticity as records over the time that they need to be kept, often acquire and implement some form of (electronic) document/records/content management system. These systems may also be used to manage paper records.

In the past several years, many of these systems have morphed from being designed for Document or Electronic Document Management (DM/EDM) and have either become or were acquired by Content Management (CM) systems to become Electronic Content Management (ECM) systems.

These systems – and there are many in the market - usually include some form of access and security controls, versioning, and other various actions that can be taken (or not) on the records stored in them, along with audit logs recording any changes made.

Coupled with effective and user-friendly policies and procedures, these systems allow organisations to maintain the authenticity of their business critical records, sometimes as easily as maintaining them in network drives.

Along with legislative, regulatory and other rulings and guidelines encouraging organisations to maintain their records in original electronic form, there should be no reason why organisations don’t keep all their records electronically – thereby making the processes of discovery and exchange of information when required for Court much simpler, not to mention being more environmentally friendly.

Andrew Warland is a senior Australian consultant and advisor on records and information management.

Comment on this story.