More digital recordkeeping FAQs from State Records NSW, November 2012 December 12, 2012

State Records staff were asked these key digital recordkeeping questions in November:

  • Is a scanned signature legally admissible?
  • Are scanned records legally admissible?
  • What are the 5 most compelling arguments I can use to explain why storing records in file shares on the IT network is not a good idea?
  • What type of information fields (metadata fields) should I include in a database?
  • How long do I have to keep paper records after I scan them?
  • How can I make and keep good records using SharePoint?
  • What technical standards and specifications does my scanning program have to meet?

Is a scanned signature legally admissible?

Yes it is.

There are two key pieces of legislation which affect the legality of using any form of digital signature:

The Electronic Transactions Act 2000 allows government organisations to use electronic technologies to do business, and specifies particular signature requirements and elements of a signature that digital signature methods must satisfy if they are to replace written signatures.

Essentially, according to section 9 of the Electronic Transactions Act, a signature must identify a person and indicate their consent for the transaction, the method used to sign must be reliable and appropriate, and the recipient of the signature must be satisfied with this form of signature. Apart from these general guidelines, the Act doesn’t specify any characteristics for legally acceptable digital signatures – these are left to business needs to determine.

The Evidence Act 1995 abolishes the ‘best evidence’ rule and allows for evidence which is, for example, a copy of a document in electronic format, or a version of a document produced by a device such as a computer.

There is, however, under the Act, a need to support the admissibility of this evidence by authentication (i.e. giving evidence that the digital output/copy is what it purports to be). This sort of authentication may involve testing the way a document was produced or kept or some other means of demonstrating that the methods by which you keep and maintain digital information are secure, reliable and well managed. For scanned digital signatures to be acceptable under this legislation, you may need to be able to prove that only an authorised person had access to a signature, that the signature was maintained securely, that the signature always reproduced appropriately, that the signature was only used for these specific transactions etc.

The National Archives of Australia has published a good summary of evidence issues from a recordkeeping perspective. Because the NSW Evidence Act mirrors the Commonwealth Evidence Act, this advice is applicable to both Commonwealth and NSW organisations.

Whatever decision you make about signatures, you should be aware that any type of digital signature should be managed appropriately and carefully. For example:

  • keep scanned images of signatures secure to prevent unauthorised use
  • where scanned images of signatures are embedded in documents or emails, make sure they can be seen once the document or email is registered in your organisation’s EDRMS
  • ensure that adequate systems security is in place and develop and implement procedures so that the process of using digital signatures is carefully controlled and so that your organisation is able to legally defend the integrity of the process in court.

Are scanned records legally admissible?

Yes they are.

In NSW there is no barrier to organisations tendering digital images of records as evidence. They can be considered suitable to submit in legal proceedings in response to Government Information (Public Access) Act (GIPA) applications and for other evidentiary purposes.

However, the value or credibility of a scanned image as evidence can still be questioned. The authenticity of a presented record may be challenged or a judge may be given some other reason to doubt the reliability of a digital image. In these cases, an organisation’s documentation regarding how the digitisation (scanning) was conducted and the digital images created and kept may help to demonstrate that the digital image is an authentic and credible representation of the original.

State Records has published some guidance for NSW public offices on digitising (scanning) records. This guidance includes a section on the legal admissibility and credibility of digital images.

To make sure that you are producing good quality scanned records to replace your paper originals you should ensure that:

  • All requirements for retaining originals have been assessed and fulfilled – ie you have no business needs or requirements that say your records have to be in paper
  • The scanned copies you create are authentic, complete and accessible – ie your scanning process has given you a fully legible and accessible digital copy to work with
  • The scanned copies can be kept for as long as you legally need to keep these records – ie records legally need to be kept for different periods of time – some 2 years, 5 years, 7 years, 20+ years depending on the type of business they are documenting. You can destroy the paper original if you are confident that you are able to keep the scanned version accessible and useable for as long as is legally required to be kept
  • The original paper records should be kept for quality control purposes for an appropriate length of time after copying – ie make sure you have time to validate that the scanning was successful and the scanned copy of the record is complete and legible.
  • The scanned records should have good title and description information attached to them so that you can easily find and use them and it means that these records should be captured into a secure system where they can be protected and managed.

