Digital Signatures The Law and Best Practices for Compliance. January 2014



Similar documents
Top Ten Tips for Selecting the Right Digital Signature Solution for Your Organization

CoSign by ARX for PIV Cards

Issues to Address: The Privacy Concerns of Individuals

Moving Towards an Electronic Real Estate Transaction

Electronic Signature Recordkeeping Guidelines

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. 15 USC 7001 et. seq. (E-SIGN) and

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

CHAPTER 6. UNIFORM ELECTRONIC TRANSACTIONS ACT

Ericsson Group Certificate Value Statement

HIPAA and Beyond: The Evolving Landscape of Health Privacy

Title. This chapter may be cited as the "Uniform Electronic Transactions Act." TOC

ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. NASD Rules 3010(d) and 3110(c)(1)(C) SEC Rule 17a-4 15 USC 7001 et. seq. (E-SIGN)

CoSign for 21CFR Part 11 Compliance

whitepaper THE ESIGN ACT Harnessing New Hiring Efficiencies with Electronic Signatures

PENNSYLVANIA STATUTES TITLE 73. TRADE AND COMMERCE CHAPTER 41. REGULATORY ELECTRONIC TRANSACTIONS CHAPTER 1. PRELIMINARY PROVISIONS

White Paper. The E-Sign Act. Use and enforceability of identifiers, passwords and personal identification numbers as signatures

Electronic and Digital Signatures

Electronic And Digital Signatures

Automation for Electronic Forms, Documents and Business Records (NA)

Use of Check Images By Customers of Financial Institutions. Version Dated: July 14, 2006

Independent Insurance Agents & Brokers of Louisiana 9818 Bluebonnet Boulevard Baton Rouge, Louisiana

The Ultimate Guide to Digital Signatures

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

10 Tips for Selecting the Best Digital Signature Solution

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS

E-Signature Adoption Trends

Electronic Signature: Increasing the Speed and Efficiency of Commercial Transactions

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

LEGAL UPDATE October 14, 2008 Ashley Strauss-Martin, RANM Legal Hotline and Forms Attorney

NC General Statutes - Chapter 66 Article 40 1

Article. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.

Alfresco CoSign. A White Paper from Zaizi Limited. March 2013

NEW MEXICO STATUTES ANNOTATED CHAPTER 14. RECORDS, LEGAL NOTICES AND OATHS ARTICLE 9A. UNIFORM REAL PROPERTY ELECTRONIC RECORDING ACT

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Digital Signatures for SharePoint

ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM

ELECTRONIC SIGNATURES AND ELECTRONICALLY SIGNED RECORDS

erecording Best Practices for Recorders

Cross-Media Electronic Reporting Regulation (CROMERR)

ComSignTrust e-signing Solutions

AlphaTrust PRONTO Enterprise Platform Product Overview


A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

Demystifying Digital Signature Usage for Global Business

CoSign Digital Signatures and Alfresco at ERT. VP, EMEA Sales CoSign by ARX

Montana Code Annotated 2011 Title 30, chapter 18, part 1 Electronic Signatures

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Business Issues in the implementation of Digital signatures

Electronic Signature of Retirement Plan Documents

ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT

CHAPTER 116. C.12A:12-1 Short title. 1. This act shall be known and may be cited as the "Uniform Electronic Transactions Act."

CITY OF PALO ALTO OFFICE OF THE CITY ATTORNEY

Effective Electronic Delivery and Execution of Documents Required under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA")

Why Use Electronic Transactions Instead of Paper? Electronic Signatures, Identity Credentialing, Digital Timestamps and Content Authentication

1 L.R.O Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS

DocuSign Presentation CUNA Lending Council. Greg E. Cook Georgia s Own Credit Union Atlanta, GA November 2013

Guidelines for the use of electronic signature

retained in a form that accurately reflects the information in the contract or other record,

January 30, 2014 Mortgagee Letter

USE OF DIGITAL SIGNATURES IN COMMUNICATIONS WITH PUBLIC ENTITIES IN CALIFORNIA

Secured Signing for Documents

Certificate Policies and Certification Practice Statements

AN ACT RELATING TO ELECTRONIC TRANSACTIONS; ENACTING THE UNIFORM ELECTRONIC TRANSACTIONS ACT; ESTABLISHING STANDARDS FOR THE

Innovations in Digital Signature. Rethinking Digital Signatures

IBM esignature overview

Digital Signature Policy Guidelines. Version 1.1. March Contains corrected links to documents

California Uniform Electronic Transactions Act (UETA)

Identity Management & Digital Signatures in the BioPharmaceutical Industry John Hendrix; Program Director CTST 2009

Legal Status of Qualified Electronic Signatures in Europe

Future directions of the AusCERT Certificate Service

Qualified Electronic Signatures Act (SFS 2000:832)

WACOM esignature Solutions

Transcription:

Digital Signatures The Law and Best Practices for Compliance January 2014

Electronic/Digital Signature Legislation Disclaimer: ARX is not is not a law firm and does not provide legal advice. We make no warranty, express or implied, concerning any interpretation of laws and regulations or its reliability as presented here or of the content on websites cited in this presentation.

