SlideShare une entreprise Scribd logo

GautraiSerene

Télécharger en tant que PPT, PDF
G
gautrais

More and more, web players must document their data preservation practices. While in traditional evidence law, one must use documents produced by third parties to prove something (a signature, documents produced by the opposite side, etc.), digital evidence introduced in front of the courts must be accompanied by explanations of the conditions under which these documents were created, hosted, archived, transmitted.Whether it is an html page, a screen capture, a word file, or a Wikipedia entry, each new piece of evidence, to be admitted, must explain how the document was managed. A new major principle therefore emerges:documentation. Breaking somehow established legal traditions, each stage of a document’s lifecycle must beconsidered beforehand. This process often rests on technical norms and standards designed by the industry(ISA, ARMA, COBIT). But these technical norms precisely require companies to adopt procedures and policies demonstrating their due diligence in how their protect their data.

Droit
1  sur  64
cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015
considering legal aspects of i.t. privacy evidence contract copyright business etc.
Vincent Gautrais, La preuve technologique, Lexis / Nexis, Montréal, mars 2014.
conclusion Individual normativity is the good tool …
conclusion but we need more control on them !
plan 1.State of the Art + Individuel Normativity 1. State of the Art in General (facts) 2. State of the Law (law) 2.Suspicious + Individual Normativity 1. Suspicious about I.N. Process (facts) 2. Suspicious about I.N. Law Recognition (law)
1 – State of the art of individual normativity phenomenon 1
1.1 – generalisation of individual normativity in general 1.1
documentation accountability modelisation code of conduct audit etc. guidelines privacy by design
LawsRegulations Contract Policies Formal Level Informal Level Documentation Level Standards Guidelines Norms Methods Codes of Conduct Principles Procedures
Certification Service Provider ExampleCertification Service Provider Example
in all laws, documentation was the main issue that CSPs had to provide
2 main reasons behind this phenomenon
1 – complexity
2 – technology
Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman, Information Accountability, (2007)
“This paper argues that debates over online privacy, copyright, and information policy questions have been overly dominated by the access restriction perspective. We propose an alternative to the “hide it or lose it” approach that currently characterizes policy compliance on the Web. Our alternative is to design systems that are oriented toward information accountability and appropriate use, rather than information security and access restriction.”
“In many cases it is only by making better use of the information that is collected, and by retaining what is necessary to hold data users responsible for policy compliance that we can actually achieve greater information accountability”
process of security
process of security
1.2 – generalisation of individual normativity in specific legal context 1.2
example 1 law + security
An Act to Establish a Legal Framework for Information Technology, CQLR c C-1.1
Documentation and Quebec Law Transfer (17) Communication (30 + 34) Retention (21) Evidence in general
Quite the same at the federal level (Canada evidence act) (31.3) the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (…) the computer system or other similar device used by the electronic documents system was operating properly (…)
legal revolution
1 – respect of double evidence rule document itself documentation on document
2 – document managed by yourself
example 2 law + privacy
34 PIPEDA 4.1 Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles. (…) 4.1.4 Organizations shall implement policies and practices to give effect to the principles, including • (a) implementing procedures to protect personal information; • (b) establishing procedures to receive and respond to complaints and inquiries; • (c) training staff and communicating to staff information about the organization’s policies and practices; and • (d) developing information to explain the organization’s policies and procedures.
on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))
example 3 law + environment
example 3 Quebec environment quality act (RLRQ c Q-2)
Etc. Program (39) Policies (15) Plans (22) Mesures (93) Strategy (2) Norms (90) Plan (129)
Suspicious about individual normativity 2
“the possible over-inclusiveness or under- inclusiveness of existing legal rules as applied to new practices” (L. Bennett-Moses, 2010)
Suspicious about individual normativity process 2.1
1 – lack of protection
ex.: Global Reporting Initiative (“GRI”) for sustainability reporting
Example of Hydro-Quebec
2 – too much norms
ex.: ISO
1. ISO/IEC 27018:2014, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. 2. ISO/IEC 29100:2011, Information technology -- Security techniques – Privacy framework. 3. ISO/IEC WD 29134, Privacy Impact Assessment – Methodology. 4. ISO 13008:2012 – Information and Documentation – Digital records conversion and migration process. 5. ISO 13008:2012 – Information and documentation – Digital records conversion and migration process (PDF) 6. ISO/TR 23081-3:2011– Information and Documentation – Managing Metadata for Records – Part 3: Self-Assessment Method. 7. ISO 23081-1: 2006 – Information and Documentation – Metadata for records – Part 1 – Principles. 8. ISO 23081-2:2009 Information and documentation – Managing metadata for records – Part 2: Conceptual and implementation issues. 9. ISO/TR 26122:2008 Information and documentation – Work Process Analysis for Records. 10. ISO 16175-1:2010 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 1: Overview and statement of principles. 11. ISO 16175-2:2011 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 2: Guidelines and functional requirements for digital records management systems. 12. ISO 30300:2011 Information and Documentation – Management Systems for Records - Fundamentals and Vocabulary. 13. ISO 30301:2011 Information and Documentation – Management Systems for Records - Requirements. 14. ISO 15489-1, Information and Documentation – Records Management, Part. 1 – General, 2001. 15. ISO/TR 15489-2, Technical Report, Information and Documentation – Records Management, Part. 2 – Guidelines, 2001
3 – who controlled ?
4 – cost of standardization
ex.: afnor (fr) / bsi (uk)
ex.: Sarbanes-Oxley Act
Suspicious about individual normativity legal recognition 2.2
jurisprudence is mainly on favor of new technologies
ex 1: email acceptance (vandal c. Salvas, 2005 QCCQ 40771)
ex 2: wikipedia page (reference to the page history)
ex 3: paper version of “.xls” (Stadacona, s.e.c./Papier White Birch c. KSH Solutions inc., 2010)
ex 4: digital picture (with no reference to metadata)
No respect of double evidence rule document itself documentation on document
Mainstream Canada v. Staniford, 2012 BCSC 1433 « [23] Among other things, Cermaq has published the principles governing its sustainability program and reported on the company’s performance, using the standards set by the Global Reporting Initiative (“GRI”) for sustainability reporting. Since 2010, the sustainability reporting is also subject to review by KPMG’s sustainability team. Ms. Bergan explained further that, if Cermaq deviates from the indicators that are part of the GRI, Cermaq must disclose the manner in which it has done so. This manner of reporting, using the GRI standards, applies to both Cermaq and Mainstream, according to Ms. Bergan. »
cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015