What are the 5 most compelling arguments I can use to explain why storing records in file shares on the IT network is not a good idea?

By keeping records on shared drives instead of in corporate recordkeeping systems, you might not be able to meet your mandatory requirements under the State Records Act. Specifically you might not be able to:

  • ensure the safe custody and proper preservation of the State records that it has control of (one of its obligations under section 11 (1) of the State Records Act 1998). While some security measures can be added, most information on shared drives can be easily deleted.
  • make and keep full and accurate records of your activities (as required by section 12 (1) of the Act). Most information on shared drives can be easily edited and there are no audit trails to indicate who has made modifications. Property fields are rarely populated with metadata and there are no contextual links between documents and their business context. As their authenticity can be compromised, records stored on shared drives cannot adequately function as evidence.
  • prevent the unlawful disposal of State records (under section 21 of the Act, public offices may not dispose of State records, transfer their possession or ownership, take or send them out of NSW or alter them, without the approval of State Records). As records on shared drives can be easily deleted, they may be inappropriately disposed of (e.g. before minimum retention periods set out in retention and disposal authorities have expired).
  • properly protect records that are required to be kept as part of the State archives (part 4). As records on shared drives can be easily deleted, they may be inappropriately disposed of (e.g. records required as State archives in a retention and disposal authority may be deleted from drives).

In addition, keeping records on shared drives does not meet the requirements of the Standard on digital recordkeeping: shared drives are not digital recordkeeping systems (requirement 1.2) and cannot capture and manage the minimum required recordkeeping metadata as defined in the standard (requirement 1.3).

What type of information fields (metadata fields) should I include in a database?

Decisions about what information fields to include in a database should be made in consultation with the relevant business area who will be using the database. Business staff will have the best knowledge of what information fields will help them to perform their business, respond to clients, document their decisions or actions and to search for information.

When involved in database design like this, records staff can contribute knowledge about what types of records might need to be generated by the database, how long records in the database might need to be kept for and what additional metadata fields might be needed to support record integrity and to document recordkeeping processes like access or disposal. They can also help ensure that the database design and configuration is appropriately documented, to help support its sustainability and any future migrations of it.

How long do I have to keep paper records after I scan them?

After you scan records, you need to keep the paper originals for a suitable period of time for quality assurance processes.

State Records GA36, Imaged Records recommends that paper originals records be kept for at least 6 months after scanning. [UPDATE – January 2015: GA36 has been replaced by GA45]

However, if you have good quality control processes to support your scanning operations and a mature imaging program, or if the records you are scanning are low risk, you may decide that a shorter period of time will suit your quality assurance requirements.

You need to make sure, however, that you can keep the digital versions of the scanned records for as long as is specified in the appropriate retention and disposal authority.

How can I make and keep good records using SharePoint?

SharePoint continues to be widely used across Government, so we have referred several people to State Records SharePoint guidelines this month, which give good advice on how to build robust recordkeeping structures in SharePoint.

What technical standards and specifications does my scanning program have to meet?

State Records Digitisation guideline lists the scanning specifications that are recommended by State Records.

If you decide that these recommendations are not right for your organisation, the guideline also has some advice on how to determine which technical specifications might be right for you.

As usual, if you have any comments or questions about this month’s FAQs, please let us know.

2 Comments
Jason Ho March 7th, 2016

Hi,

i am after some information regarding the technical scanning requirements for Government. Can you please confirm the minimum dpi required for scanning Government documents?

We are a technology company providing scanning solutions and would like to ensure that we systems can meet the government requirements.

Emma Harris March 15th, 2016

Hi Jason
State Records NSW has published some guidance on technical specifications for scanning projects for use by NSW public offices. These guidelines include recommended technical specifications determined by Archives New Zealand, which provide a good guide for scanned records.

Leave a Reply

You must be logged in to post a comment.