Upload
anthonywong
View
428
Download
0
Embed Size (px)
DESCRIPTION
A Legal Perspective on Information Management “New Social Media – The New Record Format?”
Citation preview
1
A Legal Perspective on Information Management
“New Social Media – The New Record Format?”
Anthony Wong MACS CP
President
Australian Computer Society SEARCC
2
South-East Asia Regional South-East Asia Regional Computer Confederation (SEARCCComputer Confederation (SEARCC))
3
Joining the ranks of lawyers accountants and engineers
4
Businesses and Government agencies are increasingly using social media (or Web 2.0) tools to communicate and interact
Records of value may be created by the use of social media tools. These records need to be captured and maintained
Use of third-party sites raises questions about the status of the records
Information residing or stored on third-party sites may not be regarded legally as property and e.g. consequently may not be a Australian Government record (Section 3 of the Archives Act 1983)
New Social Media –
The New Record Format?
5
Social Media Tools
Common social media tools used today include: Blogs Wikis Social networking sites Instant messaging Social bookmarking Media sharing Collaborative editing sites
6
New Social Media –
The New Record Format? Facebook, MySpace and online forums – the new
meeting place For conversations with friends, colleagues or
acquaintances in a casual setting But published online – in a more permanent form
copied by users stored in cache archived copies
No security measures are perfect
7
Issues arising from New Social Media - Publication
8
What law governs the New Media
Subject to the same laws Emerging laws and codes specific to the Internet and
new media Possibly the laws of other countries International law
9
Social media and Australian Government records
Social media and the 'authentic record' Social media is dynamic. Its content is ever-changing and government information
may be taken up by others for use and reuse. It is therefore important to ensure that an accurate and authentic ‘original’ copy of information is captured and saved as a record.
Allocating responsibility for records capture Agency records management policy or agency policy on using social media should
also include advice about the information and records management obligations that accompany social media use. Web administrators may routinely capture records of website social media interactions, but the policy needs to make it clear when this routine capture may not be sufficient, and when individual authors have responsibility for capturing information from the social media tools that they use. Staff in the records management unit should be able to assist with these decisions.
From www.naa.gov.au/records-management/create-capture-describe/socialmedia/index.aspx
10
Social media and Australian Government records
What social media interactions need to be captured? The same records management principles apply to social media content as to other
records created in the agency. Agency staff using social media tools for official purposes need to consider which records need to be captured to comply with agency records management policy, or discuss this with their records management unit.
Do records of all social media interaction need to be kept? Different information has different value and, therefore, different requirements for
creation, capture and retention. For example, usually spam may be disposed of immediately. However, more valuable social media records such as feedback about policy would need to be retained appropriately. The decision is not always clear cut, and a judgement must be made about the material’s relevance to agency business. Records management staff can advise on an agency’s information management needs.
From www.naa.gov.au/records-management/create-capture-describe/socialmedia/index.aspx
11
User activated 'deletion' vs Disposal of Records
Deleted photos on Facebook accessible online for up to 30 months
Users who have kept the direct link to photos were able to still gain access
Facebook uses a content distribution network (CDN), which stores multiple copies of content on servers around the globe so that it can be accessible more quickly
SMH Ben Grubb October 13, 2010 - 4:22PM
12
Half of second-hand mobilephones contain personal data
Private personal data remains on discarded mobile phones, with intimate photos and credit card numbers and pins
Half of 50 handsets bought from second-hand resellers on eBay contained personal messages or photos, according to exclusive research from the mobile and forensics experts Disklabs
"Data is more portable, more accessible, more widely disseminated and more numerous than ever before," said Ferguson. "We tend to place our faith in the technology that we use to access our data, we believe that when we hit delete the data is gone, and we believe that if we restrict the audience we share with that the data will not go any further. These beliefs are often misplaced - as that story testifies."
SMH October 13, 2010 - 11:56AM
13
Evidence from recovered data
14
Legal risk and admissibility of electronic documents and records
critical to establish a thorough records management system
necessary to provide documentary evidence if there is a business dispute
also to satisfy statutory requirements regarding the retention of records
are electronic documents sufficient?
