http://www.enhesa.com/en/service/regulatoryregister.aspx
Regulatory Register
Are you in compliance by accident or design?
How do you identify the regulations that apply to your particular activities, across a range of facilities around the world? How do you identify exactly what they require you to do, and how do you know when they change? Are you sure you have identified all of the applicable requirements?
The Compliance Challenge
One of the most common root-causes of non-compliance is a facility being unaware that a particular regulation is applicable to its activities.
ENHESA's Regulatory Register is a tool designed to give any facility or operational unit direct access to the legislation that affects them, as well as an overview of what it is they are required to do to comply with it. It was specifically designed to ensure conformity with the requirements of both ISO 1401 and OHSAS 18001, and can be used as a key component of the ISO 14001 and OHSAS 18001 requirement (§4.3.2) to establish and maintain a procedure to identify and have access to the applicable legal and other requirements that are applicable to the environmental aspects of its activities, products or services. To this end it provides an up-to-date registry of the applicable EHS laws and regulations of the countries and regions in which the company operates.
These days there are more things that need to be done and which need to be verified. An increasing focus on implementation and enforcement means a greater risk of being found to be out of compliance. Coupled with a trend towards greater transparency and accountability, this requires any company that wishes to be taken seriously to devote sufficient attention to EHS awareness and compliance.
The ENHESA Knowledgebase
The EHS Regulatory Register draws on a robust expert system containing the analysis of thousands of regulatory texts and their impact on business. Our wide range of international coverage allows us to maintain our expert system of EHS regulations and requirements for more than 150 countries, many of which we monitor and update on a daily basis. This provides us with an excellent source of information that the Regulatory Register draws from.
Methodology
The ENHESA EHS Regulatory Register allows users to define the scope to include only those regulations which would be applicable to the facility's operations at a given moment in time.
1. Scoping
Initially, the user goes into the dedicated website and selects the country or region of interest and may also select particular issues of interest, such as waste disposal or chemicals management. This allows the scope to be narrowed down sufficiently to generate a relevant list of tailoring questions.
2. Tailoring
The user is then presented with a selection of questions about the facility's operations which are answered using 'yes', 'no' or 'unsure' checkboxes. Where the user is not certain about a given issue, further information is given in the form of pop-up boxes which elaborate on a given point. An example of this would be a question to determine whether the facility handles hazardous waste, further information would be available to clarify what exactly is considered to be hazardous waste or in what quantities the legislation becomes applicable.
3. List of Applicable Regulations
Once these have been answered the user is presented with a list of potentially applicable EHS regulations. In this list a distinction is made between legislation which is definitely applicable, and that which could potentially be applicable, based on the answers to the questions given in the first step. Where a user did not give a definitive 'yes' or 'no' answer, the relevant legislation will appear as potentially applicable. This allows for more clarity and allows the user to further define the applicability at a later stage.
Each law or regulation that appears in the resultant list then links on to details about the main requirements that arise from it and what has to be done to stay in compliance.
4. Applicable Requirements
Perhaps the most important component of the Regulatory Register, this section allows the user to see a summary of the requirements arising from each piece of legislation. For each entry on the list, the user can see the exact citation, a description of the main content and a summary of the main requirements. The main requirements will explain what has to be done to stay in compliance. It will identify what is being regulated, what the key requirements are, and what it applies to.
5. Original Text of the Legislation
Wherever possible, each entry also provides a link to the original text of the legislation, whether this is publicly available online or it is saved separately in the ENHESA database. This gives the user instant access to the legislation.
Professional Support
If you would rather not have to go through the motions of answering scoping questions or accessing a database, ENHESA Consultants can help you. Where requested to do so, ENHESA can pre-tailor a Regulatory Register to a specific client's needs. In this case we work closely with the client to ensure that we know as much about the client's operations, products and activities as possible to be able to accurately identify all of the applicable requirements. One of our Consultants can also come on site to help you set up the Regulatory Register and integrate with your way of doing business. And of course if you have problems determining whether or not a Regulation is applicable to your operation or to know how to ensure ongoing compliance, you can use the Enhesa Helpline to get support.
Complementary Tools
More information
To find out more about the EHS Regulatory Register and how it could be of use to your business, please contact us at enhesa@enhesa.com for more information.
Enhesa Global Regulatory Register Service (Download pdf)
Thursday, October 20, 2011
information governance
http://www.nhsbsa.nhs.uk/Documents/NHSBSACorporatePoliciesandProcedures/Information_Governance_Policy.pdf
searchcom;iance.com
search compiance
http://searchcompliance.techtarget.com/tip/Applying-the-ISO-27005-risk-management-standard
http://searchcompliance.techtarget.com/tip/Applying-the-ISO-27005-risk-management-standard
The Business Standards Encyclopedia
http://www.standards.bz/index.html
The Business Standards Encyclopedia
STANDARDS.BZ
Welcome to The Business Standards Encyclopedia. This is an independent portal intended to document the major busines standards for reference. We will simply outline the contents, and any other relevant information for the potential user. In this context the potential user may be a consultant, an auditor, or anyone within an organization which is using or implementing standards.
It is not an online store. Rather than attempting to emulate the many providers of standards already in situ on the internet, we will direct you to the purchase page(s) of one or more of the major suppliers for each standard.
The Business Standards Encyclopedia
STANDARDS.BZ
Welcome to The Business Standards Encyclopedia. This is an independent portal intended to document the major busines standards for reference. We will simply outline the contents, and any other relevant information for the potential user. In this context the potential user may be a consultant, an auditor, or anyone within an organization which is using or implementing standards.
It is not an online store. Rather than attempting to emulate the many providers of standards already in situ on the internet, we will direct you to the purchase page(s) of one or more of the major suppliers for each standard.
PCI Point-to-Point Encryption
PCI Point-to-Point Encryption: Solution Requirements –
https://www.pcisecuritystandards.org/documents/nb59Y8Qqv/P2PE_Hardware_Solution_%20Requirements_Initial_Release.pdf
Table of Contents
Document Changes ...................................................................................................................................................................................................... i
Preface .......................................................................................................................................................................................................................... 1
Definition of Secure Cryptographic Devices (SCDs) to be used for Point-to-Point Encryption................................................................................... 1
Definition of Account Data ........................................................................................................................................................................................... 2
Introduction: Solution Requirements for Point-to-Point Encryption...................................................................................................................... 3
Purpose of this Document ........................................................................................................................................................................................... 3
P2PE Roles and Responsibilities ................................................................................................................................................................................ 4
Table 1: At-a-Glance – Domains and Requirements for P2PE Validation – Solutions with SCD Encryption/Decryption and Key Management .. 8
Figure 1: At-a-Glance - Steps Required to Create and Validate a P2PE Solution ................................................................................................ 11
Table 2: At a Glance - Requirements and Processes for P2PE Solution Validation ............................................................................................ 12
Figure 2: At a Glance - Illustration of a typical P2PE Implementation and Associated Requirements .................................................................. 14
Domain 1: Encryption Device ................................................................................................................................................................................... 17
P2PE Requirements for Domain 1 ............................................................................................................................................................................ 17
Domain 2: Application Security................................................................................................................................................................................ 23
P2PE Requirements for Domain 2 ............................................................................................................................................................................ 24
Domain 3: Encryption Environment ......................................................................................................................................................................... 29
P2PE Requirements for Domain 3 ............................................................................................................................................................................ 30
Domain 4: Transmissions between Encryption and Decryption Environments ................................................................................................. 38
Domain 5: Decryption Environment ......................................................................................................................................................................... 39
P2PE Requirements for Domain 5 ............................................................................................................................................................................ 40
Domain 6: Cryptographic Key Operations .............................................................................................................................................................. 46
P2PE Requirements for Domain 6 ............................................................................................................................................................................ 48
Cryptographic Key Operations – Annex A: Symmetric Key Distribution using Asymmetric Techniques ....................................................... 67
Requirements for Remote Key Establishment and Distribution – Logical Security................................................................................................... 67
Requirements for Remote Key Establishment and Distribution – Physical Security................................................................................................. 75
Cryptographic Key Operations – Annex B: Key-Injection Facilities..................................................................................................................... 78
Requirements for Key-Injection Facilities .................................................................................................................................................................. 79
Appendix A: PCI DSS Validation for P2PE Merchants ........................................................................................................................................... 81
Appendix B: Glossary................................................................................................................................................................................................ 85
Appendix C: Minimum Key Sizes and Equivalent Key Strengths ........................................................................................................................
https://www.pcisecuritystandards.org/documents/nb59Y8Qqv/P2PE_Hardware_Solution_%20Requirements_Initial_Release.pdf
Table of Contents
Document Changes ...................................................................................................................................................................................................... i
Preface .......................................................................................................................................................................................................................... 1
Definition of Secure Cryptographic Devices (SCDs) to be used for Point-to-Point Encryption................................................................................... 1
Definition of Account Data ........................................................................................................................................................................................... 2
Introduction: Solution Requirements for Point-to-Point Encryption...................................................................................................................... 3
Purpose of this Document ........................................................................................................................................................................................... 3
P2PE Roles and Responsibilities ................................................................................................................................................................................ 4
Table 1: At-a-Glance – Domains and Requirements for P2PE Validation – Solutions with SCD Encryption/Decryption and Key Management .. 8
Figure 1: At-a-Glance - Steps Required to Create and Validate a P2PE Solution ................................................................................................ 11
Table 2: At a Glance - Requirements and Processes for P2PE Solution Validation ............................................................................................ 12
Figure 2: At a Glance - Illustration of a typical P2PE Implementation and Associated Requirements .................................................................. 14
Domain 1: Encryption Device ................................................................................................................................................................................... 17
P2PE Requirements for Domain 1 ............................................................................................................................................................................ 17
Domain 2: Application Security................................................................................................................................................................................ 23
P2PE Requirements for Domain 2 ............................................................................................................................................................................ 24
Domain 3: Encryption Environment ......................................................................................................................................................................... 29
P2PE Requirements for Domain 3 ............................................................................................................................................................................ 30
Domain 4: Transmissions between Encryption and Decryption Environments ................................................................................................. 38
Domain 5: Decryption Environment ......................................................................................................................................................................... 39
P2PE Requirements for Domain 5 ............................................................................................................................................................................ 40
Domain 6: Cryptographic Key Operations .............................................................................................................................................................. 46
P2PE Requirements for Domain 6 ............................................................................................................................................................................ 48
Cryptographic Key Operations – Annex A: Symmetric Key Distribution using Asymmetric Techniques ....................................................... 67
Requirements for Remote Key Establishment and Distribution – Logical Security................................................................................................... 67
Requirements for Remote Key Establishment and Distribution – Physical Security................................................................................................. 75
Cryptographic Key Operations – Annex B: Key-Injection Facilities..................................................................................................................... 78
Requirements for Key-Injection Facilities .................................................................................................................................................................. 79
Appendix A: PCI DSS Validation for P2PE Merchants ........................................................................................................................................... 81
Appendix B: Glossary................................................................................................................................................................................................ 85
Appendix C: Minimum Key Sizes and Equivalent Key Strengths ........................................................................................................................
Welcome to the PCI Security Standards Council
https://www.pcisecuritystandards.org/
ABOUT THE PCI SECURITY STANDARDS COUNCIL
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. Learn More
ABOUT THE PCI SECURITY STANDARDS COUNCIL
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. Learn More
Bill C-6
canada privacy law
http://www.parl.gc.ca/HousePublications/Publication.aspx?Pub=Bill&Doc=C-6&Language=E&Mode=1&Parl=36&Ses=2
Bill C-6
Table of Contents
Summary
BILL C-6
SHORT TITLE
PART 1
PROTECTION OF PERSONAL SECTOR
Interpretation
Purpose
Application
DIVISION 1
PROTECTION OF PERSONAL INFORMATION
DIVISION 2
REMEDIES
DIVISION 3
AUDITS
DIVISION 4
GENERAL
DIVISION 5
TRANSITIONAL PROVISIONS
PART 2
ELECTRONIC DOCUMENTS
Interpretation
Purpose
Electronic Alternatives
Regulations and Orders
PART 3
AMENDMENTS TO THE CANADA EVIDENCE ACT
PART 4
AMENDMENTS TO THE STATUTORY INSTRUMENTS ACT
PART 5
AMENDMENTS TO THE STATUTE REVISION ACT
Revision
PART III
CONSOLIDATED STATUTES AND REGULATIONS OF CANADA
Interpretation
Consolidation of the Statutes and Regulations
Publication and Distribution
Effect of Consolidation
Co-publishing Agreements
PART 6
COMING INTO FORCE
SCHEDULE 1
SCHEDULE 2
SCHEDULE 3
TABLE OF PROVISIONS
http://www.parl.gc.ca/HousePublications/Publication.aspx?Pub=Bill&Doc=C-6&Language=E&Mode=1&Parl=36&Ses=2
Bill C-6
Table of Contents
Summary
BILL C-6
SHORT TITLE
PART 1
PROTECTION OF PERSONAL SECTOR
Interpretation
Purpose
Application
DIVISION 1
PROTECTION OF PERSONAL INFORMATION
DIVISION 2
REMEDIES
DIVISION 3
AUDITS
DIVISION 4
GENERAL
DIVISION 5
TRANSITIONAL PROVISIONS
PART 2
ELECTRONIC DOCUMENTS
Interpretation
Purpose
Electronic Alternatives
Regulations and Orders
PART 3
AMENDMENTS TO THE CANADA EVIDENCE ACT
PART 4
AMENDMENTS TO THE STATUTORY INSTRUMENTS ACT
PART 5
AMENDMENTS TO THE STATUTE REVISION ACT
Revision
PART III
CONSOLIDATED STATUTES AND REGULATIONS OF CANADA
Interpretation
Consolidation of the Statutes and Regulations
Publication and Distribution
Effect of Consolidation
Co-publishing Agreements
PART 6
COMING INTO FORCE
SCHEDULE 1
SCHEDULE 2
SCHEDULE 3
TABLE OF PROVISIONS
International Privacy Laws
http://www.informationshield.com/intprivacylaws.html
International Privacy Laws
The following list contains a number of international privacy related laws by country and region. Wherever possible, these hyperlinks reference an English translation of the law. See also our list of U.S. Privacy Laws and other information security policy resources.
Argentina: Personal Data Protection Act of 2000 (aka Habeas Data)
Austria: Data Protection Act 2000, Austrian Federal Law Gazette part I No. 165/1999
(Datenschutzgesetz 2000 or DSG 2000).
Australia: Privacy Act of 1988
Belgium: Belgium Data Protection Law and Belgian Data Privacy Commission Privacy Blog
Brazil: Privacy currently governed by Article 5 of the 1988 Constitution.
Bulgaria: The Bulgarian Personal Data Protection Act, was adopted on December 21, 2001 and entered into force on January 1, 2002. More information at the Bugarian Data Protection Authority
Canada: The Privacy Act - July 1983
Personal Information Protection and Electronic Data Act (PIPEDA) of 2000 (Bill C-6)
Chile: Act on the Protection of Personal Data, August 1998
Colombia: Two laws affecting data privacy - Law 1266 of 2008: (in Spanish) and Law 1273 of 2009 (in Spanish) Also, the constitution provides any person the right to update their personal information
Czech Republic: Act on Protection of Personal Data (April 2000) No. 101
Denmark: Act on Processing of Personal Data, Act No. 429, May 2000.
Estonia: Personal Data Protection Act of 2003. June 1996, Consolidated July 2002.
European Union: European Union Data Protection Directive of 1998
EU Internet Privacy Law of 2002 (DIRECTIVE 2002/58/EC) With a discussion here.
Finland: Act on the Amendment of the Personal Data Act (986) 2000.
France: Data Protection Act of 1978 (revised in 2004)
Germany: Federal Data Protection Act of 2001
Greece: Law No.2472 on the Protection of Individuals with Regard to the Processing of Personal Data, April 1997.
Guernsey: Data Protection (Bailiwick of Guernsey) Law of 2001
Hong Kong: Personal Data Ordinance (The "Ordinance")
Hungary: Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interests (excerpts in English).
Iceland: Act of Protection of Individual; Processing Personal Data (Jan 2000)
Ireland: Data Protection (Amendment) Act, Number 6 of 2003
India: Information Technology Act of 2000
Italy: Data Protection Code of 2003
Italy: Processing of Personal Data Act, January 1997
Japan: Personal Information Protection Law (Act) (Official English Translation)
Law Summary from Jonesday Publishing
Japan: Law for the Protection of Computer Processed Data Held by Administrative Organs, December 1988.
Korea - Act on Personal Information Protection of Public Agencies Act on Information and Communication Network Usage
Latvia: Personal Data Protection Law, March 23, 2000.
Lithuania: Law on Legal Protection of Personal Data (June 1996)
Luxembourg: Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data.
Malaysia - Common Law principle of confidentiality Personal data Protection Bill (Not finalized) Banking and Financial Institutions Act of 1989 privacy provisions.
