Legal Responsibilities

Legislation and Corporate obligations

comp_hacker-tech-team.jpg

Organisations are required by law to maintain evidence of business. Therefore all members, staff and contractors of an organisation are responsible for maintaining complete, accurate and reliable evidence of all business transactions and ensuring all corporate documents are retained within the official recordkeeping system at the point of creation regardless of the format, being in accordance with:

• State Records Act 2000
• Evidence Act 1906
• Acts Amendment (Evidence) Act 2000
• Freedom of Information Act 1992

(Government organisation are subject the additonal legislation)
• Local Government Act 1995
• Local Government Accounting Directions 1994

State Records Act

Under the Act a State record is defined as any record of information (in any form) created, received or maintained by a government organisation or parliamentary department in the course of conducting its business activities. State records can come in any format on which information can be stored including maps, plans photographs, films, magnetic and optical media, (State Records Office, 2001)

So what does the State Records Act say?

The State Records Act 2001 dictates that all government agencies must have a Recordkeeping Plan. The Act states what MUST be included:

• Those records that will be State archives;

• Those State archives that will be restricted access archives and the ages at which they
will cease to be restricted access archives;

• The retention period for records that are not State archives;

• The systems to ensure the security of the records and compliance with the
recordkeeping plan.

A Recordkeeping Plan MAY also include:

• The manner in which records will be created;

• For a record to be reproduced in another form;

• The destruction of a record, including duplicate copies.

All elected members, staff and contractors are responsible for accurate recordkeeping and must adhere to the Recordkeeping Plan

That means you!


(State Records Act 2000)

So how does the Recordkeeping Plan effect me and why should I care?

privacy_email.jpg

In order to satisfy the requirements of the Act, organisations must demonstrate that their recordkeeping systems ensure;

  • that records are compliant (with legal and administrative requirements).
  • Responsibility for the records is assigned, i.e. some-one is responsible for the record.
  • Documented methodology of how records will be managed.
  • Implemention of the documented methodology.
  • Methodology is consistently applied. That is that policies and procedures for recordkeeping are consistently implemented. Only then will the records created be considered reliable and credible.
  • Comprehensive. In other words all actions that constitute a record (see definition above) are recorded consistently. If this is not adhered to then the records system could be perceived as slective and thus unreliable
  • Identifiable. All records must be linked to the transaction from which it originated.
  • Accurate, they need to ensure that content, structure and context are preserved to ensure they accurately reflect the original transaction and are not open to misinterpration).
  • Understandable
  • Meaningful
  • Authentic, this means that they must originate from an authorised creator and from the specified source.
  • Inviolable. They cannot be altered as this would destroy accuracy, credibility, and authenticity.
  • Coherent and exportable. Original content, structure and context must be preserved across platforms. I.e. when transfering to new software or accessed by different users.
  • Auditable. This ensures that the record can be traced to the original transaction. It preserved the relationship between the record and the transaction.
  • Available. Records must be accessible.

(Bearman & Sochats, 2006)

All of the above criteria ensure that any record created by organisations can be used to support evidence of it's transactions in a court of law. Therefore if employees do not adhere to recordkeeping policies, the integrity of the recordkeeping system and indeed the whole organisation could be questioned.

If the organisation goes bankrupt or is prosecuted as a result of your negligence you could, lose your job, be fined or even imprisoned!

Evidence Act 1906 plus ammendments

This document presents guidance, based on current Commonwealth laws, about the legal acceptance of records in a court of law, particularly electronic records. The major areas addressed are:

  • rules of admissible evidence in courts and tribunals
  • compliance with subpoenas and orders of discovery
  • recordkeeping requirements.

However, advancements in technology has facilitated increased risk of evidence tampering. Organisations should take special precautions when using newer technologies to enhance the reliability of their recordkeeping systems, so that records produced by
such systems can be easily found and will be more likely to be legally acceptable. Establishing the authenticity and reliability of records may depend on the accuracy of the process or system used to produce the record, the source of the information in the record, and the method and time of its preparation. Problems may arise with the admissibility of records if appropriate standards and procedures are not followed in creating and maintaining them (National Archives of Australia, 2005).

The National Archives of Australia's Records in Evidence gives a clear example of why an organisation should pay particular attention to the Evidence Act.

Example: John’s email

The Commonwealth needs to prove that John, a public servant, sent a particular email at a specific time. There is no ‘direct observation’ evidence of that fact, that is, no one who can testify that they saw John write the email and then press the send icon on his computer. But there may be other records that courts will consider as evidence that John sent the email at that specific time.

For example, there may be records showing that the email originated from:

  • a computer which John was logged into, or
  • John’s email account.

Even if the evidence is admissible and is admitted, whether or not the court will accept the evidence as proof that John sent the email may depend upon other evidence before the court, including evidence that may be led by another party.
For example, the Commonwealth’s evidence of a record of John’s computer log on may need to be accompanied by evidence that John’s password was personal to him and, in the case of a network computer system, that no one but John could log on to his personal email account. However, the court would not necessarily infer that John was the person who sent the email if there was other evidence before the court that, for example, personal passwords in John’s work area were generally known and occasionally used by others to log on to email accounts, or if email messages logged into the agency’s recordkeeping system could be manipulated after the fact.

