Directors and public officials are responsible for exercising control and management over their respective organisations. In so doing they are expected to meet acceptable standards of care and diligence.

Due diligence involves identifying risk including information and technology risk. If the information in the systems is not trustworthy, the system is unreliable and/or the information is not available, then accurate reporting will not be possible. In turn, without proper access to the right information, by the right people at the right time, sound decision-making is undermined.

Due care involves addressing risk as a reasonable person by taking action to accept, avoid, mitigate or transfer risk.

Almost every aspect of private and public sector organisational functions today dependent upon information and information systems. Information relating to the internal and external life of an organisation is largely processed (received, created, stored and disposed of) electronically. This is why electronic law applies to any industry and every service sector.

Because electronic information is easy to access and easy to change even without authority, stringent requirements must be imposed to secure the confidentiality, integrity and availability of information because where evidence is required, it is required to be relevant, reliable and legally obtained. It must be trustworthy.

In many cases the law requires a higher standard of integrity (trustworthiness), authenticity (people and information are who and what they purport to be) and non-repudiation (accountability) to be demonstrated where electronic evidence is at issue.

Directors and public officials who do not respond appropriately may be held accountable.