The International Commission on Civil Status,

Noting that measures are being taken in several member States to computerise the operation of civil registration departments,

Considering it desirable that these measures be implemented in such a way as to guarantee the reliability of the processed data, ensure respect for the privacy of the persons to whom those data relate and facilitate the exchange of information on civil status at national and international level,

1. Recommends that the member States take the steps needed to ensure that the setting up, use and any modification of systems for the automatic processing of civil status data satisfy the following conditions:

(a) Any system for the automatic processing of civil status data must meet well-defined requirements in respect of material protection. These requirements concern, inter alia, protection of premises, provision of a "top security" area, fire detection and extinction systems and protection against cuts in the electric power supply. Several back-up copies of the computer media containing the data must be kept in a safe place. Moreover, the number of events registered must be counted periodically and procedures for checking the permanence of data and conformity tests on programmes must be followed and carried out at regular intervals.
(b) Access to and the use and updating of civil status data registered on computer must be subject to specific controls and take place under the supervision of the civil registrar.
(c) Everyone is entitled to take cognisance of and, if necessary, have corrections made to civil status data concerning him or her registered on computer.
(d) The communication to third parties of civil status data or sets of civil status data registered on computer must be subject to the rules applicable to the accessibility to the public of civil status records.

2. Recommends that copies and extracts produced by means of a system complying with the conditions set out in Article 1 above be accepted in member States in the same way as documents the conformity whereof with the original record on paper has been verified.

3. Recommends that systems for processing civil status data be programmed to translate information coded pursuant to a codification approved by the International Commission on Civil Status.

4. Recommends that when setting up systems for the automatic processing of civil status data, member States ensure that the systems are compatible with those used in the other member States.

5. Recommends that the communication by one member State to another of civil status data registered on computer be effected in conformity with the rules on the accessibility to the public of records that are in force in the State which registered those data.

Since the beginning of the 1980s the attention of the International Commission on Civil Status has been drawn to the practical and legal consequences of the gradual introduction into its member States' civil registration departments of new techniques aimed at facilitating management and increasing the efficiency of the civil registrar's work. Several international instruments drafted by the ICCS in recent years indirectly reflect this concern. Article 5 of the Recommendation relating to the accessibility to the public of civil status registers and records, adopted by the General Assembly in Rome on 5 September 1984, provides that records shall, whenever possible, be made on forms which can be reproduced in part. This Article foreshadows the work on harmonisation of civil status records and extracts that was undertaken at a later date and led to the adoption of two recommendations: one in Lisbon on 10 September 1987 and the other in Madrid on 7 September 1990. The studies carried out in these fields as well as the advent of the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data, followed by the entry into force in several member States of legislation implementing that Convention, have played an important role in the ICCS's decision to examine in greater depth the legal aspects of computerising civil registration. Its work has been focused on the legal framework of such an operation as well as the legal problems which may be occasioned by the establishment of records by automated means, the updating and correction of those records and the use of civil status data registered on computer. This examination led to the drafting of a Recommendation with a twofold objective: to establish the minimum technical criteria to be met in the setting up and functioning of any computerised civil registration system and to lay down some standards to govern the communication of civil status data registered on computer, both within a member State and beyond its borders.

Computerisation has repercussions at various levels in the running of a civil registration department. It concerns, amongst other things, the automated search of records by means of a permanent index and the preparation of indexes, the compilation and updating of the records themselves and the automated production of copies and extracts.

A first conclusion was that, given the current state of development of technology and domestic law in all the member States, it remains vital for the original record to be drawn up and kept on paper. This is because the signatures of the parties and that of the civil registrar are still essential elements in the authenticity of the records. The ICCS nevertheless appreciated that computerisation really bears fruit only when the data in the records are entered on computer and copies and extracts are produced directly from the memorised data. Current legislation requires - or at least presupposes - the verification of all copies and extracts against the original record. This must be done before the document can be certified as a true copy by the civil registrar. It is obvious that eliminating this verification would save a great deal of work. For this reason, the main questions the ICCS examined are which technical conditions must be imposed on a computerised civil registration system in order to ensure that registration is sufficiently reliable, which rules must govern access to the data so registered and on which conditions the data are to be updated without adversely affecting their reliability.