See Electronic Document Discovery on the next page.

Freedom of Information Act

privacy_busybodies.jpg

The Freedom of Information Act 1992 has as its objects, to:-

• Enable the public to participate more effectively in governing the State; and

• Make the persons and bodies that are responsible for State and Local Government more accountable to the public.

In furthering these objectives, the Freedom of Information Act requires that respondent agencies publish an annual Information Statement detailing how their records can be accessed and what records they hold, (State Law Publishers, n.d.)

Access to Documents under the Freedom of Information Act 1992

If documents are not readily available, you can apply for access under the Freedom of Information Act 1992. Requests should be made in writing (application FOI form) and submitted to the FOI Coordinator or the Records Team with the appropriate fee.

Amendment of Personal Records

If the organisation holds records about your personal affairs, which you believe are incomplete, incorrect, out of date or misleading, you can apply for them to be amended. Applications should be made in writing (application form available if required) and submitted to the FOI Coordinator.

Australian Standards

There are a number of Standards that are designed to help clarify the requirements of the recordkeeping Acts. They provide definitions and 'best practice' techniques on various within recordkeeping.

AS ISO 15489

This standard provides guidance on creating records policies, procedures, systems and processes to support the management of records in all formats.

AS 5090

AS 5090: Work Process Analysis for Recordkeeping is a complimentary standard to AS ISO 15489: Records Management. It assists organisations in understanding their work processes so that they can identify their recordkeeping requirements

AS 5044

The AGLS metadata standard, AS 5044, is the national standard for online resource discovery, mandated for use on all Australian Government websites. There is an Australian Government Implementation Manual available for this standard.

The Australian Government recordkeeping metadata standard describes the information Australian Government agencies should incorporate to establish physical and intellectual control over their records. Compliance with the standard will help agencies meet business, accountability and archival requirements in a systematic and consistent way by maintaining reliable, meaningful and accessible records over time.

Standard for the physical storage of Commonwealth records

The storage standard is a comprehensive guide to the storage of all Australian Government records, whether held in agency-owned or leased facilities, or with alternative storage providers. The standard covers all types of storage and represents a code of best practice for the storage of government records. The standard is supported by implementation guidelines.

Developments at the State Records Office: ORDA and ORCA

New Initiative - Online Retention and Disposal Application (ORDA) The State Records Office of WA is leading the development of a new web-based application that will enable government agency staff, and records consultants working with agencies, to draft and submit Retention and Disposal Schedules to the State Records Office. This application is called the Online Retention and Disposal Application (ORDA).

Once Retention and Disposal Schedules are approved, it is intended that they would be searchable and accessible within ORDA for other clients drafting their own Retention and Disposal Schedules. The purpose of this functionality is to allow clients to make informed decisions about:

  • retention periods;
  • disposal actions; and
  • access restrictions (if required) against a wider background of decision-making and to also encourage consistency in such areas as appropriate.

It is intended that such criteria would integrate with ORDA so that, when drafting a Retention and Disposal Schedule, clients can benchmark and justify decisions about appraisal and restricted access archives against wider frameworks.

Online Recordkeeping Compliance Application (ORCA)

The State Records Office also intends to develop a sibling web application to facilitate the online drafting and submission of Recordkeeping Plans. This application has been called the Online Recordkeeping Compliance Application (ORCA).

Current Press Releases Regarding Recordkeeping

Section: LJ NEWS
Incident raises issues of record-keeping and patron/library rights

Federal agents recently traced a death threat E-mailed to President Clinton to a workstation located in a branch of the Waterloo Public Library, IA. Although there is no precedent covering whether a library can be held accountable legally, word of the incident immediately sent a buzz through library listservs regarding record-keeping policies and patrons rights. Michael Dargan, technical systems administrator at the library, said via E-mail that the facility does not authenticate the use of public Internet workstations, making it impossible to discern who used a particular machine at a particular time and date.

Response from other librarians over the net was varied. A staffer at Englewood Public, NJ, initially asserted that net threats against Clinton were no doubt common, adding that her library does collect some data from patrons but only to identify who might be held responsible in the event that a machine is damaged in use. American Library Association Councilor Sue Kamm asserted that intellectual freedom principles might be at issue in the case. Though library records are considered private, a staffer at the Sonoma County Library, CA, recalled a similar incident. Federal investigators insisted strongly, he said, that the interest of national security takes precedence over individual rights and that the library would be "obligated" to provide the information without hesitation. Several cases in recent years, including the Oklahoma bombing, Unabomber, and the Andrew Cunanan manhunt, all resulted in law enforcement authorities obtaining access to defendants' library records.

Images: Kiddi Hacker Email PS Bushboddies down the Ages

Previous Page

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License