A lot of marketing currently equates compliance with a product's ability to “provide legal admissibility”. This turns out to be misleading due to the confusion that exists between the concepts of legal admissibility and evidential weight. In most jurisdictions virtually any electronic data can be submitted before a court of law, i.e. is legally admissible. The real question is that of evidential weight. Evidential weight is the extent to which the court can rely upon the electronic information.
Regulations tend to focus on which records need to be retained and for how long. Some go further, particular in the Financial Services, Pharmaceutical and Health Care sectors, and address the issues of integrity and authenticity of records in electronic form. This leads to the cornerstone of compliance, be it paper-based or electronic, which is demonstrating evidential weight for records.
Evidential weight is more than just document retention. Evidential weight requires that all aspects of data are retained; the existence or occurrence, the data itself, any access to the data contents, any attempt to edit or delete the data, ensuring that the data created is the data that is stored and demonstrating that no data has been lost or inappropriately deleted. For example, in the email or document archiving arena just storing a backup or snapshot of a messaging system is insufficient as is a system that provides a policy for storing information after a period of time has passed or where the choice of whether or not to store the information is placed under the control of each user.
If an organisation cannot prove that every required record has been retained for the correct period then they have not satisfied the evidential weight requirements. After all, if gaps in the record store exist then the suspicion is either that the store is unreliable or that those gaps were created to hide or destroy inconvenient information. In fact all organisations have an obligation to maintain records that could be used in a dispute for as long as a dispute may arise, as well as a general obligation to maintain records as the cost of conducting business. Organisations that operate in highly regulated industries, however, must meet additional specific requirements set down by their industry regulators. Irrespective of how they arise, the record keeping requirements are subject to the rules of evidence, which are quite separate from the regulatory record keeping requirements and which apply in addition to those requirements.
Evidential weight is the key concept that needs to be recognised as part of the discussion about compliance; an organisation needs to be in a position to demonstrate that the records it retains are the actual business records used and none has been added, changed or deleted.
For further details please send an email to enquiries@kalypton.com.