Malta: Data Protection Act (Act XXVI of 2001), Amended March 22, 2002, November 15, 2002 and July 15, 2003
Morocco: Data Protection Act
Netherlands: Dutch Personal Data Protection Act 2000 as amended by Acts dated 5 April 2001, Bulletin of Acts, Orders and Decrees 180, 6 December 2001
New Zealand: Privacy Act, May 1993; Privacy Amendment Act, 1993; Privacy Amendment Act, 1994
Norway: Personal Data Act (April 2000) - Act of 14 April 2000 No. 31 Relating to the Processing of Personal Data (Personal Data Act)
Philippines: No general data protection law, but there is a recognized right of privacy in civil law and a model data protection code.
Romania: Law No. 677/2001 for the Protection of Persons concerning the Processing of Personal Data and the Free Circulation of Such Data
Poland: Act of the Protection of Personal Data (August 1997)
Portugal: Act on the Protection of Personal Data (Law 67/98 of 26 October)
Singapore - The E-commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce. Other related Singapore Laws and E-commerce Laws .
Slovak Republic: Act No. 428 of 3 July 2002 on Personal Data Protection.
Slovenia: Personal Data Protection Act , RS No. 55/99.
South Africa: Electronic Communications and Transactions Act, 2002
South Korea: The Act on Promotion of Information and Communications Network Utilization and Data Protection of 2000
http://www.internet.org.za/ect_act.html
Spain: ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data
Switzerland: The Federal Law on Data Protection of 1992
Sweden: Personal Data Protection Act (1998:204), October 24, 1998
Taiwan: Computer Processed Personal data Protection Law - applies only to public institutions. (English Translation)
Thailand: Official Information Act, B.E. 2540 (1997) for state agencies. ( Personal data Protection bill under consideration.)
United Kingdom: UK Data Protection Act 1998
Privacy and Electronic Communications (EC Directive) Regulations 2003 official text, and a consumer oriented site at the Information Commissioner's Office.
Vietnam: The Law on Electronic Transactions 2008
Regulatory Compliance » United States Data Privacy Laws
International Privacy Laws
The following list contains a number of international privacy related laws by country and region. Wherever possible, these hyperlinks reference an English translation of the law. See also our list of U.S. Privacy Laws and other information security policy resources.
Argentina: Personal Data Protection Act of 2000 (aka Habeas Data)
Austria: Data Protection Act 2000, Austrian Federal Law Gazette part I No. 165/1999
(Datenschutzgesetz 2000 or DSG 2000).
Australia: Privacy Act of 1988
Belgium: Belgium Data Protection Law and Belgian Data Privacy Commission Privacy Blog
Brazil: Privacy currently governed by Article 5 of the 1988 Constitution.
Bulgaria: The Bulgarian Personal Data Protection Act, was adopted on December 21, 2001 and entered into force on January 1, 2002. More information at the Bugarian Data Protection Authority
Canada: The Privacy Act - July 1983
Personal Information Protection and Electronic Data Act (PIPEDA) of 2000 (Bill C-6)
Chile: Act on the Protection of Personal Data, August 1998
Colombia: Two laws affecting data privacy - Law 1266 of 2008: (in Spanish) and Law 1273 of 2009 (in Spanish) Also, the constitution provides any person the right to update their personal information
Czech Republic: Act on Protection of Personal Data (April 2000) No. 101
Denmark: Act on Processing of Personal Data, Act No. 429, May 2000.
Estonia: Personal Data Protection Act of 2003. June 1996, Consolidated July 2002.
European Union: European Union Data Protection Directive of 1998
EU Internet Privacy Law of 2002 (DIRECTIVE 2002/58/EC) With a discussion here.
Finland: Act on the Amendment of the Personal Data Act (986) 2000.
France: Data Protection Act of 1978 (revised in 2004)
Germany: Federal Data Protection Act of 2001
Greece: Law No.2472 on the Protection of Individuals with Regard to the Processing of Personal Data, April 1997.
Guernsey: Data Protection (Bailiwick of Guernsey) Law of 2001
Hong Kong: Personal Data Ordinance (The "Ordinance")
Hungary: Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interests (excerpts in English).
Iceland: Act of Protection of Individual; Processing Personal Data (Jan 2000)
Ireland: Data Protection (Amendment) Act, Number 6 of 2003
India: Information Technology Act of 2000
Italy: Data Protection Code of 2003
Italy: Processing of Personal Data Act, January 1997
Japan: Personal Information Protection Law (Act) (Official English Translation)
Law Summary from Jonesday Publishing
Japan: Law for the Protection of Computer Processed Data Held by Administrative Organs, December 1988.
Korea - Act on Personal Information Protection of Public Agencies Act on Information and Communication Network Usage
Latvia: Personal Data Protection Law, March 23, 2000.
Lithuania: Law on Legal Protection of Personal Data (June 1996)
Luxembourg: Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data.
Malaysia - Common Law principle of confidentiality Personal data Protection Bill (Not finalized) Banking and Financial Institutions Act of 1989 privacy provisions.
Malta: Data Protection Act (Act XXVI of 2001), Amended March 22, 2002, November 15, 2002 and July 15, 2003
Morocco: Data Protection Act
Netherlands: Dutch Personal Data Protection Act 2000 as amended by Acts dated 5 April 2001, Bulletin of Acts, Orders and Decrees 180, 6 December 2001
New Zealand: Privacy Act, May 1993; Privacy Amendment Act, 1993; Privacy Amendment Act, 1994
Norway: Personal Data Act (April 2000) - Act of 14 April 2000 No. 31 Relating to the Processing of Personal Data (Personal Data Act)
Philippines: No general data protection law, but there is a recognized right of privacy in civil law and a model data protection code.
Romania: Law No. 677/2001 for the Protection of Persons concerning the Processing of Personal Data and the Free Circulation of Such Data
Poland: Act of the Protection of Personal Data (August 1997)
Portugal: Act on the Protection of Personal Data (Law 67/98 of 26 October)
Singapore - The E-commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce. Other related Singapore Laws and E-commerce Laws .
Slovak Republic: Act No. 428 of 3 July 2002 on Personal Data Protection.
Slovenia: Personal Data Protection Act , RS No. 55/99.
South Africa: Electronic Communications and Transactions Act, 2002
South Korea: The Act on Promotion of Information and Communications Network Utilization and Data Protection of 2000
http://www.internet.org.za/ect_act.html
Spain: ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data
Switzerland: The Federal Law on Data Protection of 1992
Sweden: Personal Data Protection Act (1998:204), October 24, 1998
Taiwan: Computer Processed Personal data Protection Law - applies only to public institutions. (English Translation)
Thailand: Official Information Act, B.E. 2540 (1997) for state agencies. ( Personal data Protection bill under consideration.)
United Kingdom: UK Data Protection Act 1998
Privacy and Electronic Communications (EC Directive) Regulations 2003 official text, and a consumer oriented site at the Information Commissioner's Office.
Vietnam: The Law on Electronic Transactions 2008
Regulatory Compliance » United States Data Privacy Laws
Regulatory Compliance Solutions
http://www.informationshield.com/compliance.html
Regulatory Compliance Solutions
Information security and data privacy regulations start with two common threads. First, you must adopt a set of information security and privacy policies that reduce organizational risk and protect information assets. Second, you must define and document proper roles and responsibilities to insure that critical security and privacy functions are adopted and managed.
By focusing on international standards for information security and privacy, Information Shield security and privacy products are designed to help organizations achieve a risk-based approach to corporate governance, regardless of industry or geography.
Standards-Based Approach to Regulatory Compliance
Information Shield publications enable compliance with any information security or privacy regulation, by enabling a best-practices approach to managing information that is based on international standards. Our security policy library is based on ISO 17799 (ISO 27002), the international standard for information security management, and our privacy management toolkit is based on the O.E.C.D. Privacy Principles, the international standard for privacy management. Our publications fit squarely in the model of a "unified" approach to compliance.
Specific Regulations Addressed by Information Shield
While our publications help with any compliance program, we also provide specific information to help enable compliance with a number of security and privacy regulations.
Financial Services - Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SARBOX), USA PATRIOT ACT, PCI Data Security Standard, and the Basel II Accord (EU).
Healthcare and Pharmaceuticals - HIPAA (Health Insurance Portability and Accountability Act of 1996) and FDA 21 CFR Part 11.
Infrastructure and Energy - Guidelines for FERC and NERC Cybersecurity Standards, the Chemical Sector Cyber Security Program and Customs-Trade Partnership Against Terrorism (C-TPAT).
Federal Government - Compliance with FISMA and related NSA Guidelines and NIST Standards.
Security Methodologies - Information Shield enables adoption of security and control frameworks such as ISO 1-7799, COSO and COBIT.
Consumer Protection and Data Privacy - Our publications help compliance with:
a. Children's Online Privacy Protection Act (COPPA)
b. Children's Internet Protection Act (CIPA)
c. CAN-SPAM - Federal law regarding unsolicited electronic mail.
d. BILL C-6: PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (Canada)
e. California Individual Privacy Senate Bill - SB1386
Data Privacy Laws
See our list of US Privacy Laws and International Privacy Laws.
Regulatory Compliance Solutions
Information security and data privacy regulations start with two common threads. First, you must adopt a set of information security and privacy policies that reduce organizational risk and protect information assets. Second, you must define and document proper roles and responsibilities to insure that critical security and privacy functions are adopted and managed.
By focusing on international standards for information security and privacy, Information Shield security and privacy products are designed to help organizations achieve a risk-based approach to corporate governance, regardless of industry or geography.
Standards-Based Approach to Regulatory Compliance
Information Shield publications enable compliance with any information security or privacy regulation, by enabling a best-practices approach to managing information that is based on international standards. Our security policy library is based on ISO 17799 (ISO 27002), the international standard for information security management, and our privacy management toolkit is based on the O.E.C.D. Privacy Principles, the international standard for privacy management. Our publications fit squarely in the model of a "unified" approach to compliance.
Specific Regulations Addressed by Information Shield
While our publications help with any compliance program, we also provide specific information to help enable compliance with a number of security and privacy regulations.
Financial Services - Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SARBOX), USA PATRIOT ACT, PCI Data Security Standard, and the Basel II Accord (EU).
Healthcare and Pharmaceuticals - HIPAA (Health Insurance Portability and Accountability Act of 1996) and FDA 21 CFR Part 11.
Infrastructure and Energy - Guidelines for FERC and NERC Cybersecurity Standards, the Chemical Sector Cyber Security Program and Customs-Trade Partnership Against Terrorism (C-TPAT).
Federal Government - Compliance with FISMA and related NSA Guidelines and NIST Standards.
Security Methodologies - Information Shield enables adoption of security and control frameworks such as ISO 1-7799, COSO and COBIT.
Consumer Protection and Data Privacy - Our publications help compliance with:
a. Children's Online Privacy Protection Act (COPPA)
b. Children's Internet Protection Act (CIPA)
c. CAN-SPAM - Federal law regarding unsolicited electronic mail.
d. BILL C-6: PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (Canada)
e. California Individual Privacy Senate Bill - SB1386
Data Privacy Laws
See our list of US Privacy Laws and International Privacy Laws.
us privacy law
http://www.informationshield.com/usprivacylaws.html
us privacy law
United States Privacy Laws
The following list contains a number of United States federal and state laws that have provisions for data privacy. Also see our list of International Privacy Laws and other information security policy resources.
Americans with Disabilities Act (ADA) - Primer for business.
Cable Communications Policy Act of 1984 (Cable Act)
California Senate Bill 1386 (SB 1386) - Chaptered version.
Children's Internet Protection Act of 2001 (CIPA)
Children's Online Privacy Protection Act of 1998 (COPPA)
Communications Assistance for Law Enforcement Act of 1994 (CALEA) - Official CALEA website.
Computer Fraud and Abuse Act of 1986 (CFAA) law summary. Full text at Cornell
Computer Security Act of 1987 - (Superseded by the Federal Information Security Management Act (FISMA)
Consumer Credit Reporting Reform Act of 1996 (CCRRA) - Modifies the Fair Credit Reporting Act (FCRA).
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 law overview. Text of law at Cornell library
Electronic Funds Transfer Act (EFTA) Summary
Fair and Accurate Credit Transactions Act (FACTA) of 2003
Fair Credit Reporting Act (Full Text).
Federal Information Security Management Act (FISMA)
Federal Trade Commission Act (FTCA)
Driver's Privacy Protection Act of 1994 . Text of law at Cornell
Electronic Communications Privacy Act of 1986 (ECPA)
Electronic Freedom of Information Act of 1996 (E-FOIA) Discussion as it related to the Freedom of Information Act.
Fair Credit Reporting Act of 1999 (FCRA)
Family Education Rights and Privacy Act of 1974 (FERPA; also know as the Buckley Amendment)
Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA)
Privacy Act of 1974 - including U.S. Department of Justice Overview
Privacy Protection Act of 1980 (PPA) - Additional discussion at http://www.epic.org/privacy/ppa/.
Right to Financial Privacy Act of 1978 (RFPA)
Telecommunications Act of 1996
Telephone Consumer Protection Act of 1991 (TCPA) - Text of law at http://www.law.cornell.edu/uscode/47/227.html
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
Video Privacy Protection Act of 1988 discussion and overview. Text of law at: Cornell Law Library.
To suggest additions to this list, please contact us.
us privacy law
United States Privacy Laws
The following list contains a number of United States federal and state laws that have provisions for data privacy. Also see our list of International Privacy Laws and other information security policy resources.
Americans with Disabilities Act (ADA) - Primer for business.
Cable Communications Policy Act of 1984 (Cable Act)
California Senate Bill 1386 (SB 1386) - Chaptered version.
Children's Internet Protection Act of 2001 (CIPA)
Children's Online Privacy Protection Act of 1998 (COPPA)
Communications Assistance for Law Enforcement Act of 1994 (CALEA) - Official CALEA website.
Computer Fraud and Abuse Act of 1986 (CFAA) law summary. Full text at Cornell
Computer Security Act of 1987 - (Superseded by the Federal Information Security Management Act (FISMA)
Consumer Credit Reporting Reform Act of 1996 (CCRRA) - Modifies the Fair Credit Reporting Act (FCRA).
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 law overview. Text of law at Cornell library
Electronic Funds Transfer Act (EFTA) Summary
Fair and Accurate Credit Transactions Act (FACTA) of 2003
Fair Credit Reporting Act (Full Text).
Federal Information Security Management Act (FISMA)
Federal Trade Commission Act (FTCA)
Driver's Privacy Protection Act of 1994 . Text of law at Cornell
Electronic Communications Privacy Act of 1986 (ECPA)
Electronic Freedom of Information Act of 1996 (E-FOIA) Discussion as it related to the Freedom of Information Act.
Fair Credit Reporting Act of 1999 (FCRA)
Family Education Rights and Privacy Act of 1974 (FERPA; also know as the Buckley Amendment)
Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA)
Privacy Act of 1974 - including U.S. Department of Justice Overview
Privacy Protection Act of 1980 (PPA) - Additional discussion at http://www.epic.org/privacy/ppa/.
Right to Financial Privacy Act of 1978 (RFPA)
Telecommunications Act of 1996
Telephone Consumer Protection Act of 1991 (TCPA) - Text of law at http://www.law.cornell.edu/uscode/47/227.html
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
Video Privacy Protection Act of 1988 discussion and overview. Text of law at: Cornell Law Library.
To suggest additions to this list, please contact us.
Children's Online Privacy Protection Act (COPPA)
http://www.informationshield.com/coppaoverview.htm
COPPA and the FTC's rule require those institutions to:
Provide parents notice of their information practices;
Obtain prior verifiable parental consent for the collection, use, and/or disclosure of personal information from children (with certain limited exceptions for the collection of "online contact information," e.g., an e-mail address);
Provide a parent, upon request, with the means to review the personal information collected from his/her child;
Provide a parent with the opportunity to prevent the further use of personal information that has already been collected, or the future collection of personal information from that child;
Limit collection of personal information for a child's online participation in a game, prize offer, or other activity to information that is reasonably necessary for the activity; and
Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected.
COPPA and the FTC's rule require those institutions to:
Provide parents notice of their information practices;
Obtain prior verifiable parental consent for the collection, use, and/or disclosure of personal information from children (with certain limited exceptions for the collection of "online contact information," e.g., an e-mail address);
Provide a parent, upon request, with the means to review the personal information collected from his/her child;
Provide a parent with the opportunity to prevent the further use of personal information that has already been collected, or the future collection of personal information from that child;
Limit collection of personal information for a child's online participation in a game, prize offer, or other activity to information that is reasonably necessary for the activity; and
Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected.