Recommandé

Desing thinking 2
Desing thinking 2Desing thinking 2
Desing thinking 2
David Reyes
 
Docker
DockerDocker
Docker
priyatnananda10
 
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriTasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Ezgi Ezdar Onur, MSc.
 
Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking"
Ezgi Ezdar Onur, MSc.
 
Success factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiSuccess factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimi
itelligence TR
 
Desing thinking
Desing thinkingDesing thinking
Desing thinking
Xabier Iraola
 
Desing thinking workshop
Desing thinking workshopDesing thinking workshop
Desing thinking workshop
Design Thinking Workshop
 
Crash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsCrash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeets
Board of Innovation
 

Recommandé

Desing thinking 2
Desing thinking 2Desing thinking 2
Desing thinking 2
David Reyes
 
Docker
DockerDocker
Docker
priyatnananda10
 
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum TeknikleriTasarımcı Düşünce ile Etkili Sunum Teknikleri
Tasarımcı Düşünce ile Etkili Sunum Teknikleri
Ezgi Ezdar Onur, MSc.
 
Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking" Girişimciler için "Design Thinking"
Girişimciler için "Design Thinking"
Ezgi Ezdar Onur, MSc.
 
Success factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimiSuccess factors ile hedef ve performans deneyimi
Success factors ile hedef ve performans deneyimi
itelligence TR
 
Desing thinking
Desing thinkingDesing thinking
Desing thinking
Xabier Iraola
 
Desing thinking workshop
Desing thinking workshopDesing thinking workshop
Desing thinking workshop
Design Thinking Workshop
 
Crash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeetsCrash Course Design Thinking - by @arnoutsmeets
Crash Course Design Thinking - by @arnoutsmeets
Board of Innovation
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
Lisa Catanzaro
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
Mayank Diwakar
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
Dr. Richard Otieno
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
YashPatel132112
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
Federico Costantini
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Anne ndolo
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
CSCJournals
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
BhagyasriPatel2
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
Davide Gabrini
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...
Emerson Bryan
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
Costas Katsavounidis
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
Atul Rai
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
Happyness Mkumbo
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
jackpopo
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
newbie2019
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
Editor IJCTER
 
Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2
gautrais
 
Signature
SignatureSignature
Signature
gautrais
 

Contenu connexe

Similaire à GautraiSerene

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
Lisa Catanzaro
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
CSCJournals
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...
Emerson Bryan
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 

Similaire à GautraiSerene (20)

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
 
Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...Introduction to Records Management - Getting Organized - Files & Records - Se...
Introduction to Records Management - Getting Organized - Files & Records - Se...
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 

Plus de gautrais

Sécurité juridique + médias sociaux
Sécurité juridique + médias sociauxSécurité juridique + médias sociaux
Sécurité juridique + médias sociaux
gautrais
 
Gestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationGestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducation
gautrais
 
AAPI gestion courriel
AAPI gestion courrielAAPI gestion courriel
AAPI gestion courriel
gautrais
 
Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0
gautrais
 

Plus de gautrais (11)

Fonctionsv2
Fonctionsv2Fonctionsv2
Fonctionsv2
 
Signature
SignatureSignature
Signature
 
Preuve2015
Preuve2015Preuve2015
Preuve2015
 
Gautrais
GautraisGautrais
Gautrais
 
Sécurité juridique + médias sociaux
Sécurité juridique + médias sociauxSécurité juridique + médias sociaux
Sécurité juridique + médias sociaux
 
Gestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducationGestion juridique des médias sociaux: éducation
Gestion juridique des médias sociaux: éducation
 
AAPI gestion courriel
AAPI gestion courrielAAPI gestion courriel
AAPI gestion courriel
 
Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0Congrès du Barreau du Québec 2011 - Diffamation 2.0
Congrès du Barreau du Québec 2011 - Diffamation 2.0
 
Crime 2.0
Crime 2.0Crime 2.0
Crime 2.0
 
Snowden20140402vgv2
Snowden20140402vgv2Snowden20140402vgv2
Snowden20140402vgv2
 
Preuve gautraisv2
Preuve gautraisv2Preuve gautraisv2
Preuve gautraisv2
 

Dernier

一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
Airst S
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
VarshRR
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
e9733fc35af6
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
Airst S
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
Airst S
 
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
e9733fc35af6
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书
irst
 
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
F La
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 

Dernier (20)

Career As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsCareer As Legal Reporters for Law Students
Career As Legal Reporters for Law Students
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书
 
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in India
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 