In order to find the answer to these questions, the ICCS sought information on the features of systems which have been operational for some time and have been found to function satisfactorily. The technical standards set out in Article 1 (a) are the result of the analysis of those systems. They concern in the first place protection mechanisms directly related to the running of any computer service (protection of premises, provision of a "top security" area for storing files, fire detection and extinction systems and protection against cuts in the electric power supply).

Safety mechanisms of a more specific nature concern the reliability of civil status data. One such mechanism is aimed at preserving the computer media. It is vital that several back-up copies (at least three) are kept up-to-date and preserved so that, in the event of an incident, the files in question may be reconstituted. The copies must be kept in different places (computer room, "top security" area and armoured fire safe).

A second type of safety mechanism consists of ensuring the monitoring of the number of events registered in order to check that none of them has been erased. In this way, lists can be drawn up each day of the different types of records and annotations made.

The third type of safety mechanism consists of making sure that memorised data are not altered by deformation of the magnetic fields, by deliberate falsification, etc. It should be pointed out that calculations based on each of the characters used and their respective position in the text of the record may be carried out by computer. This check may be applied at random or at fixed times and will show up any amendment, even of a single letter. It operates regardless of the type of medium and can be used in any computer system.

The fourth and final security check consists of planning periodic tests of programme conformity.

Article 1 (b) concentrates on the conditions of access to civil status data processed by computer, their use and their updating. The ICCS considers that access to the computerised system must be subject to specific controls depending on the means of transmitting data. These controls must be more rigorous when transmission takes place on networks made available to several users. They also depend on the way the computer is used. Control methods may include passwords, selective access, systems for identifying a terminal user and systems for detecting intrusions and automatically cutting off the connection.

Access must be restricted to authorised staff working under the supervision of the civil registrar. The Recommendation does not, however, exclude computerised systems which also allow direct access by the person concerned, if it is effected by means of a computer document issued under the supervision of the civil registrar or other competent authorities.

Article 1 (c), which concerns the right to take cognisance of and have corrections made to civil status data registered on computer, was modelled on Article 8 of the aforementioned Council of Europe Convention. It was included in the Recommendation in order to make it clear that this right is separate from the right to obtain the correction of data contained in a record. A mistake found in the registration on computer which is not a mistake in the record itself should be capable of rectification at the request of the person concerned, without his or her resorting to the legal procedure laid down for the correction of records.

Article 1 (d) concerns the communication of data registered on computer to third parties. This provision covers not only individual requests for copies or extracts but also the systematic transmission of data to other departments or institutions. It is a reminder that these transmissions may not take place unless they are regulated or authorised and that they are subject to the normal restrictions intended to ensure protection of the privacy of those concerned. Reference should be made notably to the aforementioned Recommendation relating to the accessibility to the public of civil status registers and records.

Provided that all the safety measures listed in Article 1 are applied, the reliability of registration on computer may be considered sufficient to guarantee the conformity of documents produced directly from the memorised data. Accordingly, the content of these documents may be relied upon and their comparison with the data in the original record is no longer necessary. It should be stressed, however, that the civil registrar whose signature appears on the document produced by computerised methods retains responsibility. Article 2 recommends that copies and extracts produced by a computerised system be accepted in all member States. This entails the adaptation of member States' legislation or domestic regulations. Such a step should be taken only when the computerised systems of the civil registration departments of the State concerned meet all the reliability criteria set out in Article 1.

Work is being carried out within the ICCS in order to establish a codification of the information given in civil status records. It was deemed expeditious to express in this Article the wish that, when the time comes, the member States' civil registration departments should be equipped for carrying out the automatic translation of coded information.

Although at the present time it is difficult to make forecasts about future developments, the ICCS foresees a situation where the civil registration departments of different States will be able to exchange directly data registered on computer. It therefore recommends that the international compatibility of systems be taken into consideration when decisions are being made as to the choice of computer equipment to be installed in member States' civil registration departments.

This Article is a reminder that, with the aim of protecting the privacy of the persons concerned, transborder communication of civil status data registered on computer is subject to the same restrictions as transmissions carried out within the State where those data were registered. Article 5 is derived from the rules set out in Article 12, paragraphs 2 and 3, of the aforementioned Council of Europe Convention.