Information Technology Security Awareness and Training Program
Building an Information
Technology Security Awareness
and Training Program
Mark Wilson and Joan Hash
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
Building an Information
Technology Security Awareness
and Training Program
Mark Wilson and Joan Hash
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
National Institute of standards and technology
Technology Security Awareness
and Training Program
Mark Wilson and Joan Hash
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
Building an Information
Technology Security Awareness
and Training Program
Mark Wilson and Joan Hash
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
National Institute of standards and technology
Records Management as Stand-Up Comedy
http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202519101267&slreturn=1#
Records Management as Stand-Up Comedy
Evan Koblentz ContactAll Articles
Law Technology NewsOctober 18, 2011
Records management in the legal field isn't the most glamorous career choice. So it was a surprise to hear some very creative comments Sunday at the Legal Information Technology Conference, part of the wider ARMA conference in Washington, D.C. -- comments that kept this relatively dry subject pleasantly entertaining. A sampling of comments that kept legal records managers laughing follows.
Angela Akpapunam, director of document lifecycle services at WilmerHale, noted that some senior lawyers in her firm still refer to records management as "central files" and that one person misunderstood the term "document lifecycle" to be "document lifestyle."
Bryn Bowen, director of records information management at Greenberg Traurig, on establishing information governance in large firms: "We are sort of changing the tires while moving the truck."
Stacie Capshaw, associate director of records management at Kirkland & Ellis, said she was able to accomplish records management because her firm is "a loose federation of entrepreneurs."
Terrence Coan, senior director at Hildebrandt Baker Robbins, said information governance can range from "pretty crappy to really awesome."
Rudy Moliere, director of information governance and records management at White & Case, observed that records management is "not at all like herding cats -- you can see cats."
Moliere again, asked by an audience member to explain how predictive email filtering works: "Elves."
Sarah Stephens, chief knowledge officer at Sutherland, Asbill & Brennan, on software vendors Recommind and Autonomy: "We had Recommind come in the morning and Automony in the afternoon. We said we wanted to do A, B, and C, and frankly Recommind said, "Oh yeah, we can do that." Autonomy said, "Gosh, nobody's ever asked us that before, but I suppose we could figure it out."
But it was Richard Kotwa, director of client information and records compliance, also of Sutherland, who had line and after line to keep his audience smiling:
On hosted enterprise content management: "The cloud is scary. It's more likely to rain than anything else."
On microfiche: "I'm sure one day you'll be able to sell that stuff for a ton of money on eBay."
On document management systems: "Why is the DMS not popular? I think it's the structure. Attorneys are like cats. I'm an attorney so I can say that. You try to do something new and they run the other direction."
Still on document management systems: "It's a needle in a haystack. Content management allows you to at least pick the quadrant of the haystack to look in."
On knowledge management: "Knowledge management is like content management on steroids. But they aren't very good steroids."
On the IT staff: "You know how technical people are. They hide in the basement and nobody wants to go down there because it's a scary place."
On disaster recovery related to a snowstorm effecting his Atlanta office: "We shut down the town for a week and our disaster recovery plan was 'wait for sunshine'."
On his past life sorting document boxes: "I knew what was in 65 percent of them. The others were Christmas presents."
Evan Koblentz is a reporter for Law Technology News. Send e-mail.
Records Management as Stand-Up Comedy
Evan Koblentz ContactAll Articles
Law Technology NewsOctober 18, 2011
Records management in the legal field isn't the most glamorous career choice. So it was a surprise to hear some very creative comments Sunday at the Legal Information Technology Conference, part of the wider ARMA conference in Washington, D.C. -- comments that kept this relatively dry subject pleasantly entertaining. A sampling of comments that kept legal records managers laughing follows.
Angela Akpapunam, director of document lifecycle services at WilmerHale, noted that some senior lawyers in her firm still refer to records management as "central files" and that one person misunderstood the term "document lifecycle" to be "document lifestyle."
Bryn Bowen, director of records information management at Greenberg Traurig, on establishing information governance in large firms: "We are sort of changing the tires while moving the truck."
Stacie Capshaw, associate director of records management at Kirkland & Ellis, said she was able to accomplish records management because her firm is "a loose federation of entrepreneurs."
Terrence Coan, senior director at Hildebrandt Baker Robbins, said information governance can range from "pretty crappy to really awesome."
Rudy Moliere, director of information governance and records management at White & Case, observed that records management is "not at all like herding cats -- you can see cats."
Moliere again, asked by an audience member to explain how predictive email filtering works: "Elves."
Sarah Stephens, chief knowledge officer at Sutherland, Asbill & Brennan, on software vendors Recommind and Autonomy: "We had Recommind come in the morning and Automony in the afternoon. We said we wanted to do A, B, and C, and frankly Recommind said, "Oh yeah, we can do that." Autonomy said, "Gosh, nobody's ever asked us that before, but I suppose we could figure it out."
But it was Richard Kotwa, director of client information and records compliance, also of Sutherland, who had line and after line to keep his audience smiling:
On hosted enterprise content management: "The cloud is scary. It's more likely to rain than anything else."
On microfiche: "I'm sure one day you'll be able to sell that stuff for a ton of money on eBay."
On document management systems: "Why is the DMS not popular? I think it's the structure. Attorneys are like cats. I'm an attorney so I can say that. You try to do something new and they run the other direction."
Still on document management systems: "It's a needle in a haystack. Content management allows you to at least pick the quadrant of the haystack to look in."
On knowledge management: "Knowledge management is like content management on steroids. But they aren't very good steroids."
On the IT staff: "You know how technical people are. They hide in the basement and nobody wants to go down there because it's a scary place."
On disaster recovery related to a snowstorm effecting his Atlanta office: "We shut down the town for a week and our disaster recovery plan was 'wait for sunshine'."
On his past life sorting document boxes: "I knew what was in 65 percent of them. The others were Christmas presents."
Evan Koblentz is a reporter for Law Technology News. Send e-mail.
ISO 27001
An Introduction To ISO 27001 (ISO27001)
ISO 27001
This is the specification for an information security management system (an ISMS) which replaced the old BS7799-2 standard
The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System.
http://www.27000.org/iso-27001.htm
The objective of the standard itself is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System". Regarding its adoption, this should be a strategic decision. Further, "The design and implementation of an organization's ISMS is influenced by their needs and objectives, security requirements, the process employed and the size and structure of the organization".
The standard defines its 'process approach' as "The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management". It employs the PDCA, Plan-Do-Check-Act model to structure the processes, and reflects the principles set out in the OECG guidelines (see oecd.org).
In a nutshell, the following diagram explains the logical flow of the process itself:
The process starts when the organization makes the decision to embark upon the exercise. Clearly, at this point, it is also important to ensure management commitment and then assign responsibilities for the project itself.
An organizational top level policy can then be developed and published. This can, and will normally, be supported by subordinate policies. The next stage is particularly critical: scoping. This will define which part(s) of the organization will be covered by the ISMS. Typically, it will define the location, assets and technology to be included.
At this stage a risk assessment will be undertaken, to determine the organization's risk exposure/profile, and identify the best route to address this. The document produced will be the basis for the next stage, which will be the management of those risks. A part of this process will be selection of appropriate controls with respect to those outlined in the standard (and ISO27002), with the justification for each decision recorded in a Statement of Applicability (SOA). The controls themselves should then be implemented as appropriate.
The certification process itself can then be embarked upon via a suitable accredited third party.
ISO 27001
This is the specification for an information security management system (an ISMS) which replaced the old BS7799-2 standard
The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System.
http://www.27000.org/iso-27001.htm
The objective of the standard itself is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System". Regarding its adoption, this should be a strategic decision. Further, "The design and implementation of an organization's ISMS is influenced by their needs and objectives, security requirements, the process employed and the size and structure of the organization".
The standard defines its 'process approach' as "The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management". It employs the PDCA, Plan-Do-Check-Act model to structure the processes, and reflects the principles set out in the OECG guidelines (see oecd.org).
In a nutshell, the following diagram explains the logical flow of the process itself:
The process starts when the organization makes the decision to embark upon the exercise. Clearly, at this point, it is also important to ensure management commitment and then assign responsibilities for the project itself.
An organizational top level policy can then be developed and published. This can, and will normally, be supported by subordinate policies. The next stage is particularly critical: scoping. This will define which part(s) of the organization will be covered by the ISMS. Typically, it will define the location, assets and technology to be included.
At this stage a risk assessment will be undertaken, to determine the organization's risk exposure/profile, and identify the best route to address this. The document produced will be the basis for the next stage, which will be the management of those risks. A part of this process will be selection of appropriate controls with respect to those outlined in the standard (and ISO27002), with the justification for each decision recorded in a Statement of Applicability (SOA). The controls themselves should then be implemented as appropriate.
The certification process itself can then be embarked upon via a suitable accredited third party.
Next Page - INFORMATION GOVERNANCE
INFORMATION GOVERNANCE
http://www.nextpage.com/our-solution
Ready to bring some much-needed structure to your organization’s unstructured information?
http://www.nextpage.com/our-solution
Ready to bring some much-needed structure to your organization’s unstructured information?
Wednesday, October 5, 2011
India's Low-cost Tablet Is Made by Canada's DataWind By John Ribeiro, IDG News
India's Low-cost Tablet Is Made by Canada's DataWind
By John Ribeiro, IDG News
http://www.pcworld.com/businesscenter/article/241156/indias_lowcost_tablet_is_made_by_canadas_datawind.html
By John Ribeiro, IDG News
http://www.pcworld.com/businesscenter/article/241156/indias_lowcost_tablet_is_made_by_canadas_datawind.html
Facebook’s photo-tagging tweaks rig the game against privacy
Facebook’s photo-tagging tweaks rig the game against privacy
IVOR TOSSELL
Globe and Mail Update
Published Wednesday, Oct. 05, 2011 10:11AM EDT
Last updated Wednesday, Oct. 05, 2011 10:15AM EDT
20 comments
Email
Tweet PrintDecrease text sizeIncrease text size
Big changes to Facebook make big headlines. But it’s the small changes we really need to worry about.
For instance, Facebook is currently rolling out an attention-getting new look for user profiles. But over the past few months, the company has also unrolled a tiny change, so small as to seem completely unworthy of note.
MORE RELATED TO THIS STORY
Facebook topples the privacy façade
Facebook co-founder wants some privacy from social media
What Facebook users 'dislike' about the new makeover
With a small interface tweak, Facebook has made it harder to untag yourself from a photo. Not impossible – just harder. It’s gone from a split-second one-click process to a three-dialogue box option-hunting hassle. It sounds innocuous enough, but “harder” is all it takes to sway the behaviour of millions in favour of Facebook’s interests – at the expense of their own.
Facebook users are familiar with the drill: When users upload photos to the site, they’re encouraged to identify the people in each picture, tagging each one. Facebook users can wake up the morning after a party to discover that their friends have uploaded and tagged dozens of photos of them. These photos automatically appear on their Facebook pages, without prior consent. This system has existed for years.
This is why many, if not most, Facebook users have become masters of untagging themselves, scrubbing their names from unflattering photos they didn’t want to be associated with. This was fine, because Facebook made it easy.
Here’s the rub: That system is no longer. After a small interface switchup, Facebook now only offers users a one-click way to hide the photo on their profile – but not to get rid of the tag itself. The photo will still be identified in the album of the person who posted it, should anyone see it there. The link will still go to your page. And most importantly, Facebook itself will still know that it’s you in that picture.
It’s still possible to fully untag yourself. But the process has been made artificially burdensome. You have to hunt down the page to find an option for reporting or untagging images. Clicking brings up a dialogue box with several options to review. Choosing the “untag” option brings up a second dialogue box. Choosing “untag” in that dialogue box brings up a third dialogue box that confirms the untagging. Instead of one click, that’s four clicks, three boxes and two sets of option selections. Now, imagine repeating that across dozens of photos that might get posted after a night out. The process quickly becomes onerous.
Facebook likes it when people tag photos. It’s good for business. The more internal links the site contains, the more people click, the more time people spend on the site, the more information is gathered about users, and the better advertising can be targeted, seen and sold. And let’s be honest, to the viewer, it’s useful when photos are tagged. It’s engaging to put names to those unknown characters who lurk in the background, and to explore their profiles in turn. Tagging is good for everyone, except perhaps the people in those photos.
By implementing a change so administrative it seems too arcane to dwell on, Facebook is pressing its 800 million-odd users, uploading about 250 million photos a day, to leave untold numbers of tags in the system that they might sooner have deleted, were it not such a hassle. The tiniest details of design have a huge effect on the way people use technology. Users follow the path of least resistance.
In fact, Facebook is so eager for more tags that in other countries it has implemented a facial-recognition system that recognizes your friends’ faces and does the work for you. Facebook says it’s not planning to implement the system in Canada; the Privacy Commissioner of Ontario is among those who have expressed grave concerns about its privacy implications.
By making tagging easier than ever while simultaneously making untagging a pain, Facebook has again tilted the playing field in its own corporate interest.
The disinterested might ask: If you can still hide unseemly photos on your profile, do the persistent tags really matter? Yes. For one thing, they can be used as a back door into your account. A colleague recently found strangers leaving comments on photos she was sure she’d made fully private, only to find, buried deep in an options box, a light grey disclaimer reading, “Anyone tagged and their friends can also see this post.” This was not an option that can be changed.
It should also be a concern that, from all the photos, events, tags, and comments, Facebook can piece together a remarkable picture of what you’ve done where, when and with whom. Don’t think that law enforcement isn’t profoundly interested in this stuff. If Facebook isn’t sharing this information with police today, it might tomorrow: Laws change, and governments these days aren’t much more interested in the idea of privacy than Facebook itself is. Among the new photo-reporting options, Facebook now allows you to flag photos containing “Illegal drug use.” How handy for everyone.
Facebook continually wagers – and so far correctly – that users will let it massage their expectations of privacy downwards, and accept the tradeoff. After all, what’s the option? Not to use Facebook, in this day and age?
Well, yes.
IVOR TOSSELL
Globe and Mail Update
Published Wednesday, Oct. 05, 2011 10:11AM EDT
Last updated Wednesday, Oct. 05, 2011 10:15AM EDT
20 comments
Tweet PrintDecrease text sizeIncrease text size
Big changes to Facebook make big headlines. But it’s the small changes we really need to worry about.
For instance, Facebook is currently rolling out an attention-getting new look for user profiles. But over the past few months, the company has also unrolled a tiny change, so small as to seem completely unworthy of note.
MORE RELATED TO THIS STORY
Facebook topples the privacy façade
Facebook co-founder wants some privacy from social media
What Facebook users 'dislike' about the new makeover
With a small interface tweak, Facebook has made it harder to untag yourself from a photo. Not impossible – just harder. It’s gone from a split-second one-click process to a three-dialogue box option-hunting hassle. It sounds innocuous enough, but “harder” is all it takes to sway the behaviour of millions in favour of Facebook’s interests – at the expense of their own.
Facebook users are familiar with the drill: When users upload photos to the site, they’re encouraged to identify the people in each picture, tagging each one. Facebook users can wake up the morning after a party to discover that their friends have uploaded and tagged dozens of photos of them. These photos automatically appear on their Facebook pages, without prior consent. This system has existed for years.
This is why many, if not most, Facebook users have become masters of untagging themselves, scrubbing their names from unflattering photos they didn’t want to be associated with. This was fine, because Facebook made it easy.
Here’s the rub: That system is no longer. After a small interface switchup, Facebook now only offers users a one-click way to hide the photo on their profile – but not to get rid of the tag itself. The photo will still be identified in the album of the person who posted it, should anyone see it there. The link will still go to your page. And most importantly, Facebook itself will still know that it’s you in that picture.
It’s still possible to fully untag yourself. But the process has been made artificially burdensome. You have to hunt down the page to find an option for reporting or untagging images. Clicking brings up a dialogue box with several options to review. Choosing the “untag” option brings up a second dialogue box. Choosing “untag” in that dialogue box brings up a third dialogue box that confirms the untagging. Instead of one click, that’s four clicks, three boxes and two sets of option selections. Now, imagine repeating that across dozens of photos that might get posted after a night out. The process quickly becomes onerous.
Facebook likes it when people tag photos. It’s good for business. The more internal links the site contains, the more people click, the more time people spend on the site, the more information is gathered about users, and the better advertising can be targeted, seen and sold. And let’s be honest, to the viewer, it’s useful when photos are tagged. It’s engaging to put names to those unknown characters who lurk in the background, and to explore their profiles in turn. Tagging is good for everyone, except perhaps the people in those photos.
By implementing a change so administrative it seems too arcane to dwell on, Facebook is pressing its 800 million-odd users, uploading about 250 million photos a day, to leave untold numbers of tags in the system that they might sooner have deleted, were it not such a hassle. The tiniest details of design have a huge effect on the way people use technology. Users follow the path of least resistance.
In fact, Facebook is so eager for more tags that in other countries it has implemented a facial-recognition system that recognizes your friends’ faces and does the work for you. Facebook says it’s not planning to implement the system in Canada; the Privacy Commissioner of Ontario is among those who have expressed grave concerns about its privacy implications.
By making tagging easier than ever while simultaneously making untagging a pain, Facebook has again tilted the playing field in its own corporate interest.