GautraiSerene

  • 1. cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015
  • 2.
  • 3. considering legal aspects of i.t. privacy evidence contract copyright business etc.
  • 4. Vincent Gautrais, La preuve technologique, Lexis / Nexis, Montréal, mars 2014.
  • 5.
  • 6.
  • 8. conclusion but we need more control on them !
  • 9. plan 1.State of the Art + Individuel Normativity 1. State of the Art in General (facts) 2. State of the Law (law) 2.Suspicious + Individual Normativity 1. Suspicious about I.N. Process (facts) 2. Suspicious about I.N. Law Recognition (law)
  • 10. 1 – State of the art of individual normativity phenomenon 1
  • 11. 1.1 – generalisation of individual normativity in general 1.1
  • 12.
  • 15. Certification Service Provider ExampleCertification Service Provider Example
  • 16. in all laws, documentation was the main issue that CSPs had to provide
  • 17. 2 main reasons behind this phenomenon
  • 20. Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman, Information Accountability, (2007)
  • 21. “This paper argues that debates over online privacy, copyright, and information policy questions have been overly dominated by the access restriction perspective. We propose an alternative to the “hide it or lose it” approach that currently characterizes policy compliance on the Web. Our alternative is to design systems that are oriented toward information accountability and appropriate use, rather than information security and access restriction.”
  • 22. “In many cases it is only by making better use of the information that is collected, and by retaining what is necessary to hold data users responsible for policy compliance that we can actually achieve greater information accountability”
  • 25. 1.2 – generalisation of individual normativity in specific legal context 1.2
  • 26. example 1 law + security
  • 27. An Act to Establish a Legal Framework for Information Technology, CQLR c C-1.1
  • 28. Documentation and Quebec Law Transfer (17) Communication (30 + 34) Retention (21) Evidence in general
  • 29. Quite the same at the federal level (Canada evidence act) (31.3) the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (…) the computer system or other similar device used by the electronic documents system was operating properly (…)
  • 31. 1 – respect of double evidence rule document itself documentation on document
  • 32. 2 – document managed by yourself
  • 33. example 2 law + privacy
  • 34. 34 PIPEDA 4.1 Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles. (…) 4.1.4 Organizations shall implement policies and practices to give effect to the principles, including • (a) implementing procedures to protect personal information; • (b) establishing procedures to receive and respond to complaints and inquiries; • (c) training staff and communicating to staff information about the organization’s policies and practices; and • (d) developing information to explain the organization’s policies and procedures.
  • 35. on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))
  • 36. example 3 law + environment
  • 37. example 3 Quebec environment quality act (RLRQ c Q-2)
  • 38. Etc. Program (39) Policies (15) Plans (22) Mesures (93) Strategy (2) Norms (90) Plan (129)
  • 40. “the possible over-inclusiveness or under- inclusiveness of existing legal rules as applied to new practices” (L. Bennett-Moses, 2010)
  • 41. Suspicious about individual normativity process 2.1
  • 42. 1 – lack of protection
  • 43. ex.: Global Reporting Initiative (“GRI”) for sustainability reporting
  • 45.
  • 46. 2 – too much norms
  • 48. 1. ISO/IEC 27018:2014, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. 2. ISO/IEC 29100:2011, Information technology -- Security techniques – Privacy framework. 3. ISO/IEC WD 29134, Privacy Impact Assessment – Methodology. 4. ISO 13008:2012 – Information and Documentation – Digital records conversion and migration process. 5. ISO 13008:2012 – Information and documentation – Digital records conversion and migration process (PDF) 6. ISO/TR 23081-3:2011– Information and Documentation – Managing Metadata for Records – Part 3: Self-Assessment Method. 7. ISO 23081-1: 2006 – Information and Documentation – Metadata for records – Part 1 – Principles. 8. ISO 23081-2:2009 Information and documentation – Managing metadata for records – Part 2: Conceptual and implementation issues. 9. ISO/TR 26122:2008 Information and documentation – Work Process Analysis for Records. 10. ISO 16175-1:2010 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 1: Overview and statement of principles. 11. ISO 16175-2:2011 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 2: Guidelines and functional requirements for digital records management systems. 12. ISO 30300:2011 Information and Documentation – Management Systems for Records - Fundamentals and Vocabulary. 13. ISO 30301:2011 Information and Documentation – Management Systems for Records - Requirements. 14. ISO 15489-1, Information and Documentation – Records Management, Part. 1 – General, 2001. 15. ISO/TR 15489-2, Technical Report, Information and Documentation – Records Management, Part. 2 – Guidelines, 2001
  • 49. 3 – who controlled ?
  • 50.
  • 51.
  • 52. 4 – cost of standardization
  • 53. ex.: afnor (fr) / bsi (uk)
  • 55.
  • 56. Suspicious about individual normativity legal recognition 2.2
  • 57. jurisprudence is mainly on favor of new technologies
  • 58. ex 1: email acceptance (vandal c. Salvas, 2005 QCCQ 40771)
  • 59. ex 2: wikipedia page (reference to the page history)
  • 60. ex 3: paper version of “.xls” (Stadacona, s.e.c./Papier White Birch c. KSH Solutions inc., 2010)
  • 61. ex 4: digital picture (with no reference to metadata)
  • 62. No respect of double evidence rule document itself documentation on document
  • 63. Mainstream Canada v. Staniford, 2012 BCSC 1433 « [23] Among other things, Cermaq has published the principles governing its sustainability program and reported on the company’s performance, using the standards set by the Global Reporting Initiative (“GRI”) for sustainability reporting. Since 2010, the sustainability reporting is also subject to review by KPMG’s sustainability team. Ms. Bergan explained further that, if Cermaq deviates from the indicators that are part of the GRI, Cermaq must disclose the manner in which it has done so. This manner of reporting, using the GRI standards, applies to both Cermaq and Mainstream, according to Ms. Bergan. »
  • 64. cybersecurity ecosystem: the documentation dimension full professor | director of crdp www.gautrais.com www.crdp.umontreal.ca www.twitter.com/gautrais Ottawa | 04/22/2015