Turning data into evidence
Allison Stanfield looks at the many challenges in preparing electronic documents to present to a court that will be accepted as evidence.
Electronic discovery can put your organisation under immense pressure to retrieve information from a wide range of sources, ranging from email archives to file servers and desktop and mobile devices. However all that effort can come to nought if your documents are not accepted as evidence by the court.
Electronic evidence is a relatively new phenomenon and is rapidly becoming the default form of documentary evidence. Information is now largely created and stored digitally and email is now the leading form of communication.
When you are responding to a discovery order or preparing for a court action, it is important to deal with documents in a way that ensures their integrity is not compromised so that, if required, they can be used as evidence in court and that the maximum weight can be applied to the evidence.
Courts in Australia are guided by rules of evidence that exist at common law and a range of legislation (in various forms of the Evidence Acts). To cite a document as evidence in a court, electronic documents must meet the definition of ‘document’ under the relevant Evidence Act. The definitions are broadly similar across the Commonwealth and various states.
Until the best evidence rule was abolished by the Evidence Acts, it was necessary to produce the original document, however, the Evidence Acts provide that a copy can be accepted by the court.
Nothing can guarantee the acceptance of electronic evidence before a court. The admissibility of evidence in any court case is subject to compliance with the rules of admissibility and the interpretation placed upon them by the court.
The rules of evidence govern how a party goes about proving its case. In putting evidence to the court, a party should consider three questions:
- • How to put to the court evidence of the fact;
- • Whether the evidence is admissible;
- • The weight the court will give the evidence.
When attempting to establish the authenticity and reliability of electronic evidence, it will be necessary to prove the accuracy of the process the system used to create records, the source of the information on the record and the method and time of its preparation. If appropriate standards and procedures have been followed in the creation and maintenance of electronic evidence, the party endeavouring to prove the evidence will be in much better stead than if there are minimal standards and procedures. It is important to show that the chain of custody remains intact when electronic evidence has been handled.
When considering the weight afforded to copies of documents, for example, where hard copies have been converted in an electronic format, the court may take into account the following factors:
- • Accuracy – that the copies were made accurately;
- • Reliability & Integrity – that the copies have been retained in a robust and secure environment;
- • Authenticity – that the copies have not been tampered with in any way; and
- • Accessibility – the copies can be accessible in years to come i.e. to ensure the records are accessible on current technologies.
The passage of the Commonwealth Electronic Transactions Act in 1999 has since meant that transactions conducted electronically in Australia can be enforced.
The importance of good record-keeping practices is emphasised by legislation such as Section 11(2) of the Electronic Transactions Act 2000 (NSW). This sets out guidelines for information that must be recorded when converting paper documents to electronic format for archiving purposes . Organisations should employ good record keeping practices to afford their evidence more weight, if required. Standards Australia’s HB171-2003 Guidelines for the management of IT evidence should be followed where possible.
A Document Destruction and Retention Policy should be prepared and adhered to, and an appropriate electronic document and records management system should be used to capture electronic information and allow for quick and easy retrieval of information generally or for litigation purposes.
Record-keeping practices should be established, advised to all staff and followed. Adequate resources should be in place to develop, implement and maintain record keeping policies, procedures and systems. It is imperative that audit trails and logs are kept to support reliable and accurate record keeping, particularly to show who accessed the system and when, and to indicate where attempts to gain unauthorised access to the system were undertaken. Security of the system should be robust and tested on a regular basis. System documentation should be maintained and stored in a logical manner. Organisations should ensure that record-keeping practices are capable of being legally acceptable.
The process should include robust quality assurance procedures. QA procedures should be implemented to ensure metadata capture and imaging is undertaken in accordance with standards. Random sampling of pages and metadata should be undertaken to check quality (using standards such as ISO 2859). Verification Certificates verifying the integrity of the imaging and metadata capture process should be completed once random sampling checks have been completed verifying the accuracy of the imaging and metadata process.
The integrity of any electronic document & records management system should be maintained, and IT systems should have:
- • Adequate physical and other security safeguards;
- • Audit logs of access to and use of images and metadata;
- • Metadata that is secured and linked to images;
- • Adequate business continuity and disaster recovery plans; and
- • A migration strategy to ensure data can be moved across to updated technological platforms.
By implementing procedures, documentation and QA processes which can be submitted to the court to show that the process preserved the integrity of the original, an organisation will be much better placed to cite evidence to establish a fact before any court and have it afforded the most weight.
Allison Stanfield is a founder and CEO of e.law Australia, a company specialising in digital evidence. Allison’s has recently published her second book, “Computer Forensics, Electronic Discovery and Electronic Evidence”, Lexis-Nexis, 2009.