The disinterested might ask: If you can still hide unseemly photos on your profile, do the persistent tags really matter? Yes. For one thing, they can be used as a back door into your account. A colleague recently found strangers leaving comments on photos she was sure she’d made fully private, only to find, buried deep in an options box, a light grey disclaimer reading, “Anyone tagged and their friends can also see this post.” This was not an option that can be changed.
It should also be a concern that, from all the photos, events, tags, and comments, Facebook can piece together a remarkable picture of what you’ve done where, when and with whom. Don’t think that law enforcement isn’t profoundly interested in this stuff. If Facebook isn’t sharing this information with police today, it might tomorrow: Laws change, and governments these days aren’t much more interested in the idea of privacy than Facebook itself is. Among the new photo-reporting options, Facebook now allows you to flag photos containing “Illegal drug use.” How handy for everyone.
Facebook continually wagers – and so far correctly – that users will let it massage their expectations of privacy downwards, and accept the tradeoff. After all, what’s the option? Not to use Facebook, in this day and age?
Well, yes.
Wednesday, September 21, 2011
European Union
About the EU
The European Union is a unique economic and political partnership between 27 European countries.
http://europa.eu/index_en.htm
The European Union is a unique economic and political partnership between 27 European countries.
http://europa.eu/index_en.htm
retention of public data
retention of data generated or processed in connection with the provision of publicly available electronic communications
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:NOT
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:NOT
Children's Online Privacy Protection Rule
Children's Online Privacy Protection Rule; Final Rule
http://www.ftc.gov/os/1999/10/64fr59888.htm
http://www.ftc.gov/os/1999/10/64fr59888.htm
COPPA - Children's Online Privacy Protection Act
COPPA - Children's Online Privacy Protection Act
http://www.coppa.org/coppa.htm
How to Comply with the Children's Online Privacy Protection Rule
http://business.ftc.gov/documents/bus45-how-comply-childrens-online-privacy-protection-rule
http://www.coppa.org/coppa.htm
How to Comply with the Children's Online Privacy Protection Rule
http://business.ftc.gov/documents/bus45-how-comply-childrens-online-privacy-protection-rule
Electronic Privacy Information Centre
Electronic Privacy Information Centre
http://privacy.org/
http://mailman.epic.org/mailman/listinfo/epic_news
http://privacy.org/
http://mailman.epic.org/mailman/listinfo/epic_news
Tuesday, September 20, 2011
The E–Discovery Process
The E–Discovery Process
http://www.clearwellsystems.com/e-discovery-101/e-discovery-process.php
E–discovery is an evolving business process comprised of various stages. The most generally accepted depiction of the entire e–discovery process can be found in the Electronic Discovery Reference Model (EDRM) Project.
Launched in May 2005, the Electronic Discovery Reference Model (EDRM) Project was created to address the lack of standards and guidelines in the electronic discovery market – a problem identified in the 2003 and 2004 Socha–Gelbmann Electronic Discovery surveys as a major concern for vendors and consumers alike. The completed reference model provides a common, flexible and extensible framework for the development, selection, evaluation and use of electronic discovery products and services:
Records Management
Developing and implementing an effective records management program is a complicated, time–consuming task that requires a multi–faceted team of professionals committed to fully understanding the business and the types of records created by the company.
Identification
Determine the scope, breadth and depth of electronically stored information that might be pursued during discovery. Take into consideration any claims and defenses, preservation demands, disclosure requirements and discovery demands. Start with a larger pool of potentially discoverable electronically stored information and from there assess how much should be preserved and collected.
Preservation
Ensure that electronically stored information is protected against destruction or alterations.
Collection
Gather electronically stored information from various sources (tapes, drives, portable storage devices, networks, etc.). Preservation and collection sometimes overlap.
Processing
Reduce the overall set of data you have collected by setting aside files that are duplicates. Consider, as well, setting aside files you have good reasons to believe are not going to be relevant because of factors such as type, origin, or date.
To the extent needed, convert electronically stored information from the form in which you found it to one that allows to you conduct a more effective and efficient review.
Review
Evaluate collected electronically stored information, frequently for relevance and privilege; related activities such as redaction.
Analysis
Analysis is the process of evaluating a collection of electronic discovery materials to determine relevant summary information, such as key topics of the case, important people, specific vocabulary and jargon, and important individual documents. This information is useful at the outset before detailed review is conducted to help with important early decisions and to improve the productivity of all remaining electronic discovery activities. Analysis is performed throughout the remainder of the process as new information is uncovered and issues of the case evolve.
Production
Deliver electronically stored information to various recipients (law firm, corporate legal department, service provider, etc.).
Deliver electronically stored information for use in other systems (automated litigation support system, web–based repository, etc.).
Deliver electronically stored information on various media (CD, DVD, tape, hard drive, portable storage device, paper, other).
Presentation
Although this stage comes last in this list, think of it as the first. Consider early and often how you can most effectively present the electronically stored information at depositions, hearings and trial. If, for example, you want a key witness to walk though a live spreadsheet at trial, you better not have produced the file only in paper form.
Source: EDRM.
http://www.clearwellsystems.com/e-discovery-101/e-discovery-process.php
E–discovery is an evolving business process comprised of various stages. The most generally accepted depiction of the entire e–discovery process can be found in the Electronic Discovery Reference Model (EDRM) Project.
Launched in May 2005, the Electronic Discovery Reference Model (EDRM) Project was created to address the lack of standards and guidelines in the electronic discovery market – a problem identified in the 2003 and 2004 Socha–Gelbmann Electronic Discovery surveys as a major concern for vendors and consumers alike. The completed reference model provides a common, flexible and extensible framework for the development, selection, evaluation and use of electronic discovery products and services:
Records Management
Developing and implementing an effective records management program is a complicated, time–consuming task that requires a multi–faceted team of professionals committed to fully understanding the business and the types of records created by the company.
Identification
Determine the scope, breadth and depth of electronically stored information that might be pursued during discovery. Take into consideration any claims and defenses, preservation demands, disclosure requirements and discovery demands. Start with a larger pool of potentially discoverable electronically stored information and from there assess how much should be preserved and collected.
Preservation
Ensure that electronically stored information is protected against destruction or alterations.
Collection
Gather electronically stored information from various sources (tapes, drives, portable storage devices, networks, etc.). Preservation and collection sometimes overlap.
Processing
Reduce the overall set of data you have collected by setting aside files that are duplicates. Consider, as well, setting aside files you have good reasons to believe are not going to be relevant because of factors such as type, origin, or date.
To the extent needed, convert electronically stored information from the form in which you found it to one that allows to you conduct a more effective and efficient review.
Review
Evaluate collected electronically stored information, frequently for relevance and privilege; related activities such as redaction.
Analysis
Analysis is the process of evaluating a collection of electronic discovery materials to determine relevant summary information, such as key topics of the case, important people, specific vocabulary and jargon, and important individual documents. This information is useful at the outset before detailed review is conducted to help with important early decisions and to improve the productivity of all remaining electronic discovery activities. Analysis is performed throughout the remainder of the process as new information is uncovered and issues of the case evolve.
Production
Deliver electronically stored information to various recipients (law firm, corporate legal department, service provider, etc.).
Deliver electronically stored information for use in other systems (automated litigation support system, web–based repository, etc.).
Deliver electronically stored information on various media (CD, DVD, tape, hard drive, portable storage device, paper, other).
Presentation
Although this stage comes last in this list, think of it as the first. Consider early and often how you can most effectively present the electronically stored information at depositions, hearings and trial. If, for example, you want a key witness to walk though a live spreadsheet at trial, you better not have produced the file only in paper form.
Source: EDRM.
Solve Investigations and Find Who Knew What in Hours
http://www.clearwellsystems.com/
Solve Investigations and Find Who Knew What in Hours
Rated as a "Strong Positive" (highest possible rating given) in Gartner's E-Discovery MarketScope Report and praised by SC Magazine, the Clearwell E-Discovery Platform is the first electronic discovery solution designed and proven to manage all of your legal matters and internal investigations in a single, web-based application. Many federal, state, and local government agencies are using Clearwell to accelerate the processing, analysis, review, and production of electronic documents and email. As a result, they accelerate early case assessments, cull-down data by up to 90%, and improve the defensibility of their investigative process. LEARN MORE
Medicare and Medicaid fraud investigations
Equal employment opportunity cases
Corporate fraud
Procurement fraud
Congressional inquiries
Key capabilities of the Clearwell Internal Investigation Solution include:
Analyze emails, attachments, and documents in minutes
Rapidly collect data in a defensible manner
Determine exactly who knew what, and when
Quickly discover the most relevant evidence
Maximize investigation flexibility through advanced search capabilities
Increase investigator productivity
Rapidly find all instances of critical evidence
Prove process integrity
Produce, proof, and deliver results to internal sponsors
Solve Investigations and Find Who Knew What in Hours
Rated as a "Strong Positive" (highest possible rating given) in Gartner's E-Discovery MarketScope Report and praised by SC Magazine, the Clearwell E-Discovery Platform is the first electronic discovery solution designed and proven to manage all of your legal matters and internal investigations in a single, web-based application. Many federal, state, and local government agencies are using Clearwell to accelerate the processing, analysis, review, and production of electronic documents and email. As a result, they accelerate early case assessments, cull-down data by up to 90%, and improve the defensibility of their investigative process. LEARN MORE
Medicare and Medicaid fraud investigations
Equal employment opportunity cases
Corporate fraud
Procurement fraud
Congressional inquiries
Key capabilities of the Clearwell Internal Investigation Solution include:
Analyze emails, attachments, and documents in minutes
Rapidly collect data in a defensible manner
Determine exactly who knew what, and when
Quickly discover the most relevant evidence
Maximize investigation flexibility through advanced search capabilities
Increase investigator productivity
Rapidly find all instances of critical evidence
Prove process integrity
Produce, proof, and deliver results to internal sponsors
eDiscovery Daily Blog
http://www.ediscoverydaily.com/2011/04/ediscovery-trends-2011-ediscovery-errors-survey.html
Litigation Support Software
E-Discovery Services
Computer Forensics
Litigation Support Ecosystem
About Trial Solutions
Litigation Support Blog
SUBSCRIPTION CENTER
Sign up to receive eDiscovery Daily's articles via email or add the RSS feed to your newsreader of choice.
RSS FEED
LIBRARY
Browse eDiscovery Daily Blog
ABOUT THE BLOGGERS
Brad Jenkins
Brad Jenkins, President and CEO of Trial Solutions, has over 20 years of experience leading customer focused companies in the litigation support arena. Brad has authored many articles on litigation support issues, and has spoken before national audiences on document management practices and solutions.
Doug Austin
Doug Austin, Professional Services Manager for Trial Solutions, has over 20 years experience providing legal technology consulting and technical project management services to numerous commercial and government clients. Doug has also authored several articles on eDiscovery best practices.
Jane Gennarelli
Jane Gennarelli is a principal of Magellan’s Law Corporation and has been assisting litigators in effectively handling discovery materials for over 30 years. She authored the company’s Best Practices in a Box™ content product and assists firms in applying technology to document handling tasks. She is a known expert and often does webinars and presentations for litigation support professionals around the country. Jane can be reached by email at jane@litigationbestpractices.com.
eDiscovery Trends: 2011 eDiscovery Errors Survey
April 18, 2011
By Doug Austin
Litigation Support Software
E-Discovery Services
Computer Forensics
Litigation Support Ecosystem
About Trial Solutions
Litigation Support Blog
SUBSCRIPTION CENTER
Sign up to receive eDiscovery Daily's articles via email or add the RSS feed to your newsreader of choice.
RSS FEED
LIBRARY
Browse eDiscovery Daily Blog
ABOUT THE BLOGGERS
Brad Jenkins
Brad Jenkins, President and CEO of Trial Solutions, has over 20 years of experience leading customer focused companies in the litigation support arena. Brad has authored many articles on litigation support issues, and has spoken before national audiences on document management practices and solutions.
Doug Austin
Doug Austin, Professional Services Manager for Trial Solutions, has over 20 years experience providing legal technology consulting and technical project management services to numerous commercial and government clients. Doug has also authored several articles on eDiscovery best practices.
Jane Gennarelli
Jane Gennarelli is a principal of Magellan’s Law Corporation and has been assisting litigators in effectively handling discovery materials for over 30 years. She authored the company’s Best Practices in a Box™ content product and assists firms in applying technology to document handling tasks. She is a known expert and often does webinars and presentations for litigation support professionals around the country. Jane can be reached by email at jane@litigationbestpractices.com.
eDiscovery Trends: 2011 eDiscovery Errors Survey
April 18, 2011
By Doug Austin
Thursday, September 1, 2011
Lifestyle Information Network
Lifestyle Information Network
http://lin.ca/legislation-recreation-centres
comliance to community recreation centre act
resources
Monday, August 29, 2011
Records Management Audit
Records Management Audit
Guideline
November 2004
Version 1.1
http://www.archives.sa.gov.au/files/management_guidelines_ARM_auditpolicy.pdf
Guideline
November 2004
Version 1.1
http://www.archives.sa.gov.au/files/management_guidelines_ARM_auditpolicy.pdf
LEGISLATION LINKS
9. References
9.1 Relevant legislation
Access to Information Act
Canada Evidence Act
Copyright Act
Criminal Records Act
Emergency Preparedness Act
Library and Archives of Canada Act
Official Languages Act
Security of Information Act
Personal Information Protection and Electronic Documents Act (Part 2)
Privacy Act
Statistics Act
9.2 Related Treasury Board policies
Access to Information
Common Services Policy
Communications Policy of the Government of Canada
Policy on Electronic Authorization and Authentication
Evaluation Policy
Government Security Policy
Policy on Language of Work
Policy on Learning, Training and Development
Policy on Management of Information Technology
Management, Resources, and Results Structure Policy
Policy on Internal Audit
Policy on Service *
Policy on the Duty to Accommodate Persons with Disabilities in the Federal Public Service
Policy on the Use of Official Languages for Communications with and Services to the Public
Privacy and Data Protection
9.3 Other publications
Foundation Framework for Treasury Board Policies
Enhanced Management Framework
Management Accountability Framework
The Financial Administration Act: Responding to Non-compliance-Meeting the Expectations of Canadians
Information and Documentation-Records Management (ISO/TR 15489: 2001)
Policy on Information Management
Policy on Information Management
http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?section=text&id=12742
An Approach to Records Management Audit
An Approach to Records Management Audit
http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/records/it04a.pdf
INTRODUCTION
This guidance has been developed to help organisations establish regular
programmes of audit that will both demonstrate, and provide assurance of, its
compliance with good practice standards laid down for Records Management,
The guidance recognises the different ways that organisations can obtain
assurance of compliance and provides, as an annex, a number of checklists
that can be used to measure and test compliance within the key components
(the lifecycle) of records management; creation, retention, maintenance, use
and disposal.
The checklists include prompts to measure good practice required across a
number of standards; including: The NHS Records Management Code of
Practice, the NHS Care Records Guarantee, ISO 15489 – international record
keeping standards and the Information Lifecycle Management elements of the
NHS Information Governance Toolkit.
What is meant by ‘Audit’?
The word ‘audit’ is most often associated with an independent examination of
financial records by external auditors or consultants, or the body or
department undertaking this. In its broader context, ‘audit’ can be used to
describe a review or scrutiny of any system, or of the processes that make up
a system. The main purpose of an audit is to provide assurance that systems
and processes are effective, compliant and risk free. It also provides a
mechanism for regular scrutiny and improvement of systems.
What is meant by “Information Lifecycle Management?
Information Lifecycle Management (ILM) is the policies, processes, practices,
services and tools used by an organisation to manage its information through
every phase of its existence - from creation through to destruction. A records
management policy will form part of an organisation’s ILM, together with other
processes, such as for example, a records inventory, secure storage, records
audit etc. The main principles of ILM are (a) that it applies to information in
paper and other physical forms, e.g. electronic, microfilm, negatives,
photographs, audio or video recordings and other assets and b) that it relates
to the 5 distinct phases in the life of information; creation, retention,
maintenance, use and disposal.
PLANNING AND PREPARING AN A
Records and Information Management - Internal Audit Report
http://www.cihr-irsc.gc.ca/e/32833.html
Records and Information Management - Internal Audit Report
July 2006
Table of Contents
Executive Summary
1. Introduction
2. Approach and Methodology
3. Criteria
4. Background
5. Key Risk Factors
6. Observations
7. Recommendations
8. Management Action Plan
Thursday, August 25, 2011
employee files
http://www.aiim.org/pdfdocuments/37069.pdf
Best Practices: Shifting HR Resources from
Records Management to Strategic Initiatives
outSidE of thE uS
√ Directive 95/46/EC or the Data Privacy Directive (EU)
√ Data Protection Act 1998 (UK)
√ Privacy Act 1988 (AUS)
√ PIPEDA (Canada)
√ Personal Data (Privacy) Ordinance (Hong Kong)
oracle webinar
Oracle Database Insider Blog
free webinar
http://blogs.oracle.com/databaseinsider/entry/webcast_series_discover_the_cloud
Wednesday, August 24, 2011
SAP
sap library
http://help.sap.com/saphelp_46c/helpdata/en/73/69f5c755bb11d189680000e829fbbd/frameset.htm
http://help.sap.com/saphelp_46c/helpdata/en/73/69f5c755bb11d189680000e829fbbd/frameset.htm
SAP modules
sap modules
http://www.winshuttle.com/Solutions-SAP/Module-SAP
Solutions for every SAP module
FI/CO - Financial Accounting and Controlling
Simplify the time-consuming process of updating SAP Financial Accounting and Controlling (FI/CO) data and move volumes of data from Excel or other application to SAP without sacrificing security. Learn more...
