<

Hanzo: What Courts and Regulators Look For in a Web Archive, and What Makes One Hold Up

Hanzo

Extract from Hanzo’s article, “What Courts and Regulators Look For in a Web Archive, and What Makes One Hold Up.”

When a regulatory inquiry arrives covering a 90-day period of customer-facing web content, the first task for the responding team is to pull the archive. What compliance teams often find is a folder of static screenshots, some captured from staging environments rather than production, some taken days after the relevant content had changed. None carry metadata that would allow outside counsel to certify their authenticity.

The gap between what a firm believes it has preserved and what it can produce under review is where archiving failures become legal production problems.

Key Takeaways

  • Screenshots can be admitted as evidence of website content only with authenticating witness testimony; they carry no metadata supporting self-authentication
  • Under Federal Rules of Evidence 902(13) and 902(14), hash-verified electronic records offered in court qualify for self-authentication by written certification, without a foundation witness
  • SEC Rule 17a-4(b)(4) requires broker-dealers to retain business communications, including website content subject to communications-with-the-public rules, for at least three years, the first two in an easily accessible place
  • A defensible web archive carries a documented capture timestamp, SHA-256 hash verification, and storage meeting Rule 17a-4(f), either WORM media or a full audit-trail system
  • Hanzo Chronicle preserves full pages as WARC files on WORM storage and replays them as the live site appeared on the capture date

Read more here

ACEDS