15
Section 48 Australian Evidence Act 1995 (Cth) –original document rule (Best Evidence Rule) abolished and copies are as good as the originals but must keep evidence of integrity of process used to produce the copy
Best Evidence Rule expunged in Federal, ACT, Tasmania, Victoria and NSW
Generally, Australian Electronic Transactions Act 1999 (Cth) production of documents– Section 11 Requirement to produce a document is met if the person produces an
electronic form of the document provided the conditions that a reliable means of assuring the integrity and ready accessibility and useability for subsequent reference are met
Electronic Evidence
16
Australia First to Allow Service by Facebook
17
Facebook used to serve paternity test order
18
Facebook Sign Up – Terms & Privacy
19
Website Terms & Conditions
‘This contract is subject to our standard terms and conditions’- chance to read it?
reference statement with hyperlink– reference statement linked to a page with terms and conditions
display terms at bottom of order form or page dialogue box–user scrolls through terms before
clicking ‘I agree’
20
Terms and Conditions of use
21
Jurisdiction Issues in relation to Social Media
Some of the challenges: Identifying the location where the alleged offence was
perpetrated (eg. using a computer where offender is located) and the location where the harm resulted (eg. victims or damage to computers)
Deciding which sovereign nation and courts should have jurisdiction over a case
Deciding which law applies to what conduct eg. IP infringement, privacy, defamation, spam, fraud and deception
22
Jurisdiction
jurisdiction is dependent on the sovereignty of a government
concept evolved in relation to geographical boundaries or territories
on premise that each state or country has absolute power to control persons and things located within its boundaries or territories
internet challenges these territorially based principles
law re jurisdiction in cyberspace is unsettled
23
Where is Facebook located?
Operates out of the US
No physical presence in Australia
Difficulties in accessing and discovery of documents as evidence
24
25
Canberra on alert for WikiLeaks
WikiLeaks to release classified diplomatic cables
Leak will include millions of classfied documents
Cables could be about War in Iraq, Guantanamo
Saudi king urged US to attack Iran
WikiLeaks reveals Iraqi torture, deaths
WikiLeaks: China directed Google hacking
The Australian November 26, 2010
26
Sony PlayStation Networkuser data stolen
77 million electronic records compromised from Sony Electronics' PlayStation Network between April 17 and April 19 2011
Breach of accounts with names, addresses, email address, birthdates, usernames, passwords, logins, security questions and other personal data
credit card details encrypted but not personal data
27
Privacy Commissioner Investigation into Sony data breach
On 26 April, Timothy Pilgrim opened an investigation asking what personal information was compromised what security measures was in place at the time of the
incident whether reasonable measures to take to protect its
customers' personal information There are a number of significant reforms to the Privacy Act
currently being considered by the Government. These include increased powers for the Commissioner to impose penalties, such as enforceable undertakings and civil penalties for serious breaches of privacy. Further, the ALRC recommended that consideration should also be given to the introduction of mandatory data breach notification laws.
28
Mandatory data breach notification laws The Privacy Minister, Brendan O'Connor, said he
was ''very concerned'' about the theft of personal information and expressed disappointment that Sony took ''several days'' to inform customers about the breach. This meant a mandatory ''data breach notification'' system now ''appears necessary'', he said.
29
Other Recent Social Media controversies
Collection and use of private data by corporations like Google and Facebook
Increasing public concern about changes to Facebook's privacy settings - for making it difficult for users to put limits on how far the information they upload is shared
Google's collection of wireless connection data it gathered while compiling images for its Street View service
Government plans to monitor web users’ internet communications
Prompted an Australian Senate inquiry into the adequacy of privacy laws
30
Data Collection and Online Privacy
Terms of Reference On the 24 June 2010 the Senate referred the following matter to the
Environment, Communications and the Arts References Committee for inquiry and report :
The adequacy of protections for the privacy of Australians online, with regard to:(a) privacy protections and data collection on social networking sites;(b) data collection activities of private companies;(c) data collection activities of government agencies; and(d) other related issues