HCM - Human Capital Management
Winshuttle securely transfers SAP Human Capital Management (HCM) data between SAP and widely used tools like Excel, Duet, and Adobe Forms. Learn more...
MM - Material Management
Eliminate errors and significantly increase processing time by automating SAP MM data creation and update processes Learn more...
SD - Sales Distribution
Integrate data from SAP Sales and Distribution (SD) module and simplify SAP data uploads and downloads by using Excel-based templates. Learn more...
PM - Plant Maintenance
Integrate data from SAP Plant Maintenance (PM) and Materials Management (MM) modules and simplify SAP data uploads and downloads using common interfaces like Excel. Learn more...
PP - Production Planning
Use custom Excel templates to easily create and manage SAP Product Planning (PP) sales order numbers, amounts, costs, and descriptions without programming. Learn more...
QM - Quality Management
Winshuttle simplifies SAP Quality Management (QM) by improving data integrity and consistency across SAP Materials Management (MM), Production Planning (PP), and QM modules. Learn more...
Other Modules
Winshuttle works with any SAP module. Learn more...
http://www.winshuttle.com/Solutions-SAP/Module-SAP
Solutions for every SAP module
FI/CO - Financial Accounting and Controlling
Simplify the time-consuming process of updating SAP Financial Accounting and Controlling (FI/CO) data and move volumes of data from Excel or other application to SAP without sacrificing security. Learn more...
HCM - Human Capital Management
Winshuttle securely transfers SAP Human Capital Management (HCM) data between SAP and widely used tools like Excel, Duet, and Adobe Forms. Learn more...
MM - Material Management
Eliminate errors and significantly increase processing time by automating SAP MM data creation and update processes Learn more...
SD - Sales Distribution
Integrate data from SAP Sales and Distribution (SD) module and simplify SAP data uploads and downloads by using Excel-based templates. Learn more...
PM - Plant Maintenance
Integrate data from SAP Plant Maintenance (PM) and Materials Management (MM) modules and simplify SAP data uploads and downloads using common interfaces like Excel. Learn more...
PP - Production Planning
Use custom Excel templates to easily create and manage SAP Product Planning (PP) sales order numbers, amounts, costs, and descriptions without programming. Learn more...
QM - Quality Management
Winshuttle simplifies SAP Quality Management (QM) by improving data integrity and consistency across SAP Materials Management (MM), Production Planning (PP), and QM modules. Learn more...
Other Modules
Winshuttle works with any SAP module. Learn more...
sample
sample of training records
http://www.onlineptr.com/
not very good, but appeal as it is pilot training record
http://www.onlineptr.com/
not very good, but appeal as it is pilot training record
sample form
RESEARCH WORKER
TRAINING RECORD
http://www.ucalgary.ca/safety/files/safety/ResearchWorkerTrainingRecord.pdf
sample form
training record look up
http://www.safetyoffice.uwaterloo.ca/hse/training/training_records.html
Training records of various computer based training programs for staff and grad students are available to designated persons in each department.
Please contact Doug Dye at Ext 35613 to gain access.
Look up Departmental Training Records (Must be given access)
Look up your own training records
Look up your own training records on myHRinfo
Sign in using UW user ID and Password
Go to Self Service Menu then to Learning and Development
Training and Training Records
Training and Training Records
http://www.tc.gc.ca/eng/civilaviation/publications/tp14308-section19-3122.htm
arks and recreation records
http://www.pacode.com/secure/data/046/chapter15/s15.68.html
sample PF&R file listing
§ 15.68. Parks and recreation records.
Parks and recreation records shall be maintained as follows:
(1) Accident/incident reports. Retain these records 3 years.
(2) Citations. Retain these records 3 years.
(3) Park planning files, including as-built plans showing layout, topography and proposed improvements. Retain these records permanently.
(4) Park program files. Retain these records 2 years.
(5) Park rules and regulations. Retain these records 5 years after revoked or superseded.
(6) Park use records. These records include facilities such as tennis courts, golf course, athletic fields and playgrounds. Retain these records 3 years.
(7) Public bathing facilities. These records include inspections, notices of violations, service requests, enforcement records, laboratory results, operational reports, complaints and correspondence. Retain these records 4 years.
Source
The provisions of this § 15.68 adopted February 18, 1994, effective February 19, 1994, 24 Pa.B. 993.
Cross References
This section cited in 46 Pa. Code § 15.51 (relating to general provisions); and 46 Pa. Code § 15.52 (relating to applicability).
Parks and Recreation
Department of Parks and Recreation
http://www.winocular.com/winocular_products/government/Parks_Record_Management.htm
COMPUTER RESOURCES
SAMPLE PARK AND RECREATION FILE COLLECTION
Features:
Variable user-defined index fields by subject type
Field validation for critical index fields
User-defined Subject & Document types
Powerful queries using index fields with Word-In-Text (WIT) searching
Save queries for use at a later time
Record storage in standard Image File Formats along with Word Processing & text formats
Microsoft Windows NT, 2000 and XP operating environment
SQL compliant database
High Speed Image printing
Document archival to File Server, Tape, CD-ROM, DVD-ROM, DVD-RAM or other optical media
Benefits:
All Parks and Recreation Department records are collected into one database easily accessed by multiple users
Simplifies the search and retrieval of all records and associated files and documents
Advanced search technology allows field-based and context-based searches that actually read the text of OCR/ICR’d documents and all other attached files.
Clerical time required to scan and index items is less than half of that required to manually file and retrieve folders of information
Folders cannot be lost or misfiled
Guards against losing or misplacing individual documents
Enhanced security levels protect documents from unauthorized users
Eliminates the burden of paper storage
Integrates with all other WinOcular products
Customization available to tailor to your specific needs
Technical Guidelines
http://www.archives.gov/preservation/technical/guidelines.html
Technical Guidelines for Digitizing Archival Materials for Electronic Access: Creation of Production Master Files - Raster Images
http://www.archives.gov/preservation/technical/guidelines.pdf
Technical Guidelines for Digitizing Archival Materials for Electronic Access: Creation of Production Master Files - Raster Images
http://www.archives.gov/preservation/technical/guidelines.pdf
Idaho State Record Center
Idaho State Record Center provides records management services to state agencies:
http://recordscenter.idaho.gov/
See what's new!
Guidelines for Digitalization Standards for Idaho Government Agencies
Protocols for Native American Archival Materials
http://recordscenter.idaho.gov/
See what's new!
Guidelines for Digitalization Standards for Idaho Government Agencies
Protocols for Native American Archival Materials
records management online resources
US Dept of Agriculture
Chief Information Officier
Records Management
http://www.ocio.usda.gov/records/tools_records.html#online
Chief Information Officier
Records Management
http://www.ocio.usda.gov/records/tools_records.html#online
Tuesday, August 16, 2011
What we do for the public
The Public Introduction
http://www.collectionscanada.gc.ca/the-public/index-e.html
Source
Library and Archives Canada
Library and Archives Canada (LAC) provides services to members of the public who wish to consult the documents of its collection or order photocopies and reproductions.
Our reference specialists are available:
•To help with your research
•To help find answers to your questions
•To assist you in using our collections and resources
Research Tools
Search our website's databases to find references to a large number of our documents.
Academic Researchers
An online guide to help you get started.
Ask Us a Question
We can answer your questions or help you find a reference to the document you are looking for.
Consulting and Borrowing Material
Useful information for consulting the collection.
Preparing for a Visit
Plan your visit to the main building of LAC, located at 395 Wellington Street in Ottawa.
Photocopies and Reproductions
How to order photocopies and reproductions of documents.
Conditions for Access to and Use of Documents
These pages describe conditions for access and use which could apply to some documents.
Services to the Public from A to Z
Open Data from LAC Introduction
Open Data from LAC Introduction
http://www.collectionscanada.gc.ca/opendata/index-e.html
Library and Archives Canada (LAC) has been invited to join a Government of Canada (GC) initiative on open data, which will provide all Canadians with access to GC datasets and associated metadata in the public domain. As part of this initiative, LAC is releasing two datasets for the launch of this new website and will be developing a long-term plan for releasing more public domain datasets over the coming months.
Please use our comments form to let us know if you are using this data, how you are using it, and what other datasets you would like to see on this new website.
•Datasets
•Comments
•Government of Canada Core Subject Thesaurus in SKOS/RDF format
http://www.collectionscanada.gc.ca/opendata/index-e.html
Library and Archives Canada (LAC) has been invited to join a Government of Canada (GC) initiative on open data, which will provide all Canadians with access to GC datasets and associated metadata in the public domain. As part of this initiative, LAC is releasing two datasets for the launch of this new website and will be developing a long-term plan for releasing more public domain datasets over the coming months.
Please use our comments form to let us know if you are using this data, how you are using it, and what other datasets you would like to see on this new website.
•Datasets
•Comments
•Government of Canada Core Subject Thesaurus in SKOS/RDF format
Digital Policies, Guidelines and Tools
Digital Initiatives at LAC
Digital Policies, Guidelines and Tools
Library and Archives Canada
Local Digital Format Registry (LDFR)
File Format Guidelines for Preservation and Long-term Access
Version 1.0
Date Created: 2010-10-22
http://www.collectionscanada.gc.ca/digital-initiatives/012018-2210-e.html
Digital Policies, Guidelines and Tools
Library and Archives Canada
Local Digital Format Registry (LDFR)
File Format Guidelines for Preservation and Long-term Access
Version 1.0
Table of Contents | Next
1. Introduction
1.1 Purpose
This document identifies the file formats that Library and Archives Canada (LAC) will be supporting within the Trusted Digital Repository (TDR). The formats are identified as:
•Recommended; or
•Acceptable for transfer.
“Recommended” formats are those that LAC believes will be sustainable over a long period of time, whereas the formats considered “acceptable for transfer” are those formats that LAC considers to be most representative of commonly used formats (formats in widespread use) in the collections that LAC will be preserving in the TDR (e.g., most commonly used formats in digital publications and Government of Canada (GoC) electronic records).
The list of file formats to be supported will evolve over time, particularly as new formats are introduced or older formats become obsolete. It should be noted that for any given collection submitted for preservation within LAC’s TDR, file formats that do not fall within the category of “recommended” or “acceptable for transfer” will be evaluated on the basis of their content: where the content is deemed of preservation value, the content will be normalized/migrated to a “recommended” preservation format1.
Top of Page
1.2 Background
1.2.1 Preserving digital information
Canadians have been generating digital information for decades. Our books, music, movies and the records of our private and public organizations are increasingly being created in digital formats. The preservation of this digital information is a problem that touches all sectors – academic, government, private and non-profit – and ultimately all Canadians.
By its very nature, digital information is fragile. Digital bits can be preserved, but our ability to use the information is at risk if the computer hardware and software needed to interpret/render the information are no longer available, or the format specifications are not accessible (e.g., the format is proprietary, is subject to intellectual property rights, or the specifications are no longer available). Preserving digital information is complicated. It involves the active commitment of organizations, the development of appropriate policies and plans, and the implementation of sound practices. It requires all organizations with an interest in preserving digital information to share expertise, advice and best practices.
Among these best practices, the identification and use of appropriate file formats is critical for preserving digital information. Due to a mix of technical and practical issues, certain file formats are more suitable for digital preservation. This document identifies and describes digital formats which LAC is recommending for long-term preservation and access to digital information.
These recommendations are contextualized within LAC’s Digital Preservation Policy2 and the development of LAC’s TDR. The TDR is LAC’s digital preservation infrastructure supporting secure acquisition, storage, management and continuing access to Canada’s digital memory.
1.2.2 Digital content preservation strategy
LAC has adopted the following strategy for preserving digital content:
•When digital content is first accepted/approved for preservation in the TDR (that is, the content has been evaluated by LAC and deemed to be of preservation value), a preservation master is created (termed a “preservation master (0)” or PM(0));
•As part of the acceptance/approval process, the digital content is normalized as required (that is, migrated from the submitted/transferred format to one of the appropriate recommended preservation formats), thereby creating a new preservation master (termed a “preservation master (+1)” or PM(+1));
•From the current preservation master (i.e., PM(0) or PM(+1)), a copy of the digital content is created to service access requests by internal and external users (termed a “service copy”)3;
•The service copies can be presented using LAC-supported play-out services as well as client-based play-out services where needed or desired (an example of a play-out service would be an Apache server for HTML pages combined with a browser on the client, or a video streaming server; on the client, the Adobe Reader is an example of a client-based play-out service).
Top of Page
1.3 Target audience and use
LAC has developed these guidelines for a broad audience including the public, academic and private sectors. Whether it is a government department producing a budget or a citizen self-publishing, this document is intended to provide guidance on which digital file formats are most suitable for preservation and long-term access.
These guidelines also serve as the policy foundation for LAC’s Local Digital Format Registry (LDFR), the underpinning set of guidelines for file format normalization/migration services within LAC’s TDR.
Top of Page
1.4 Scope
These guidelines and recommendations are concerned with media-independent content; that is digital content that is managed as file types and is not inextricably linked to a physical storage medium (in contrast to videotape which is dependent both on the physical carrier and the playback equipment). These guidelines do not address recommendations for physical preservation media4.
The file formats covered in this document have been clustered into the following content types:
•Text
•Audio
•Digital video
•Still images
•Web archiving
•Geospatial
•Structured data, including:
◦Databases
◦Statistical and Qualitative Analysis Data
◦Scientific Data
•Computer Aided Design (CAD):
◦Technical drawings
◦Computer-aided Software Engineering (CASE)
This document consists of file format recommendations based on LAC’s experience in collecting and preserving digital content as well as international best practices.
Top of Page
1.5 Summary of recommendations
1.5.1 Definition of file formats
Generally speaking, file formats are specific patterns or structures which organize and define data. Some formats contain only one ‘stream’ of uncompressed data, others may contain codecs to encode and compress the data5, and others still may support several ‘streams’ of media.
In addition to file formats, there are also ‘container’ or ‘encapsulating’ formats. These formats can contain and support various types or layers of audio, video, still imagery, and their associated metadata. Each of these formats may be handled by different programs, processes, or hardware; but for the multimedia data stream to be interpreted properly, the information must be encapsulated together. Library of Congress define three types of container formats:
•“wrapper” format: wrapper is often used by digital content specialists to name a file format that encapsulates its constituent bitstreams and includes metadata that describes the content within. Archetypal examples include WAVE and TIFF. Files that are instances of these wrappers are distinguished in terms of their underlying bitstreams, e.g., WAVE files may contain (a) linear pulse code modulated (LPCM) audio, (b) highly compressed audio as used for digital telephony, or (c) other representations of sound. Meanwhile, the self-describing, content-declaring feature of a wrapper is typified by the familiar TIFF header. Relatively more complex and facile wrappers like QuickTime may contain multiple objects, e.g., one or more video streams and separate audio streams;
•“simple bundling” formats: these formats encapsulate their constituent files and, save for a directory that provides the filenames, do not describe the content and the relationships that may exist between files. Archetypes include ZIP, StuffIt, and TAR, the latter associated with the UNIX operating system. Simple bundling formats tend to be generic, i.e., they may be used for a wide range of content types;
•“self-describing bundling” formats: these formats are employed to represent the bundle of files that comprise a complex digital work, e.g., a book text with supporting illustrations or a movie with multiple segments and sound tracks in different languages. Self-describing bundling formats list the component parts and their relationships (information about the relationships is often called structural metadata) and may indicate how the work as a whole can be rendered or used. Bundling formats often incorporate technical details about each component, since a single object may include a mix of texts, sound, images, etc. They may or may not encapsulate their constituent files. They include metadata that describes their content and the relationships between files. Archetypes for this subcategory include METS (Metadata Encoding and Transmission Standard) and MPEG-21 (Multimedia Framework).
For further information on formats, see the working definition6 on the Library of Congress Web site on Sustainability of Digital Formats.
There are thousands of file types now in existence: LAC’s guidelines specify only the file formats that will be supported in the TDR. For a more complete registry please refer to PRONOM7, the Unified Digital Format Registry8 or the Library of Congress Web site on Sustainability of Digital Formats9.
1.5.2 Evaluating the sustainability of file formats
In developing these guidelines, LAC has attempted to balance the requirements for quality, stability, potential longevity and industry acceptance. Where possible, a preference has been placed on the selection of non-proprietary national and international standards, or failing the availability of non-proprietary standards on, de facto standard industry formats. De facto standard formats are widely used and recognized formats that have become industry standards because of their ubiquitous use and support, and not because they have been formally approved by a standards organization. LAC has also reserved the right to select formats that it believes will become more widely adopted by the preservation community in the near future (e.g., SIARD).
