The E-Court of Haripur was inaugurated by Judge Muneera Abbasi at District and Session Court in Haripur to facilitate citizens to record statement through videoconferencing and in time delivery of justice.
By Syeda Uzma Gardazi
The E-court will make use of online communication. If some witness cannot come to the court (for instance the elderly or disabled, or an overseas witness), the court can record their statements online. E-court is an encouraging step to provide speedy justice to everyone but information security role shall be considered to enhance confidentiality, integrity and availability of E-court confidential data.
This article will provide guideline for E-court system within Pakistan. I would like to suggest that judicial system should consider information security related practices and review/revise existing legislations to accommodate e-court requirements. A few suggestions are listed below:
- Existing documentation and record retention regulation should be reviewed to address and manage E-court record statements. It is suggested that E-court record statement shall be maintained for a period of not less than six (6)years from the date of document was created or was last in effect.
- Access means the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource for E-court proceeding.
- The connection used for E-Court shall be encrypted and consistent with National Institute of Standards and Technology (NIST) Special publication 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementation; 800-77, Guide of IPSec VPNs, or 800-113, Guide to SSL VPNs, and may include others which are Federal Information Processing Standards (FIPs) 140-2 validated.
- Valid encryption process for data at rest (i.e. data that resides in databases, file systems and other structured storage systems) are consistent with NIST Special publication 800-11, Guide to Storage Encryption Technologies for End User Devices.
- Court shall train all members of its workforce on the policies and procedure with respect to information as necessary and appropriate for the members to carry out their job responsibilities. Further, court should in place sanctions against members of its workforce who fail to comply with privacy and security policies and procedures.
- A written request must be submitted to the Court for disclosure of record statement. The request form must be maintained and indexed for a minimum of six (6) years.
- A breach of record statement shall be treated and notice shall be provided to the court and affected individuals. Further, all documentation related to the breach investigation, including the risk assessment, shall be retained for a minimum of six years.
- The media on which E-court statements are recorded shall be destroyed in following ways:
- Paper, film, or other hard copy media have been shredded or destroyed such that the confidential information cannot read or otherwise cannot be reconstructed. Redaction is specifically excluded as a means of data destruction.
- Electronic media have been cleared, purged, or destroyed with consistent NIST Special Publications, 800-88, Guidelines for Media Sanitization, such that the confidential information cannot be retrieved.
About the Author: Syeda Uzma Gardazi brings an uncommon background as information security, Media, lecturer, Coordinator and compliance professional to the service. She obtained my MS (CS) degree from National University of Emerging and Computer Sciences (NUCES/FAST-NU). With more than 7 years of teaching experience and 7 years of industry experience, she is skilled in analyzing, developing, optimizing information security laws & standards compliance in addition to providing guidance to students academically and working on managerial positions e.g. information security manager etc. in an academic or private institutions. Her time in the industry was spent on implementation and insurance of ISO 9001, ISO 27001, Payment Card Industry – Data Security Standard (PCI-DSS), and Health Insurance Portability and Accountability Act (HIPAA) at a US based company with offices on four continents. She has developed an in-depth knowledge of data security laws and protocols, i.e., HIPAA/HITECH/ISO 27001/ISO 9001, and served as the primary resource on standard and regulatory developments in this area. Additionally, she have taught and managed different types of Computer Science and Information Technology related courses at different reputed universities and organizations such as; FAST-NU or NUCES, BIIT, WUAJK, NICON, CIT and UAAR etc. as Lecturer, Assistant Lecturer and Coordinator, having more than 7 years of experience. Her combined experience as information security strategist, compliance and teaching professional makes her an ideal candidate for Information Security, Software Architecture and Compliance related process management.
Author: Syeda Uzma Gardazi (Coordinator CS&IT Department Women University AJK, Bagh)