1 / 45

The legal framework for electronic records storage in France

The legal framework for electronic records storage in France. Pierre Saurel – Avocat CABINET ALAIN BENSOUSSAN. Overview. Introduction French Law Concepts Integrity Durability Identity Reliability Authentication Comparison with the Anglo-Saxon approach Medium Durability (“Durabilité”)

nova
Download Presentation

The legal framework for electronic records storage in France

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The legal frameworkfor electronic records storage in France Pierre Saurel – Avocat CABINET ALAIN BENSOUSSAN

  2. Overview Introduction French Law Concepts • Integrity • Durability • Identity • Reliability • Authentication Comparison with the Anglo-Saxon approach Medium Durability (“Durabilité”) Data Access Perenniality (“Pérennité”) • Perenniality of the “digital ecosystem” • Perenniality when upgrading

  3. Introduction

  4. Introduction (1/8) Legacy of records storage regulations in France • Traditions regarding the preservation of records by notaries (since the gallo-roman times) • Mandatory Church records (August 17th, 1539 Order under the King’s Seal, said “Villers-Cotterets”)

  5. Introduction (2/8) Origin of french records storage regulations • Based upon highly persistent storage methods (stone, clay, paper) • Gradual elaboration through successive technological advances

  6. Introduction (3/8) A general framework French law is a general framework for any and all human activities occuring in France. Records storage is no exception to this.

  7. Introduction (4/8) A conflict of rights • Right to erasure of data (“droit à l’oubli”) • Obligation of keeping records

  8. Introduction (5/8) Technological adaptation Due to the heterogeneity and fast evolution of technologies for electronic record storage, French law must take into account and adapt to very different technical solutions.

  9. Introduction (6/8) A conceptual approach - Legal texts define the rules and concepts related to record storage - When necessary, the rules are interpreted by judicial courts on a by-case basis (based on the results of technical investigations)

  10. Introduction (7/8) Main applicable legal references • Civil Code • June 21th, 2004 Act “Loi pour la Confiance dans l’Economie Numérique” • AFNOR Rule Z42-013 • NF Rule 43-400 • NF Rule ISO 15489-1 • EU September 23rd, 2002 directive transposed into French law by the june 7th, 2005 Order • CNIL Opinion on the “three states” (“trois états”)

  11. Introduction (8/8) The future of French electronic records storage law • AFNOR rule Z42-013 is being reappraised by an AFNOR workgroup which endeavours to take into consideration the latest records storage methods • EU directives which have received transposition to French law may yet influence the AFNOR workgroup

  12. French Law Concepts

  13. French Law Concepts (1/10) • Integrity (“Intégrité”) • Durability (“Durabilité”) • Identity (“Identité”) • Reliability (“Fiabilité”) • Authentication (“Authentification”)

  14. French Law Concepts (2/10) Integrity • No legal definition • Referred to in articles 1316-1 sq. of the Civil Code and various tax and commercial rules • The NF rule ISO 15489-1 delineates the concept of “integrity” as a document’s “complete and unaltered state”

  15. French Law Concepts (3/10) Durability • No legal definition • Referred to in article 6, II of the June 21th, 2004 Act “pour la Confiance dans l’Economie Numérique”, L.121-20-11 of the Consumer Code, various EU directives

  16. French Law Concepts (4/10) Durability • The 2002/65/EC directive defines “Durable Medium” as “any instrument which enables the consumer to store information addressed personally to him in a way accessible for future reference for a period of time adequate for the purposes of the information and which allows the unchanged reproduction of the information stored”

  17. French Law Concepts (5/10) Durability • NF rule 43-400 defines a “Durable Medium” as : • Irreversible • Long-lasting • Exploitable • Readable

  18. French Law Concepts (6/10) Identity • No legal definition • Referred to in articles 1316-1, 1316-4, 1369-7, 1369-8 of the Civil Code, and article 6-1 of the march 30th, 2001 Act

  19. French Law Concepts (7/10) Reliability • Referred to in articles 1316-4, 1369-7, 1369-8 of the Civil Code, and article 6 of the march 30th, 2001 Act • The march 30th, 2001 Act defines the concept of “reliability” for digital signatures as the assumption of document integrity and author identity guaranteed by a secure signing system verifiable through the use of a certificate

  20. French Law Concepts (8/10) Reliability • The NF rule ISO 15489-1 defines a “Reliable Record” as a document of which contents can be construed as a complete and true representation of the operations, activities or deeds that it attests to, upon which other operations, activities or ulterior deeds

  21. French Law Concepts (9/10) Reliability • The NF rule ISO 15489-1 defines a “Reliable Record Storage System” as a system for organizing and managing records operating in a continuous, regular and coherent manner

  22. French Law Concepts (10/10) Authentication • No legal definition • Referred to in articles 1316-1 and 1316-4 of the Civil Code, 56§1 of the Governent Contracts Code, 29 ofthe June 21th, 2004 “LCEN” Act • Defined as a form of identity verification by most authors