Based on a review of criteria published by Library of Congress, the National Archives (UK), and the National Library of the Netherlands10, Library and Archives Canada has established the following criteria for evaluating file formats for long-term preservation and access.
1.Openness/Transparency
The relative ease with which knowledge of the file format and its technical information can be accumulated.
2.Adoption as a preservation standard
The extent to which the format has been formally adopted by national libraries, archives, and other memory institutions internationally.
3.Stability/Compatibility
a) The degree to which the format is backward and forward compatible.
b) The degree to which the format is protected against file corruption.
c) The relative frequency of release of newer or replacement versions of the format over time.
4.Dependencies/Interoperability The degree to which the format relies on a particular hardware or software, reader, etc.
5.Standardization The degree to which the format has gone through a rigorous formal standardization process.
Table 1, below, summarizes the evaluation scheme used, whereas Table 2, following, provides a definition for each evaluation criterion along with the rating to be assigned based on the degree to which the criterion has been met.
Table 1: Rating Scheme Rating
Symbol Description
√ Evaluation criterion fully met
√$ Evaluation criterion fully met, however a cost is associated with meeting the criterion (e.g., to acquire the specification)
* Evaluation criterion partially met
x Evaluation criterion not met
√/x Evaluation criterion met in one sector (e.g., for Government of Canada content) but not met in another sector (e.g., for non-government / commercial content)
√/* Evaluation criterion met in one sector (e.g., for Government of Canada content) but not met / partially met in another sector (e.g., for non-government / commercial content)
1.5.3 File format recommendations
Table 3, following, summarizes the files formats that LAC recommends for the preservation of and long term access to digital content, and also identifies the file formats that are acceptable for the transfer of digital content to LAC.
Please note that there is no implied migration path from the “acceptable for transfer” formats and the “recommended” for preservation formats. The selection of a preservation format will be based on the degree to which the significant properties of the source format (and of individual instances of the format) are retained in the target preservation format (and the relative importance (or weigthing) of specific properties).
Table 4 summarizes the ratings of LAC’s recommended file formats against the criteria identified in Section 1.5.2, whereas Appendix A – Recommended Preservation Format Evaluation provides detailed rating information. Please note that there is no implied order of preference / precedence in the list of formats.
Appendix B – Applying the Guidelines to LAC Preservation Policies, graphically demonstrates the mapping of the recommended preservation formats to LAC’s preservation strategy (outlined in Section 1.2.2).
Table 2: Evaluation Criteria Definition and Rating Criterion Evaluation Basis Rating
Openness/Transparency
Specifications available from one or more of the following:
a) Open membership organization (such as the W3C (World Wide Web Consortium), the OMG (Object Management Group))
b) International standards organization (such as the ISO)
c) Industry-based open membership organization
√
Evaluation criterion fully met
Specifications available only at cost
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion
Specifications potentially available from multiple sources (could not be confirmed)
*
Evaluation criterion partially met
Specifications only available from / under the control of a single vendor or small group of vendors
x
Evaluation criterion not met
Adoption as a preservation standard
The majority of the organizations investigated use/are planning to use the format as a preservation standard (50% or more of the organizations)
√
Evaluation criterion fully met
Some of the organizations investigated use/are planning to use the format as a preservation standard (less than 50% of the organizations)
*
Evaluation criterion partially met
None of the organizations investigated use/are planning to use the format as a preservation standard
x
Evaluation criterion not met
Stability/Compatibility
a) degree of forward/backward compatibility
A format is backward compatible if it provides all of the functionality of a previous release or version of the format
A format is forward compatible if it has the ability to gracefully accept content intended for later versions of the format (that is, software designed to interpret / render a prior version of a format can also interpret / render the current version of the format)
Forward/backward compatibility:
a) High compatibility: A format is both forward and backward compatible
√
Evaluation criterion fully met
b) Medium compatibility: A format is backward compatible only
*
Evaluation criterion partially met
c) Low compatibility: A format is neither forward nor backward compatible
x
Evaluation criterion not met
b) degree of protection against file corruption
Corruption protection: Resilience to random bit-level/byte-level changes in content
a) High resilience: Changes have little or no impact to renderability/interpretability / uses methods for detecting/recovering from changes
√
Evaluation criterion fully met
b) Medium resilience: Changes affect renderability but not interpretability / some ability to recover from changes
*
Evaluation criterion partially met
c) Low resilience: Any change affects the ability to interpret and render the format
x
Evaluation criterion not met
c) frequency of version releases
Format stability demonstrated by the number of version releases and/or extensions; format’s use in derivatives and/or industry-specific applications
High format stability
√
Evaluation criterion fully met
Medium format stability
*
Evaluation criterion partially met
Low format stability
x
Evaluation criterion not met
Dependencies/Interoperability
Low dependency / High interoperability
Low dependency / Medium interoperability
Medium dependency / High interoperability
√
Evaluation criterion fully met
Low dependency / Low interoperability
Medium dependency / Medium interoperability
Medium dependency / Low interoperability
*
Evaluation criterion partially met
High dependency / Low interoperability
High dependency / Medium interoperability
High dependency / High interoperability
x
Evaluation criterion not met
Standardization
Format follows a formal process enacted by any of the following:
a) Open membership organization (such as the W3C (World Wide Web Consortium), the OMG (Object Management Group))
b) International standards organization (such as the ISO)
c) Industry-based open membership organization
√
Evaluation criterion fully met
Format is subject to documented processes implemented by a single vendor or small group of vendors or no documented process
x
Evaluation criterion not met
Dependency/Interoperability Dependency Interoperability
Low
High availability of low-cost/free software to render/interpret the format; “humanly readable” format; little or no dependency on other formats / dependency only on non-proprietary formats
Format renderable on a very small set of platforms (such as, electronic book formats limited to one or two hardware platforms, or supported by a single software vendor (e.g., Microsoft LIT readable only with proprietary reader))
Medium
Availability of software from many vendors to interpret / render the format
Format renderable on a small set of mainstream hardware / software platforms
High
Some/high dependency on proprietary formats; low availability of software to interpret/render the format; format not “humanly readable” (e.g., binary format)
Format renderable on a large number of platforms (e.g., multiple OS, hardware (such as, EPUB format support on PDAs))
Return to Dependency/Interoperability
Table 3: Recommended and Acceptable for Transfer File Formats Content Type Recommended Acceptable for transfer
Text
•EPUB for electronic books
•Extensible Hypertext Markup Language (XHTML)
•Extensible Markup Language (XML)
•Hypertext Markup Language (HTML)
•Multipurpose Internet Mail Extensions (MIME)
•Open Document Format (ODF)
•PDF for long-term preservation (PDF/A)
•Rich Text Format (RTF)
•Standard General Markup Language (SGML)
•Text (plain text)
•Office Suites:
◦Microsoft Office including: Word Document Format, Excel Spreadsheet Format, Powerpoint Presentation Format
◦WordPerfect Suite including: WordPerfect Document Format, Quattro Pro Spreadsheet Format, Corel Presentations Format
◦Lotus Smartsuite including: WordPro Document Format, 1-2-3 Spreadsheet Format, Freelance Graphics Format
•Portable Document Format (PDF)
Audio
•Broadcast Wave Format (BWF) (for newly digitized content (i.e., creating))
•Waveform Audio Format (WAV) (for migrating born digital audio content)
•Audio Interchange File Format (AIFF)
•Mpeg-1 layer-3, Mepg-2 layer-3 (MP3)
•Mpeg-4 aac – advanced audio coding (AAC)
•Musical instrument digital interface (MIDI)
•Window media audio (WMA)
Digital Video
•Motion JPEG 2000
•Audio video interleave (AVI)
•Moving pictures expert group (MPEG-2)
•Moving pictures expert group (MPEG-4)
•Quicktime (MOV)
•Windows media video (WMV)
Still Images
•Joint photographic experts group (JPEG)
•Joint photographic experts group jpeg 2000 (JP2)
•Tagged image file format (TIFF)
•TIFF - GeoTIFF
•Digital imaging and communications in medicine (DICOM v. 3.0)
•Encapsulated postscript (EPS)
•Graphics interchange format (GIF)
•Portable network graphics (PNG)
Web Archiving
•Internet archive format (ARC)
•Web archive format (WARC)
Structured Data - Databases
•Software Independent Archiving of Relational Databases (SIARD)
•Delimited Flat file with DDL
•dBase Format (DBF)
Structured Data – Statistical and Qualitative Analysis
•Data Documentation Initiative (DDI) Version 3.0
•Data Exchange and Conversion Utilities and Tools (DExT)
•Statistical Data and Metadata Exchange (SDMX)
•Delimited Flat File with Variable Descriptions
•SAS
•SPSS
Structured Data – Scientific
•XML Container
Geospatial11
•ISO 19115 Geographic Information – Metadata (NAP – Metadata) (North American Profile)
•Canadian Council on Geomatics Interchange Format (CCOGIF)
•Digital Elevation Model (DEM)
•Digital line graphics – level 3 (DIG-3)*
•Environmental systems research institute (ESRI) export format – (E00)*
•Environmental systems research institute (ESRI) shape file format (SHP)*
•International Hydrographic Organization (IHO) S-57, Edition 3.1*
Computer Aided Design –Technical Drawing
•Drawing Interchange File Format/Data eXchange Format (DXF)
•Computer Graphics Metafile (CGM)
Computer Aided Design – CASE
•XML Metadata Interchange (XMI)
Source Code and Scripts
•XML Container
•Text
Table 4: Summary Evaluation of Recommended File Formats Content
Type Format Open-
ness / Trans-
parency Adoption Stability / Compatibility Depend-
encies / Inter-
operability Standard-
ization
Forward/
Backward Compatibility
Corruption Protection
Release Stability
Text
EPUB (underlying standard for eBooks)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Extensible Markup Language (XML)
√
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Extensible HyperText Markup Language (XHTML)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
HyperText Markup Language (HTML)
√
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Multipurpose Internet Mail Extensions (MIME)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Open Document Format (ODF)
√
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
PDF for long-term preservation: PDF-Archive (PDF/A)
√
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Rich Text Format (RTF)
x
Evaluation criterion not met √
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met x
Evaluation criterion not met x
Evaluation criterion not met
Standard Generalized Markup Language (SGML)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Text (TXT)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Audio
Broadcast Wave Format (BWF)
√
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Digital Video
JPEG 2000 MXF (MOTION JPEG 2000)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Still Images
Joint Photographic Experts Group (JPEG)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Joint Photographic Experts Group JPEG2000 (JP2)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Portable Network Graphics (PNG)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Tagged Image File Format (TIFF)
√
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
TIFF - GeoTIFF
√
Evaluation criterion fully met x
Evaluation criterion not met √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Structured Data - Database
Software Independent Archiving of Relational Databases (SIARD)
*
Evaluation criterion partially met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met *
Evaluation criterion partially met
Delimited Flat File with Data Description
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Structured Data - Statistical and Qualitative Analysis Data
Data Documentation Initiative (DDI) Version 3.0
√
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Data Exchange and Conversion Utilities and Tools (DExT)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Statistical Data and Metadata Exchange (SDMX)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Delimited Flat File with Variable Description
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Structured Data - Scientific Data
Not applicable at this time
Geospatial Data
ISO 19115 Geographic Information – Metadata (NAP – Metadata) (North American Profile)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √ Evaluation criterion fully met GoC
/n.a. √
Evaluation criterion fully met
Computer-Aided Design (CAD) – Technical Drawings
Drawing Interchange File Format (DXF)
x
Evaluation criterion not met √
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met
Computer-Aided Design (CAD) – CASE
XML Metadata Interchange (XMI)
√
Evaluation criterion fully met x
Evaluation criterion not met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Source Code and Scripts
Not applicable at this time
--------------------------------------------------------------------------------
1 Note: Within the TDR, automatic normalization will be performed on the “acceptable for transfer” formats identified in the guidelines (conversion or migration to a “recommended” format): all other formats will be addressed on an individual case basis. Should the format prove to be a commonly used format, automated normalization/migration will be considered for future submissions.
2 www.collectionscanada.gc.ca/digital-initiatives/012018-2000.01-e.html
3 A service copy may be created as part of the acceptance/approval process or may be produced dynamically.
4 A policy addressing storage media for use in preservation is currently under development.
5 Please see Appendix C: Concepts and Definitions - Codecs.
6 www.digitalpreservation.gov/formats/intro/format_eval_rel.shtml#what
7 www.nationalarchives.gov.uk/pronom/
8 www.gdfr.info/udfr.html
9 www.digitalpreservation.gov/formats/content/content_categories.shtml
10 See Gillesse et al 2008; Rauch, Carl et al. 'File-Formats for Preservation: Evaluating the Long-Term Stability of File-Formats." Proceedings ELPUB2007 Conference on Electronic Publishing : Vienna, Austria , 2007. http://elpub.scix.net/data/works/att/122_elpub2007.content.pdf; National Archives (UK). "Selecting File Formats for Long-Term Preservation." (2003). www.nationalarchives.gov.uk/documents/selecting_file_formats.rtf; Library of Congress. "Sustainability of Digital Formats: Planning for Library of Congress Collections." (2007). www.digitalpreservation.gov/formats/sustain/sustain.shtml.
11 For geospatial information, the “acceptable for transfer” formats with asterisks will be preserved as is (not migrated) until such time as the adoption rate of the Treasury Board Secretariat (TBS) standard (identifying ISO 19115), and the avalaibility of tools supporting the standard is more fully understood (exception to preservation strategy for the near future).
Table of Contents | Next
Social Tagging (About Social Tagging)
Digital Policies, Guidelines and Tools
Library and Archives Canada
Local Digital Format Registry (LDFR)
File Format Guidelines for Preservation and Long-term Access
Version 1.0
Date Created: 2010-10-22
http://www.collectionscanada.gc.ca/digital-initiatives/012018-2210-e.html
Digital Policies, Guidelines and Tools
Library and Archives Canada
Local Digital Format Registry (LDFR)
File Format Guidelines for Preservation and Long-term Access
Version 1.0
Table of Contents | Next
1. Introduction
1.1 Purpose
This document identifies the file formats that Library and Archives Canada (LAC) will be supporting within the Trusted Digital Repository (TDR). The formats are identified as:
•Recommended; or
•Acceptable for transfer.
“Recommended” formats are those that LAC believes will be sustainable over a long period of time, whereas the formats considered “acceptable for transfer” are those formats that LAC considers to be most representative of commonly used formats (formats in widespread use) in the collections that LAC will be preserving in the TDR (e.g., most commonly used formats in digital publications and Government of Canada (GoC) electronic records).
The list of file formats to be supported will evolve over time, particularly as new formats are introduced or older formats become obsolete. It should be noted that for any given collection submitted for preservation within LAC’s TDR, file formats that do not fall within the category of “recommended” or “acceptable for transfer” will be evaluated on the basis of their content: where the content is deemed of preservation value, the content will be normalized/migrated to a “recommended” preservation format1.
Top of Page
1.2 Background
1.2.1 Preserving digital information
Canadians have been generating digital information for decades. Our books, music, movies and the records of our private and public organizations are increasingly being created in digital formats. The preservation of this digital information is a problem that touches all sectors – academic, government, private and non-profit – and ultimately all Canadians.
By its very nature, digital information is fragile. Digital bits can be preserved, but our ability to use the information is at risk if the computer hardware and software needed to interpret/render the information are no longer available, or the format specifications are not accessible (e.g., the format is proprietary, is subject to intellectual property rights, or the specifications are no longer available). Preserving digital information is complicated. It involves the active commitment of organizations, the development of appropriate policies and plans, and the implementation of sound practices. It requires all organizations with an interest in preserving digital information to share expertise, advice and best practices.
Among these best practices, the identification and use of appropriate file formats is critical for preserving digital information. Due to a mix of technical and practical issues, certain file formats are more suitable for digital preservation. This document identifies and describes digital formats which LAC is recommending for long-term preservation and access to digital information.
These recommendations are contextualized within LAC’s Digital Preservation Policy2 and the development of LAC’s TDR. The TDR is LAC’s digital preservation infrastructure supporting secure acquisition, storage, management and continuing access to Canada’s digital memory.
1.2.2 Digital content preservation strategy
LAC has adopted the following strategy for preserving digital content:
•When digital content is first accepted/approved for preservation in the TDR (that is, the content has been evaluated by LAC and deemed to be of preservation value), a preservation master is created (termed a “preservation master (0)” or PM(0));
•As part of the acceptance/approval process, the digital content is normalized as required (that is, migrated from the submitted/transferred format to one of the appropriate recommended preservation formats), thereby creating a new preservation master (termed a “preservation master (+1)” or PM(+1));
•From the current preservation master (i.e., PM(0) or PM(+1)), a copy of the digital content is created to service access requests by internal and external users (termed a “service copy”)3;
•The service copies can be presented using LAC-supported play-out services as well as client-based play-out services where needed or desired (an example of a play-out service would be an Apache server for HTML pages combined with a browser on the client, or a video streaming server; on the client, the Adobe Reader is an example of a client-based play-out service).
