New U.S. ESI Rules Will Affect Canadian Businesses

Effective December 1, 2006, new U.S. federal rules of civil procedure came into force, dealing with electronically stored information (ESI) in the context of civil discovery rules.

The new discovery rules make ESI a specific type of discoverable business record, which must be produced in a usable form in a discovery process. The rules recognize the unique challenges posed by ESI, and encompass metadata (like the date of creation, and the names of authors and reviewers) that is often part of any litigation based on these records.

In the U.S., the effect of the new e-discovery rules will be to bring some uniformity and clarity to a process that had become confused and entangled in separate, ad hoc decisions.

And what will be the effect of the new discovery rules in Canada? First, any Canadian branch of a U.S. company will likely be required to follow the new rules. But even if the Canadian laws of civil procedure do not officially emulate the new U.S. rules, it’s likely that they will form the basis of new Canadian best practices for collecting, maintaining and archiving electronic information.

For a link to an issue of Protiviti’s Litigation and Fraud News that discusses the new rules, click here.

<< Top of Page

A Universal Identity Metasystem

In 2006 editions of the PolicyPro Bulletin, we talked about metadata and meta-languages. To kick off 2007, we offer an interesting discussion from the Information and Privacy Commissioner of Ontario on the subject of a universal identity metasystem.

Internet commerce depends on a safe, secure system of digital identity authentication. The current system of username/password authentication is clearly not up to the task. Weak passwords, password re-use, and other poor password management practices have resulted in an epidemic of phishing, spear-phishing and pharming. Recent reports indicate that online banking activity is declining as a result. It’s becoming obvious that the potential of online commerce is limited by the lack of a secure, reliable, easy-to-use authentication standard.

But help is on the way. Technology leaders are working on a universal identity metasystem, a “system of systems” that will provide interoperability between existing and new identity technologies, and give users a straightforward interface to manage all their digital identity credentials. The development work is based on the “7 Laws of Identity” that these industry leaders have formulated.

And why is the Privacy Commissioner’s interested? Because identity and privacy cannot be separated—the digital identities of people and the devices that they use constitute personal information that must be protected.

In 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, Ann Cavoukian, Ph.D., Information and Privacy Commissioner of Ontario, provides an interesting discussion of the topic, giving us a glimpse of the current state of the ongoing development of the user interface of the identity metasystem, and correlating the 7 Laws of Identity and the 10 principles of the CSA Model Code for the Protection of Personal Information. In addition, the paper contains a very useful appendix of links to other reading material on this subject.

Click here for a link to this paper.

<< Top of Page

Employers are constantly confronted with new challenges as issues in employment law arise and evolve. In some areas—like whistleblower protection and criminal liability in occupational health and safety incidents—the evolution is a result of new legislation. In others—employment contracts, restrictive covenants, termination and duty to accommodate—it's recent jurisprudence, precedent-setting court decisions that change the way the law is interpreted.

In a recent article from HRinfodesk.com, Yosie Saint-Cyr, LL.B. and Christina Catenacci, LL.B. review the latest developments in employment law and provide some suggestions for ways that employers can foster healthy employment relationships and minimize the possibility of legal action.

For a link to this excellent article, click here.

<< Top of Page

KnowledgeLeader has provided a useful example of a preliminary assessment questionnaire that an internal auditor might provide to managers or process owners in the IT department before conducting an audit. The questionnaire helps the auditor understand existing business processes and management’s view of the internal control environment.

For a link to the questionnaire and instructions for its use on KnowledgeLeader.com, click here.

<< Top of Page

The news is suddenly full of items about “sustainable development.” For those of you who are left scratching their heads about just what this means, it has been defined as "meeting the needs of the present without compromising the ability of future generations to meet their own needs." In short, it means using resources prudently and responsibly.

Industry Canada has recently published Sustainable Development Strategy 2006-09, a far-reaching plan that aims to “broaden and deepen the practical implementation of the business case for sustainable development in Canadian industry.” Its vision is to position Canada as a leader in supporting sustainable development technologies and practices for businesses and consumers by facilitating sustainability awareness and performance levels.

For more information, click here.

<< Top of Page

The new risk-based audit methodology requires that auditors understand and evaluate the client’s system of internal control. This understanding enables the auditor to identify the specific controls that will prevent, detect and correct material misstatements and meet the requirement to report any significant deficiencies to management.

In response to the new risk-based audit, Finance and Accounting PolicyPro (FAPP) has been expanded to include cross references that link the model policies to both the COSO Internal Control— Integrated Framework (ICIF) as well as the CICA Professional Engagement Risk Evaluation forms in the Professional Engagement Manual (PEM).

For auditors, the cross references to these two, commonly-used risk assessment frameworks make it possible to evaluate whether any specific internal control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. What’s more, they identify the specific policies and procedures that can be used to meet control objectives or mitigate identified risks.

As a result, FAPP can be an invaluable resource for auditors and their staffs to conduct the necessary assessments of internal control for your audit engagements. In addition, it is a training resource that will help ensure that everyone on the audit team employs consistent standards of practice in the the evaluation of internal controls.

FAPP has already proven to be very popular with comptrollers and directors of finance who needed to create or update a policy manual to meet the demand for better internal control. Now, auditors, too, can use this invaluable reference tool to help document, evaluate and assess any system of financial and governance internal controls.

Click here for more detailed information about Finance and Accounting PolicyPro.

<< Top of Page

About the PolicyPro Bulletin

Editor: Colin Braithwaite, Managing Editor – PolicyPro.

Please do not reply to this Email.

PolicyPro Bulletin is a complimentary service published by First Reference Inc. and is sent to you monthly. Each issue of the PolicyPro Bulletin provides headlines and summaries of news that affects internal controls and policies in Canada.

Please forward this Bulletin to your colleagues.

Please send any comments or suggestions about the PolicyPro Bulletin to editor@policypro.ca. For information about the PolicyPro Library, visit www.PolicyPro.ca. For information about First Reference and our HR-related products, visit www.firstreference.com. To read our Terms of Use, Disclaimer, Privacy Policy and other legal matters, visit PolicyPro.ca.

This publication is written for informational purposes only and should NOT be relied upon as legal advice or opinions. The reader should always obtain legal advice from a qualified lawyer or other qualified professional, which will be responsive to the case or circumstance of the individual. Please note that the content provided in this Bulletin or any content contained in or made available through any third party website linked to from this Bulletin, is provided "as is" without representations or warranties of any kind. All representations and warranties in respect of Content or Third Party Content, express or implied, including, without limitation any representations to warranties or conditions regarding accuracy, timeliness, completeness, non-infringement, merchantability or fitness for any particular purpose are hereby disclaimed.

PolicyPro Bulletin ISSN: 1718-5866 Copyright ©2007, First Reference Inc., All Rights Reserved.