Document Scanning - The Legalities

• Legal Admissibility
• Document and Records Retention
• Data Protection
• Freedom of Information

Legal Admissibility

General opinion is that document image processed documents are likely to be admissible in court, with the same weight as of evidence as photocopies and microfilm documents which are considered as secondary evidence. There is a potential reduction in the weight of evidence if the authenticity of the copy is questioned (e.g. if a signature is being disputed).

Within the framework of PD5000 and PD0010- 'Principles of Good Practice for Information Management' - The British Standards Institution has published a Code of Practice (PD0008:1999) concerned with the 'Legal Admissibility and Evidential Weight of Information Stored Electronically'. Compliance with the Code does not guarantee legal admissibility - it defines best practice by which a company may demonstrate at any time, in a manner acceptable to a court of law, that the contents of a specific data file created or existing within a computer system have not changed since the time of storage (i.e. when the file is 'frozen'), and that where a data file contains a digitised image of the physical source document, the image is a true facsimile of that source document. The issue being addressed is essentially one of authentication.

The UK Public Record Office also provides useful guidance on best practice with relation to records management. They place emphasis on records retaining their qualities of Authenticity (as an accurate account of an activity, transaction, or decision), Integrity (an assurance that the data has not been changed subsequently) and Non-repudiation (preventing the originator from disowning the record).

Of growing importance is the application of best practice to the management of email records. Argument could arise over who created the email, whether it was sent by the person who said to have sent it, whether it has been altered, and whether it was received by the person it was sent to. Secure and comprehensive audit trails (maintaining the message and attachment as an integral unit), together with proof of delivery, are therefore very important.

In addition to ensuring that selected technology manages records in a secure and auditable manner, it is also important to make sure that policies and procedures are in place to institute good practice in information management.

Your solicitor should be able to give an opinion on which types of documents are most likely to be disputed in court. There may also be different considerations for civil (on the balance of probabilities) and criminal (beyond reasonable doubt) law.

Document and Records Retention

Records need to be retained not only for the purposes of business use, but also to meet legal and regulatory obligations.

For example, In the UK, The Companies Act 1985 (Section 221) requires companies to keep accounting records sufficient to give a "true and fair view of the state of the company's affairs and to explain its transactions." It also requires adequate precautions be taken against falsification of records and to discover any falsification that occurs. Both the Inland Revenue and HM Customs & Excise provide guidance on record-keeping for income, capital gains, corporation and value added tax. In general, they stress the need for businesses to record all transactions and keep all documents relating to them, such as receipts, invoices and bank statements; there are statutory bookkeeping requirements for businesses to keep financial records, and to keep them for particular lengths of time. Business records for the Inland Revenue tax returns must be kept for at least five years from the latest date for sending a tax return. VAT-registered businesses need to keep business records for HM Customs & Excise for six years. (This information should not be relied upon and Capture All Limited accept no liability for any loss or damage caused, arising directly or indirectly in connection with reliance on the contents of this web site).

A useful list of retention schedules is available via the UK Public Record Office.

Data Protection

Personal information for business use needs to comply with the rules of the Data Protection Act 1998, regardless of the 'system' of document management. Indeed a secure imaging system can help with compliance as for personal and confidential data it reduces the opportunity for theft or accidental loss. It can also facilitate the execution of requests for such data are easily met.

The Act enshrines 8 principles:

1. Personal data shall be processed fairly and lawfully

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Freedom of Information (Scotland) Act

The Freedom Of Information (Scotland) Act came into force on 1st January 2005 and will ensure that any person requesting information from a public body will receive that information, subject to certain exemptions. The Act encourages public authorities to be more open and accountable, and to organise their information in an efficient and accessible way.

For further information relating to this act click on this Link to "Scottish Information Commissioner"