Top of Page
1.3 Target audience and use
LAC has developed these guidelines for a broad audience including the public, academic and private sectors. Whether it is a government department producing a budget or a citizen self-publishing, this document is intended to provide guidance on which digital file formats are most suitable for preservation and long-term access.
These guidelines also serve as the policy foundation for LAC’s Local Digital Format Registry (LDFR), the underpinning set of guidelines for file format normalization/migration services within LAC’s TDR.
Top of Page
1.4 Scope
These guidelines and recommendations are concerned with media-independent content; that is digital content that is managed as file types and is not inextricably linked to a physical storage medium (in contrast to videotape which is dependent both on the physical carrier and the playback equipment). These guidelines do not address recommendations for physical preservation media4.
The file formats covered in this document have been clustered into the following content types:
•Text
•Audio
•Digital video
•Still images
•Web archiving
•Geospatial
•Structured data, including:
◦Databases
◦Statistical and Qualitative Analysis Data
◦Scientific Data
•Computer Aided Design (CAD):
◦Technical drawings
◦Computer-aided Software Engineering (CASE)
This document consists of file format recommendations based on LAC’s experience in collecting and preserving digital content as well as international best practices.
Top of Page
1.5 Summary of recommendations
1.5.1 Definition of file formats
Generally speaking, file formats are specific patterns or structures which organize and define data. Some formats contain only one ‘stream’ of uncompressed data, others may contain codecs to encode and compress the data5, and others still may support several ‘streams’ of media.
In addition to file formats, there are also ‘container’ or ‘encapsulating’ formats. These formats can contain and support various types or layers of audio, video, still imagery, and their associated metadata. Each of these formats may be handled by different programs, processes, or hardware; but for the multimedia data stream to be interpreted properly, the information must be encapsulated together. Library of Congress define three types of container formats:
•“wrapper” format: wrapper is often used by digital content specialists to name a file format that encapsulates its constituent bitstreams and includes metadata that describes the content within. Archetypal examples include WAVE and TIFF. Files that are instances of these wrappers are distinguished in terms of their underlying bitstreams, e.g., WAVE files may contain (a) linear pulse code modulated (LPCM) audio, (b) highly compressed audio as used for digital telephony, or (c) other representations of sound. Meanwhile, the self-describing, content-declaring feature of a wrapper is typified by the familiar TIFF header. Relatively more complex and facile wrappers like QuickTime may contain multiple objects, e.g., one or more video streams and separate audio streams;
•“simple bundling” formats: these formats encapsulate their constituent files and, save for a directory that provides the filenames, do not describe the content and the relationships that may exist between files. Archetypes include ZIP, StuffIt, and TAR, the latter associated with the UNIX operating system. Simple bundling formats tend to be generic, i.e., they may be used for a wide range of content types;
•“self-describing bundling” formats: these formats are employed to represent the bundle of files that comprise a complex digital work, e.g., a book text with supporting illustrations or a movie with multiple segments and sound tracks in different languages. Self-describing bundling formats list the component parts and their relationships (information about the relationships is often called structural metadata) and may indicate how the work as a whole can be rendered or used. Bundling formats often incorporate technical details about each component, since a single object may include a mix of texts, sound, images, etc. They may or may not encapsulate their constituent files. They include metadata that describes their content and the relationships between files. Archetypes for this subcategory include METS (Metadata Encoding and Transmission Standard) and MPEG-21 (Multimedia Framework).
For further information on formats, see the working definition6 on the Library of Congress Web site on Sustainability of Digital Formats.
There are thousands of file types now in existence: LAC’s guidelines specify only the file formats that will be supported in the TDR. For a more complete registry please refer to PRONOM7, the Unified Digital Format Registry8 or the Library of Congress Web site on Sustainability of Digital Formats9.
1.5.2 Evaluating the sustainability of file formats
In developing these guidelines, LAC has attempted to balance the requirements for quality, stability, potential longevity and industry acceptance. Where possible, a preference has been placed on the selection of non-proprietary national and international standards, or failing the availability of non-proprietary standards on, de facto standard industry formats. De facto standard formats are widely used and recognized formats that have become industry standards because of their ubiquitous use and support, and not because they have been formally approved by a standards organization. LAC has also reserved the right to select formats that it believes will become more widely adopted by the preservation community in the near future (e.g., SIARD).
Based on a review of criteria published by Library of Congress, the National Archives (UK), and the National Library of the Netherlands10, Library and Archives Canada has established the following criteria for evaluating file formats for long-term preservation and access.
1.Openness/Transparency
The relative ease with which knowledge of the file format and its technical information can be accumulated.
2.Adoption as a preservation standard
The extent to which the format has been formally adopted by national libraries, archives, and other memory institutions internationally.
3.Stability/Compatibility
a) The degree to which the format is backward and forward compatible.
b) The degree to which the format is protected against file corruption.
c) The relative frequency of release of newer or replacement versions of the format over time.
4.Dependencies/Interoperability The degree to which the format relies on a particular hardware or software, reader, etc.
5.Standardization The degree to which the format has gone through a rigorous formal standardization process.
Table 1, below, summarizes the evaluation scheme used, whereas Table 2, following, provides a definition for each evaluation criterion along with the rating to be assigned based on the degree to which the criterion has been met.
Table 1: Rating Scheme Rating
Symbol Description
√ Evaluation criterion fully met
√$ Evaluation criterion fully met, however a cost is associated with meeting the criterion (e.g., to acquire the specification)
* Evaluation criterion partially met
x Evaluation criterion not met
√/x Evaluation criterion met in one sector (e.g., for Government of Canada content) but not met in another sector (e.g., for non-government / commercial content)
√/* Evaluation criterion met in one sector (e.g., for Government of Canada content) but not met / partially met in another sector (e.g., for non-government / commercial content)
1.5.3 File format recommendations
Table 3, following, summarizes the files formats that LAC recommends for the preservation of and long term access to digital content, and also identifies the file formats that are acceptable for the transfer of digital content to LAC.
Please note that there is no implied migration path from the “acceptable for transfer” formats and the “recommended” for preservation formats. The selection of a preservation format will be based on the degree to which the significant properties of the source format (and of individual instances of the format) are retained in the target preservation format (and the relative importance (or weigthing) of specific properties).
Table 4 summarizes the ratings of LAC’s recommended file formats against the criteria identified in Section 1.5.2, whereas Appendix A – Recommended Preservation Format Evaluation provides detailed rating information. Please note that there is no implied order of preference / precedence in the list of formats.
Appendix B – Applying the Guidelines to LAC Preservation Policies, graphically demonstrates the mapping of the recommended preservation formats to LAC’s preservation strategy (outlined in Section 1.2.2).
Table 2: Evaluation Criteria Definition and Rating Criterion Evaluation Basis Rating
Openness/Transparency
Specifications available from one or more of the following:
a) Open membership organization (such as the W3C (World Wide Web Consortium), the OMG (Object Management Group))
b) International standards organization (such as the ISO)
c) Industry-based open membership organization
√
Evaluation criterion fully met
Specifications available only at cost
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion
Specifications potentially available from multiple sources (could not be confirmed)
*
Evaluation criterion partially met
Specifications only available from / under the control of a single vendor or small group of vendors
x
Evaluation criterion not met
Adoption as a preservation standard
The majority of the organizations investigated use/are planning to use the format as a preservation standard (50% or more of the organizations)
√
Evaluation criterion fully met
Some of the organizations investigated use/are planning to use the format as a preservation standard (less than 50% of the organizations)
*
Evaluation criterion partially met
None of the organizations investigated use/are planning to use the format as a preservation standard
x
Evaluation criterion not met
Stability/Compatibility
a) degree of forward/backward compatibility
A format is backward compatible if it provides all of the functionality of a previous release or version of the format
A format is forward compatible if it has the ability to gracefully accept content intended for later versions of the format (that is, software designed to interpret / render a prior version of a format can also interpret / render the current version of the format)
Forward/backward compatibility:
a) High compatibility: A format is both forward and backward compatible
√
Evaluation criterion fully met
b) Medium compatibility: A format is backward compatible only
*
Evaluation criterion partially met
c) Low compatibility: A format is neither forward nor backward compatible
x
Evaluation criterion not met
b) degree of protection against file corruption
Corruption protection: Resilience to random bit-level/byte-level changes in content
a) High resilience: Changes have little or no impact to renderability/interpretability / uses methods for detecting/recovering from changes
√
Evaluation criterion fully met
b) Medium resilience: Changes affect renderability but not interpretability / some ability to recover from changes
*
Evaluation criterion partially met
c) Low resilience: Any change affects the ability to interpret and render the format
x
Evaluation criterion not met
c) frequency of version releases
Format stability demonstrated by the number of version releases and/or extensions; format’s use in derivatives and/or industry-specific applications
High format stability
√
Evaluation criterion fully met
Medium format stability
*
Evaluation criterion partially met
Low format stability
x
Evaluation criterion not met
Dependencies/Interoperability
Low dependency / High interoperability
Low dependency / Medium interoperability
Medium dependency / High interoperability
√
Evaluation criterion fully met
Low dependency / Low interoperability
Medium dependency / Medium interoperability
Medium dependency / Low interoperability
*
Evaluation criterion partially met
High dependency / Low interoperability
High dependency / Medium interoperability
High dependency / High interoperability
x
Evaluation criterion not met
Standardization
Format follows a formal process enacted by any of the following:
a) Open membership organization (such as the W3C (World Wide Web Consortium), the OMG (Object Management Group))
b) International standards organization (such as the ISO)
c) Industry-based open membership organization
√
Evaluation criterion fully met
Format is subject to documented processes implemented by a single vendor or small group of vendors or no documented process
x
Evaluation criterion not met
Dependency/Interoperability Dependency Interoperability
Low
High availability of low-cost/free software to render/interpret the format; “humanly readable” format; little or no dependency on other formats / dependency only on non-proprietary formats
Format renderable on a very small set of platforms (such as, electronic book formats limited to one or two hardware platforms, or supported by a single software vendor (e.g., Microsoft LIT readable only with proprietary reader))
Medium
Availability of software from many vendors to interpret / render the format
Format renderable on a small set of mainstream hardware / software platforms
High
Some/high dependency on proprietary formats; low availability of software to interpret/render the format; format not “humanly readable” (e.g., binary format)
Format renderable on a large number of platforms (e.g., multiple OS, hardware (such as, EPUB format support on PDAs))
Return to Dependency/Interoperability
Table 3: Recommended and Acceptable for Transfer File Formats Content Type Recommended Acceptable for transfer
Text
•EPUB for electronic books
•Extensible Hypertext Markup Language (XHTML)
•Extensible Markup Language (XML)
•Hypertext Markup Language (HTML)
•Multipurpose Internet Mail Extensions (MIME)
•Open Document Format (ODF)
•PDF for long-term preservation (PDF/A)
•Rich Text Format (RTF)
•Standard General Markup Language (SGML)
•Text (plain text)
•Office Suites:
◦Microsoft Office including: Word Document Format, Excel Spreadsheet Format, Powerpoint Presentation Format
◦WordPerfect Suite including: WordPerfect Document Format, Quattro Pro Spreadsheet Format, Corel Presentations Format
◦Lotus Smartsuite including: WordPro Document Format, 1-2-3 Spreadsheet Format, Freelance Graphics Format
•Portable Document Format (PDF)
Audio
•Broadcast Wave Format (BWF) (for newly digitized content (i.e., creating))
•Waveform Audio Format (WAV) (for migrating born digital audio content)
•Audio Interchange File Format (AIFF)
•Mpeg-1 layer-3, Mepg-2 layer-3 (MP3)
•Mpeg-4 aac – advanced audio coding (AAC)
•Musical instrument digital interface (MIDI)
•Window media audio (WMA)
Digital Video
•Motion JPEG 2000
•Audio video interleave (AVI)
•Moving pictures expert group (MPEG-2)
•Moving pictures expert group (MPEG-4)
•Quicktime (MOV)
•Windows media video (WMV)
Still Images
•Joint photographic experts group (JPEG)
•Joint photographic experts group jpeg 2000 (JP2)
•Tagged image file format (TIFF)
•TIFF - GeoTIFF
•Digital imaging and communications in medicine (DICOM v. 3.0)
•Encapsulated postscript (EPS)
•Graphics interchange format (GIF)
•Portable network graphics (PNG)
Web Archiving
•Internet archive format (ARC)
•Web archive format (WARC)
Structured Data - Databases
•Software Independent Archiving of Relational Databases (SIARD)
•Delimited Flat file with DDL
•dBase Format (DBF)
Structured Data – Statistical and Qualitative Analysis
•Data Documentation Initiative (DDI) Version 3.0
•Data Exchange and Conversion Utilities and Tools (DExT)
•Statistical Data and Metadata Exchange (SDMX)
•Delimited Flat File with Variable Descriptions
•SAS
•SPSS
Structured Data – Scientific
•XML Container
Geospatial11
•ISO 19115 Geographic Information – Metadata (NAP – Metadata) (North American Profile)
•Canadian Council on Geomatics Interchange Format (CCOGIF)
•Digital Elevation Model (DEM)
•Digital line graphics – level 3 (DIG-3)*
•Environmental systems research institute (ESRI) export format – (E00)*
•Environmental systems research institute (ESRI) shape file format (SHP)*
•International Hydrographic Organization (IHO) S-57, Edition 3.1*
Computer Aided Design –Technical Drawing
•Drawing Interchange File Format/Data eXchange Format (DXF)
•Computer Graphics Metafile (CGM)
Computer Aided Design – CASE
•XML Metadata Interchange (XMI)
Source Code and Scripts
•XML Container
•Text
Table 4: Summary Evaluation of Recommended File Formats Content
Type Format Open-
ness / Trans-
parency Adoption Stability / Compatibility Depend-
encies / Inter-
operability Standard-
ization
Forward/
Backward Compatibility
Corruption Protection
Release Stability
Text
EPUB (underlying standard for eBooks)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Extensible Markup Language (XML)
√
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Extensible HyperText Markup Language (XHTML)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
HyperText Markup Language (HTML)
√
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Multipurpose Internet Mail Extensions (MIME)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Open Document Format (ODF)
√
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
PDF for long-term preservation: PDF-Archive (PDF/A)
√
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Rich Text Format (RTF)
x
Evaluation criterion not met √
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met x
Evaluation criterion not met x
Evaluation criterion not met
Standard Generalized Markup Language (SGML)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Text (TXT)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Audio
Broadcast Wave Format (BWF)
√
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Digital Video
JPEG 2000 MXF (MOTION JPEG 2000)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Still Images
Joint Photographic Experts Group (JPEG)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Joint Photographic Experts Group JPEG2000 (JP2)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Portable Network Graphics (PNG)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Tagged Image File Format (TIFF)
√
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
TIFF - GeoTIFF
√
Evaluation criterion fully met x
Evaluation criterion not met √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Structured Data - Database
Software Independent Archiving of Relational Databases (SIARD)
*
Evaluation criterion partially met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met *
Evaluation criterion partially met
Delimited Flat File with Data Description
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Structured Data - Statistical and Qualitative Analysis Data
Data Documentation Initiative (DDI) Version 3.0
√
Evaluation criterion fully met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Data Exchange and Conversion Utilities and Tools (DExT)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Statistical Data and Metadata Exchange (SDMX)
√
Evaluation criterion fully met *
Evaluation criterion partially met *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Delimited Flat File with Variable Description
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion *
Evaluation criterion partially met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met √
Evaluation criterion fully met
Structured Data - Scientific Data
Not applicable at this time
Geospatial Data
ISO 19115 Geographic Information – Metadata (NAP – Metadata) (North American Profile)
√$
Evaluation criterion fully met, however a cost is associated with meeting the criterion √ Evaluation criterion fully met GoC
/n.a. √
Evaluation criterion fully met
Computer-Aided Design (CAD) – Technical Drawings
Drawing Interchange File Format (DXF)
x
Evaluation criterion not met √
Evaluation criterion fully met √
Evaluation criterion fully met *
Evaluation criterion partially met
Computer-Aided Design (CAD) – CASE
XML Metadata Interchange (XMI)
√
Evaluation criterion fully met x
Evaluation criterion not met *
Evaluation criterion partially met √
Evaluation criterion fully met √
Evaluation criterion fully met
Source Code and Scripts
Not applicable at this time
--------------------------------------------------------------------------------
1 Note: Within the TDR, automatic normalization will be performed on the “acceptable for transfer” formats identified in the guidelines (conversion or migration to a “recommended” format): all other formats will be addressed on an individual case basis. Should the format prove to be a commonly used format, automated normalization/migration will be considered for future submissions.
