Canada’s plethora of recordkeeping and archiving regulations are considered as among the most complex. Similar to the archiving laws in the United States and European countries, the legislation surrounding the requirement for organizations in Canada to maintain electronic records of their official business communications continues to evolve.
At both the federal and provincial levels and within industry groups, these archiving requirements play a crucial role in maintaining accountability, transparency, and business continuity in the government and private business sector. These regulations are also regularly updated to address the challenges associated with the digital era and mobile-based communications technology, including instant messaging and social media.
Many Canadian industries and institutions are obligated to record mobile text messages and capture and monitor phone calls under various federal overarching rules. The recordkeeping requirements in Canada are mainly driven by the following laws:
- Financial Administration Act
The Financial Administration Act obliges government organizations relevant to the financial administration of the Government of Canada to capture, organize, maintain, and preserve all business-related recording including mobile SMS and voice calls that contains corporate information or data used to make a decision or to initiate an action.
- Library and Archives of Canada Act
The Library and Archives of Canada Act is the legislation that implies on the libraries and Archives of Canada (LAC). To meet legislative requirements, the Libraries and Archives Canada issues a disposition authorizations to enable government institutions to dispose of records, including electronic communications, which no longer have operational value, either by permitting their destruction (at the discretion of institutions), by requiring their transfer to Library and Archives Canada or by agreeing to their alienation from the control of the Government of Canada (GC).
- Access to Information Act
The Access to Information Act is Canada’s counterpart of the U.S.’ Freedom of Information Act (FOIA).
On the federal level, the Access to Information Act, and its accompanying Privacy Act requires federal bodies to provide the requested public records within a maximum of 30 days. The exemptions to the Access to Information Act are limited and specific, and the decisions on the disclosure of government information (refusal of access) are reviewed by an independent body, the Office of the Privacy Commissioner of Canada.
The Access to Information Act defines “record” as any documentary material, regardless of medium and form. This includes mobile SMS, MMS, voice calls, email, Instant Messages (IMs) such as WhatsApp, video calls, social media posts, among others.
Check out our previous blog to learn more about the application of the Access to Information Act at the federal and provincial levels.
Aside from these laws, there are other recordkeeping regulations and directives that oblige industry verticals to record mobile text messages and monitor phone calls.
- Directive on Service and Digital
On April 1, 2020, the Directive on Service and Digital went into effect, replacing and consolidating several policies on how organizations in Canada must manage service delivery, information and data, information technology, and cybersecurity. This directive applies to departments as defined in Section 2 of the Financial Administration Act, except to those excluded by other acts, regulations, or orders in council.
Under this directive, organizations must identify, establish, implement, and maintain corporate repositories in which information of business value is managed throughout its life cycle while respecting privacy and security requirements
Organizations must also ensure that their information management systems are built to create, capture, and manage data, as well as equipped with features that can store, search, and retrieve data in all formats.
- Canada Energy Regulator
The Canada Energy Regulator implements record retention requirements that oblige utility, oil, and gas companies to retain documents related to their operations from a period ranging from one month to five years.
- Canada Evidence Act
The Canada Evidence Act rules in evidence admissibility state that parties should take reasonable and good faith steps to meet their obligations to preserve information relevant to a case. The producing party is responsible for retrieving relevant records and information demand by the discovering party. As a general principle, the captured text message is discoverable and can be requested by courts for as long as it exists.
- CCPSA
The Canada Consumer Product Safety Act (CCPSA) obliges industries to keep and maintain certain documents. According to this law, “Any person who manufactures, imports, advertises, sells or tests a consumer product for commercial purposes shall prepare and maintain:
A) Documents that indicate:
– In the case of a retailer, the name and address of the person from whom they obtained the product and the location where and the period during which they sold the product, and
– In the case of any other person, the name and address of the person from whom they obtained the product or to whom they sold it, or both, as applicable; and
B) The prescribed documents.
- IIROC
The IIROC Rule 29.7 specifies the rules requiring firms to archive written business communications (advertisements, sales literature, and correspondence) and supervise employees.
Under this rule, firms must retain records relating to their business activities, financial affairs, client transactions, and communication for five years from the date of creation. Additionally, all sales literature and related documents must be retained for two years from the date of production. Archived sales literature and correspondence must be readily available for inspection by the Association at any time.
Learn more about IIROC and its fines for non-compliance in our previous blog.
- EDRMS
The Standard for Electronic Documents and Records Management Solutions (EDRMS) is a set of requirements that applies to departments defined in Section 2 of the Financial Administration Act. This standard generally requires organizations to ensure that the Electronic Document and Records Management (EDRM) solutions can maintain appropriate contextual information (metadata) and enable organizations to access, use and dispose of records (i.e., their retention, destruction or transfer) in a managed, systematic and auditable way to ensure accountability, transparency and meet departmental business objectives.
- PHIPA
The Personal Health Information Protection Act (PHIPA) is the health information protection law in the province of Ontario, Canada. Under this regulation, any entity that possesses or maintains healthcare-related information to manage this content securely and to ensure that healthcare records are “retained, transferred and disposed of securely” (2004, c. 3, Sched. A, s. 13 (1).
Amendments made in 2016 added specific requirements to the Act concerning the management of electronic health records. The Personal Information Protect Act (PIPA) – which applies to organizations in Alberta, British Columbia, Ontario, and Quebec – includes similar types of provisions.
- CSIS
The people who work at Canada Security Intelligence Service (CSIS) collect information in Canada and abroad and use it as the basis for providing security advice to the Government of Canada. There are, however, several requirements that the Service should follow to ensure that the data collection is following the federal laws.
Section 12(1) states that the Service shall “Service shall collect, by investigation or otherwise, to the extent that it is strictly necessary, and analyze and retain information and intelligence respecting activities that may on reasonable grounds be suspected of constituting threats to the security of Canada and, with that, shall report to and advise the Government of Canada.
With TeleMessage, regulated entities can effectively comply with recordkeeping and archiving laws in Canada, including IIROC text archiving requirements, and other financial and government regulations requiring companies and agencies to record mobile text messages and monitor phone calls. The TeleMessage Mobile Archiver is an enterprise messaging app that effectively addresses compliance, regulatory, public records request response requirements, and reduces risk across the public sector.
TeleMessage’s Mobile Archiver solutions can record SMS messages, record voice calls, and other mobile content such as MMS and WhatsApp chats and calls from corporate or BYOD mobile phones. Messages are securely and reliably retained within TeleMessage servers or forwarded to an archiving data storage vendor of your choice.
Our mobile archiving products securely capture content from mobile carriers and mobile devices for a variety of ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website today at www.telemessage.com to learn more about our mobile archiving products
Sources:
https://laws-lois.justice.gc.ca/eng/acts/F-11/index.html
https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601
https://laws-lois.justice.gc.ca/eng/acts/a-1/page-1.html
http://www.iiroc.ca/Documents/2011/dbed7d6a-ed1c-4a8b-b3d9-bef60412aa27_en.pdf
https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=18910
https://www.ontario.ca/laws/statute/04p03#BK12
https://laws-lois.justice.gc.ca/eng/acts/c-23/FullText.html
https://laws-lois.justice.gc.ca/eng/acts/c-1.68/
https://laws-lois.justice.gc.ca/eng/acts/c-5/fulltext.html
https://laws-lois.justice.gc.ca/eng/regulations/sor-99-294/page-5.html