  23. Comparison with theAnglo-Saxon approach

  24. Comparison with the Anglo-Saxon approach (1/9) French approach • “Top-Down” Approach • Conceptual approach generally applicable to any and all record storage methods

  25. Comparison with the Anglo-Saxon approach (2/9) Anglo-Saxon approach • “Bottom-Up” Approach • Practical ruleset • Immediately functional

  26. Comparison with the Anglo-Saxon approach (3/9) US example : SEC Rule 17A-4(F) • SEC Rule 17A-4(F) edicts a certain number of obligations for the storage of electronic records • Compliance with SEC Rule 17A-4(F) is assessed according to seven cumulative criteria

  27. Comparison with the Anglo-Saxon approach (4/9) SEC Rule 17A-4(F) Criteria • 17a-4(f)(2)(ii)(A). Preserve the records exclusively in a non-rewritable, non-erasable format • 17a-4(f)(2)(ii)(B). Verify automatically the quality and accuracy of the storage media recording process

  28. Comparison with the Anglo-Saxon approach (5/9) SEC Rule 17A-4(F) Criteria • 17a-4(f)(2)(ii)(C). Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media

  29. Comparison with the Anglo-Saxon approach (6/9) SEC Rule 17A-4(F) Criteria • 17a-4(f)(2)(ii)(D). Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member

  30. Comparison with the Anglo-Saxon approach (7/9) SEC Rule 17A-4(F) Criteria • 17a-4(f)(3)(iii). Store separately from the original, a duplicate copy of the record stored on any medium acceptable under Rule 17a-4 for the time required

  31. Comparison with the Anglo-Saxon approach (8/9) SEC Rule 17A-4(F) Criteria • 17a-4(f)(3)(vi). The member, broker, or dealer must maintain, keep current, and provide promptly upon request by the staffs of the Commission or the self-regulatory organizations of which the member, broker, or broker-dealer is a member all information necessary to access records and indexes stored on the electronic storage media; or place in escrow and keep current a copy of the physical and logical file format of the electronic storage media, the field format of all different information types written on the electronic storage media and the source code, together with the appropriate documentation and information necessary to access records and indexes.

  32. Comparison with the Anglo-Saxon approach (9/9) SEC Rule 17A-4(F) Criteria • 17a-4(f)(3)(vii). For every member, broker, or dealer exclusively using electronic storage media for some or all of its record preservation under this section, at least one third party ("the undersigned"), who has access to and the ability to download information from the member's, broker's, or dealer's electronic storage media to any acceptable medium under this section, shall file with the designated examining authority for the member, broker, or dealer the following undertakings with respect to such records:

  33. Medium Durability (“Durabilité”)

  34. Medium Durability (“Durabilité”) (1/4) Media deteriorate over time Optical disc (CD-ROM, DVD-ROM, BRD-ROM, HD-ROM, etc.) data is not durable over centuries, contrarily to paper-based data WORM is the solution which French AFNOR rule Z42-013 has defined as the only compliant solution for durable medium data storage

  35. Medium Durability (“Durabilité”) (2/4) Therefore, technological solutions need include, according to WORM compliance : • Maintenance in a functional condition of the medium • Duplication of the medium

  36. Medium Durability (“Durabilité”) (3/4) EU September 23rd, 2002 directive, transposed into French law by the june 7th, 2005 Order, indicates though that durable media notably include data disks, CD-ROM, DVD-ROM, and Hard Drives. However, Hard Drives are not WORM media.

  37. Medium Durability (“Durabilité”) (3/4) Therefore, September 20th, 2005 NF rule 43-400 defines Medium Durability as the cumulative qualities of : • Irreversibility (“Irréversibilité”) • Longevity (“Longévité”) • Exploitability (“Exploitabilité”) • Readability (“Lisibilité”)

  38. Medium Durability (“Durabilité”) (4/4) These cumulative criteria define another, larger concept : Data Access Perenniality (“Pérennité”)

  39. Data Access Perenniality (“Pérennité”)

  40. Data Access Perenniality (“Pérennité”) (1/3) Accessing the stored records not only necessitates a storage method respectful of the data itself, but also : Perenniality of the “digital ecosystem” Perenniality when upgrading

  41. Data Access Perenniality (“Pérennité”) (2/3) Perenniality of the “digital ecosystem” • A fully functional environment, which involves maintenance of the operating system, medium, software, data format and documentation • The ability to access the stored data, involving technical ability as well as the relevant legal and technical permissions

  42. Data Access Perenniality (“Pérennité”) (3/3) Perenniality when upgrading • Software, hardware, protocol, medium upgrading must ensure data accessibility • Upgrades must be traced to revert to an earlier state of the storage system, since upgrades themselves are irreversible

  43. Conclusion

  44. Conclusion The French legal framework on electronic records storage is a heterogeneous non-uniform complex system. Technology drives the evolution of concepts regarding the legal framework of electronic records storage. This evolution is beginning to take into account that the records system destined for storage is a “digital ecosystem” becoming independent from its storage medium (autonomous system).

  45. THANK YOU pierre-saurel@alain-bensoussan.com www.alain-bensoussan.eu

More Related