2 www.collectionscanada.gc.ca/digital-initiatives/012018-2000.01-e.html
3 A service copy may be created as part of the acceptance/approval process or may be produced dynamically.
4 A policy addressing storage media for use in preservation is currently under development.
5 Please see Appendix C: Concepts and Definitions - Codecs.
6 www.digitalpreservation.gov/formats/intro/format_eval_rel.shtml#what
7 www.nationalarchives.gov.uk/pronom/
8 www.gdfr.info/udfr.html
9 www.digitalpreservation.gov/formats/content/content_categories.shtml
10 See Gillesse et al 2008; Rauch, Carl et al. 'File-Formats for Preservation: Evaluating the Long-Term Stability of File-Formats." Proceedings ELPUB2007 Conference on Electronic Publishing : Vienna, Austria , 2007. http://elpub.scix.net/data/works/att/122_elpub2007.content.pdf; National Archives (UK). "Selecting File Formats for Long-Term Preservation." (2003). www.nationalarchives.gov.uk/documents/selecting_file_formats.rtf; Library of Congress. "Sustainability of Digital Formats: Planning for Library of Congress Collections." (2007). www.digitalpreservation.gov/formats/sustain/sustain.shtml.
11 For geospatial information, the “acceptable for transfer” formats with asterisks will be preserved as is (not migrated) until such time as the adoption rate of the Treasury Board Secretariat (TBS) standard (identifying ISO 19115), and the avalaibility of tools supporting the standard is more fully understood (exception to preservation strategy for the near future).
Table of Contents | Next
Social Tagging (About Social Tagging)
Guidance on Managing Records in Web 2.0/Social Media Platforms
NARA Bulletin 2011-02October 20, 2010
TO: Heads of Federal Agencies
SUBJECT: Guidance on Managing Records in Web 2.0/Social Media Platforms
http://www.linkedin.com/groups/Small-Business-Globe-Mail-2639726?report%2Esuccess=78SkroH7IWfMn0aJK-N_kyozjPc00YdXbZFFCtpAsPcT0-IXiVFFyHXG84mJlxPq4FU5_D
EXPIRATION DATE: October 31, 2013
1. What is the purpose of this bulletin?
This bulletin provides guidance on managing records produced when Federal agencies use web 2.0/social media platforms for Federal business. Open and transparent government increasingly relies on the use of these technologies, and as agencies adopt these tools, they must comply with all records management laws, regulations, and policies. Successful compliance involves the active participation of agency records management staff, web managers, social media managers, information technology staff, privacy and information security staff, and other relevant stakeholders.
Monday, August 15, 2011
Department of Justice Canada
Employee records
http://laws-lois.justice.gc.ca/Search/Search.aspx?h1dd3n1d=E1%3aS4M0FMNG3M7B-15&ddC0nt3ntTyp3=Statutes&h1dd3nPag3Num=3&txtT1tl3=%22Canada+Labour+Code%22&txtS3archA11=record&h1ts0n1y=0
Basic Search
Keyword(s):
Title:
Search in:
View: Hits in Context Hits Only
Display / Hide Categories
Results 1-5 of 15
Next Results Page
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 256)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 251.14)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 125)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 87)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 252)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 249)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 135.1)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 264)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 258)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 136)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 135)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 125.1)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 146.2)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 134.1)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 16)
Employee records
http://laws-lois.justice.gc.ca/Search/Search.aspx?h1dd3n1d=E1%3aS4M0FMNG3M7B-15&ddC0nt3ntTyp3=Statutes&h1dd3nPag3Num=3&txtT1tl3=%22Canada+Labour+Code%22&txtS3archA11=record&h1ts0n1y=0
Basic Search
Keyword(s):
Title:
Search in:
View: Hits in Context Hits Only
Display / Hide Categories
Results 1-5 of 15
Next Results Page
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 256)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 251.14)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 125)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 87)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 252)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 249)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 135.1)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 264)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 258)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 136)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 135)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 125.1)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 146.2)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 134.1)
Canada Labour Code - R.S.C., 1985, c. L-2 (Section 16)
Labour Standards Keeping of Records
Ministry of Human Resources and Skills Development Canada
Employment Standard Publications
http://laws-lois.justice.gc.ca/eng/regulations/C.R.C.,_c._986/page-7.html#h-17
Pamphlet 14 - Labour Standards
Keeping of Records
Part III of the Canada Labour Code (Labour Standards)
Legislative Source
Section 24 of the Canada Labour Standards Regulations identifies the required records to be kept on file for inspection by an Inspector under the Canada Labour Code .
Employer Responsibility
Employers must keep payroll and other employment records for at least 36 months. Employers must also post an outline of the Code requirements and notices as required by law, along with an indication where one may obtain further information from the Labour Program.
1. What type of records are required that identify the employee?
You must record the name; address; social insurance number; job title; and sex of the employee to identify the employee. If the employee is under 17 years old, the age of the employee must be recorded. The start, and any end date of employment is also required.
2. What information must be kept on file for how the employee is paid?
You need to record the rate of pay and whether it is hourly/weekly/monthly/or on any other basis. If it is on any other basis, a clear explanation must be evident. In addition, any changes to the rate of pay, and effective dates, must be identified.
3. What records must be kept of actual earnings of the employee?
These records include: amounts paid each pay day; overtime payments; vacation pay; general holiday pay; bereavement leave with pay; any termination pay/pay in lieu of notice as well as any severance pay. Each pay cheque must include a statement showing the period for which the payment is made; the number of hours for which the payment is made; the rate of wages; the details of the deductions made from the wages; and the actual sum being received by the employee.
4. In what format must the pay statements be provided?
The pay statements can be provided in paper or electronic form. If the employer chooses to provide the pay statements electronically, the following means must be taken:
The employer must inform each employee where the electronic pay statements are stored, such as a website address;
The pay statement must be readable and printable only by the employee;
The pay statement must remain accessible by the employee through electronic means for a period of 3 years from the first date the electronic pay statement is made available to the employee;
The employer must provide the employee with private access to a computer and a printer.
5. What is needed in recording work hours?
Records are required which show the daily hours worked, unless the employee is excluded as a manager as provided for under the Code. If hours of work are averaged, records must include the posting of the 30 day notice, as well as identify the periods of averaging; start date of averaging; details of the reductions in hours; and the number of overtime hours paid if applicable. In the case of a modified work schedule, copies of the notice, schedules, votes and posting dates are needed.
6. How is time away from the job recorded?
For times when the employee has been granted leave, applicable records must be kept. This would include: start and end date of annual vacations; general holidays; bereavement leave; start and end dates of any maternity/parental/or maternity-related reassignment leave; sickness and work-related illness or injury absences.
7. What type of documents or notices must be kept on file?
These type of records include the identification of the employer's pay periods, any agreements relating to the postponement or waiving of vacation leave; the substitution of general holidays and related votes; notices to determine "year of employment" for vacation purposes; and notices for leave for maternity/parental leave. In the case of termination of employment, a copy of the notice of termination must be retained. If a request for a medical certificate has been made for sick leave or maternity-related matters, a copy of the certificate(s) must be kept. In cases of work-related injury or illness, detailed reasons for the absence, expected dates for return to work or notifications/reasons that employee cannot return must all be documented and maintained on file.
The following is a check-list of records required under the Canada Labour Standards Regulations .
Records Check-lists
Records Regulation
Start and end date of employment of each employee 24.(1)
Name, address, SIN, classification, sex, age if under 17 years 24.(2)(a)
Rate of wages (hourly/weekly/monthly/or other basis) and any changes in the rate 24.(2)(b)
Explanation of wages if on any other basis 24.(2)(c)
Daily hours worked (except if excluded under S.167(2) or 169 and 171) 24.(2)(d)
Earnings Records:
Records Regulation
Amounts paid each pay day 24.(2)(e)
Overtime pay recorded
Vacation pay recorded
General holiday pay recorded
Bereavement leave pay recorded
Pay in lieu of notice recorded
Severance pay recorded
Details of pay & deductions made each pay day 24.(2)(f)
Start and end date(s) of annual vacation for year of employment 24.(2)(g)
Copy of any written agreement to postpone or waive vacation[Reg.14(1)] 24.(2)(g.1)
Copy of any notice to determine "year of employment" [S.183 & Reg.12] 24.(2)(g.2)
Start and end date of maternity/parental leave and notices for such leave requests 24.(2)(h)
Start and end date of any maternity reassignment/modifications/notices 24.(2)(h.1)
General holidays granted/substitutions/votes 24.(2)(i)
If Averaging:
Records Regulation
Notice posted 24.(2)(j)
Periods of averaging
Start date of averaging
Details of reductions
Number of overtime hours paid if applicable
Employer's pay periods 24.(2)(k)
Copy of any notices of termination under Div. IX and Div. X 24.(2)(l)
Copy of employer's written request for medical certificate under Div. XIII
Copy of any medical certificates under Div. VII, XIII and XIII.1
(NOTE: The confidentiality of these documents must be maintained) 24(2)(h)
24(2)(l)
24(4)(b)
Dates of any bereavement leave granted under Div. VIII 24.(2)(m)
Copies of any notices of modified work schedules/votes/posting dates 24.(2)(n)
Detailed reasons for employee's absence due to work-related illness or injury 24.(4)(a)
Date of return to work or notification with reasons that employee cannot return 24.(4)(c)
This pamphlet is provided for information only. For interpretation and application purposes, please refer to Part III of the Canada Labour Code (Labour Standards), the Canada Labour Standards Regulations , and relevant amendments.
The number, 1-800-641-4049, offers 24-hour bilingual information on the Directorate's programs and services and provides a single point of contact for our clients and Canadians.
You can order this pamphlet by contacting:
Publications Services
Human Resources and Skills Development Canada
140 Promenade du Portage
Phase IV, 12th Floor
Gatineau, Québec
K1A 0J9
Fax: 819-953-7260
Online: Publication Search / Publication Management and Planning System (PMPS)
This document is available on demand in alternative formats (Large Print, Braille, Audio Cassette, Audio CD, e-Text Diskette, e-Text CD, or DAISY), by contacting 1 800 O-Canada (1 800-622-6232). If you have a hearing or speech impairment and use a teletypewriter (TTY), call 1 800 926 9105.
© Her Majesty the Queen in Right of Canada, 2010
Print
Cat. No.: HS23-2/14-2010
ISBN: 978-1-100-52093-3
PDF
Cat. No.: HS23-2/14-2010E-PDF
ISBN: 978-1-100-16477-9
Full text of this pamphlet in PDF (75 KB)
To access the Portable Document Format (PDF) version you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet:
Adobe Reader
Foxit Reader
Xpdf
eXPert PDF Reader
Employment Standard Publications
http://laws-lois.justice.gc.ca/eng/regulations/C.R.C.,_c._986/page-7.html#h-17
Pamphlet 14 - Labour Standards
Keeping of Records
Part III of the Canada Labour Code (Labour Standards)
Legislative Source
Section 24 of the Canada Labour Standards Regulations identifies the required records to be kept on file for inspection by an Inspector under the Canada Labour Code .
Employer Responsibility
Employers must keep payroll and other employment records for at least 36 months. Employers must also post an outline of the Code requirements and notices as required by law, along with an indication where one may obtain further information from the Labour Program.
1. What type of records are required that identify the employee?
You must record the name; address; social insurance number; job title; and sex of the employee to identify the employee. If the employee is under 17 years old, the age of the employee must be recorded. The start, and any end date of employment is also required.
2. What information must be kept on file for how the employee is paid?
You need to record the rate of pay and whether it is hourly/weekly/monthly/or on any other basis. If it is on any other basis, a clear explanation must be evident. In addition, any changes to the rate of pay, and effective dates, must be identified.
3. What records must be kept of actual earnings of the employee?
These records include: amounts paid each pay day; overtime payments; vacation pay; general holiday pay; bereavement leave with pay; any termination pay/pay in lieu of notice as well as any severance pay. Each pay cheque must include a statement showing the period for which the payment is made; the number of hours for which the payment is made; the rate of wages; the details of the deductions made from the wages; and the actual sum being received by the employee.
4. In what format must the pay statements be provided?
The pay statements can be provided in paper or electronic form. If the employer chooses to provide the pay statements electronically, the following means must be taken:
The employer must inform each employee where the electronic pay statements are stored, such as a website address;
The pay statement must be readable and printable only by the employee;
The pay statement must remain accessible by the employee through electronic means for a period of 3 years from the first date the electronic pay statement is made available to the employee;
The employer must provide the employee with private access to a computer and a printer.
5. What is needed in recording work hours?
Records are required which show the daily hours worked, unless the employee is excluded as a manager as provided for under the Code. If hours of work are averaged, records must include the posting of the 30 day notice, as well as identify the periods of averaging; start date of averaging; details of the reductions in hours; and the number of overtime hours paid if applicable. In the case of a modified work schedule, copies of the notice, schedules, votes and posting dates are needed.
6. How is time away from the job recorded?
For times when the employee has been granted leave, applicable records must be kept. This would include: start and end date of annual vacations; general holidays; bereavement leave; start and end dates of any maternity/parental/or maternity-related reassignment leave; sickness and work-related illness or injury absences.
7. What type of documents or notices must be kept on file?
These type of records include the identification of the employer's pay periods, any agreements relating to the postponement or waiving of vacation leave; the substitution of general holidays and related votes; notices to determine "year of employment" for vacation purposes; and notices for leave for maternity/parental leave. In the case of termination of employment, a copy of the notice of termination must be retained. If a request for a medical certificate has been made for sick leave or maternity-related matters, a copy of the certificate(s) must be kept. In cases of work-related injury or illness, detailed reasons for the absence, expected dates for return to work or notifications/reasons that employee cannot return must all be documented and maintained on file.
The following is a check-list of records required under the Canada Labour Standards Regulations .
Records Check-lists
Records Regulation
Start and end date of employment of each employee 24.(1)
Name, address, SIN, classification, sex, age if under 17 years 24.(2)(a)
Rate of wages (hourly/weekly/monthly/or other basis) and any changes in the rate 24.(2)(b)
Explanation of wages if on any other basis 24.(2)(c)
Daily hours worked (except if excluded under S.167(2) or 169 and 171) 24.(2)(d)
Earnings Records:
Records Regulation
Amounts paid each pay day 24.(2)(e)
Overtime pay recorded
Vacation pay recorded
General holiday pay recorded
Bereavement leave pay recorded
Pay in lieu of notice recorded
Severance pay recorded
Details of pay & deductions made each pay day 24.(2)(f)
Start and end date(s) of annual vacation for year of employment 24.(2)(g)
Copy of any written agreement to postpone or waive vacation[Reg.14(1)] 24.(2)(g.1)
Copy of any notice to determine "year of employment" [S.183 & Reg.12] 24.(2)(g.2)
Start and end date of maternity/parental leave and notices for such leave requests 24.(2)(h)
Start and end date of any maternity reassignment/modifications/notices 24.(2)(h.1)
General holidays granted/substitutions/votes 24.(2)(i)
If Averaging:
Records Regulation
Notice posted 24.(2)(j)
Periods of averaging
Start date of averaging
Details of reductions
Number of overtime hours paid if applicable
Employer's pay periods 24.(2)(k)
Copy of any notices of termination under Div. IX and Div. X 24.(2)(l)
Copy of employer's written request for medical certificate under Div. XIII
Copy of any medical certificates under Div. VII, XIII and XIII.1
(NOTE: The confidentiality of these documents must be maintained) 24(2)(h)
24(2)(l)
24(4)(b)
Dates of any bereavement leave granted under Div. VIII 24.(2)(m)
Copies of any notices of modified work schedules/votes/posting dates 24.(2)(n)
Detailed reasons for employee's absence due to work-related illness or injury 24.(4)(a)
Date of return to work or notification with reasons that employee cannot return 24.(4)(c)
This pamphlet is provided for information only. For interpretation and application purposes, please refer to Part III of the Canada Labour Code (Labour Standards), the Canada Labour Standards Regulations , and relevant amendments.
The number, 1-800-641-4049, offers 24-hour bilingual information on the Directorate's programs and services and provides a single point of contact for our clients and Canadians.
You can order this pamphlet by contacting:
Publications Services
Human Resources and Skills Development Canada
140 Promenade du Portage
Phase IV, 12th Floor
Gatineau, Québec
K1A 0J9
Fax: 819-953-7260
Online: Publication Search / Publication Management and Planning System (PMPS)
This document is available on demand in alternative formats (Large Print, Braille, Audio Cassette, Audio CD, e-Text Diskette, e-Text CD, or DAISY), by contacting 1 800 O-Canada (1 800-622-6232). If you have a hearing or speech impairment and use a teletypewriter (TTY), call 1 800 926 9105.
© Her Majesty the Queen in Right of Canada, 2010
Cat. No.: HS23-2/14-2010
ISBN: 978-1-100-52093-3
Cat. No.: HS23-2/14-2010E-PDF
ISBN: 978-1-100-16477-9
Full text of this pamphlet in PDF (75 KB)
To access the Portable Document Format (PDF) version you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet:
Adobe Reader
Foxit Reader
Xpdf
eXPert PDF Reader
Subscribe to:
Posts (Atom)