Electronic Signatures Legally defined as an electronic sound, symbol (e.g., a graphic representation of a person in JPEG file), or process, attached to or logically associated with a record, and executed or adopted by a person with the intent to sign the record. Some of the solutions that fit this legal definition can be very problematic with regards to maintaining integrity and security, and especially a good business policy or practice.

Digital Signatures Digital signatures, often referred to as advanced or standard electronic signatures, provide the highest form of signature and content integrity as well as universal acceptance. Digital signatures help organizations sustain signer authenticity, accountability, data integrity, and non-repudiation (a signer cannot later deny their participation in a transaction they signed) of electronic documents and forms.

US/EU Federal and State Statutes Uniform Electronic Transactions Act (UETA) 1999 Electronic Signatures in Global and National Commerce Act (E-Sign) 2000 The Electronic Identification and Trust Services for Electronic Transactions in the Internal Market (eidas) Regulation - 2014

US: Uniform Electronic Transactions Act (UETA) UETA - http://www.law.upenn.edu/bll/archives/ulc/fnact99/1990s/ueta99.htm SECTION 7. LEGAL RECOGNITION OF ELECTRONIC RECORDS, ELECTRONIC SIGNATURES, AND ELECTRONIC CONTRACTS. (a) record or signature may not be denied legal effect or enforceability solely because it is in electronic form; (b) A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation; (c) If a law requires a record to be in writing, an electronic record satisfies the law; (d) If a law requires a signature, an electronic signature satisfies the law.

US: E-Sign Act ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT (aka E-Sign) at: http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106 Mirrors various provisions of UETA (which preceded it) section a) says electronic signatures and documents are legal; section b) this act does not override other acts that may mandate use of paper-based transactions; section c) Consents outlines what the parties must agree, and declare they agree(d), to use of electronic signatures/contracts between them; important in consumer-focused transactions.

US: State Compliance with UETA 46 US States (+ DC, Puerto Rico, and the Virgin Islands) have adopted UETA. http://www.ncsl.org/programs/lis/cip/ueta-statutes.htm Georgia; Illinois; New York; Washington have other statutes pertaining to electronic transactions (GA: Ga. Code Ann., 10-12-1; IL: 5 ILCS 175/1-101; NY: NY CLS State Technology 301 et seq.; WA: http://apps.leg.wa.gov/rcw/default.aspx?cite=19.34 ) The US Federal Act, E-Sign, governs if disputes cannot be settled at the state level. Note: US courts seem to be so routinely admitting electronic signatures due to the E-Sign Act that it is unnecessary for them to write a written opinion actually going through the analysis under the statute. In a sense, the statute is doing its job by obviating the need for any court to think twice about whether an electronic signature could be admissible (assuming it met all the other rules of evidentiary procedure).

EU: Regulation for Electronic/Digital Signatures The Electronic Identification and Trust Services for Electronic Transactions in the Internal Market (eidas) Regulation approved by the EU Council in July 2014: Explicitly endorses a remote (or server-side) signing model as one that is as legally binding as the smartcard model based on the following stipulations: The system must ensure the signatory s sole control over the use of the signatory s personal signature key. The system must conform with the security standards as defined by ETSI and CEN. Allows remote digital signing from any user device including smartphones, tablets and PCs. Compulsory for all EU member states (a solution certified by one state is applicable across the EU).

Legal Summary US and EU law accept electronic/digital signatures but do not state specific technology choices. US law allows for a broad definition of electronic signatures. EU law narrows the definition and implies that digital signatures should be used. Regulations in specific industries tend to lean toward digital signatures. The courts are concerned with: Admissible evidence Was a policy/procedure followed consistently in the execution of routine business?

Best Practices for Digital Signature Deployment A legally enforceable digitally signed record should address the issues that concern the courts in this regard The record can be considered admissible evidence only if it is: Attached to signed information Uniquely linked to the signer Capable of identifying the signer Verifiable by anyone at anytime Created using means that the signer maintains under his/her control Capable of easily showing anyone at any time that changes have been made to the signed information The record was created in the execution of routine business while consistently following the relevant organizational policy/procedure: Digital signing should be part of a standard automated organizational policy/process There should be a clear audit track

When are Digital Signatures Required? A legally enforceable digitally signed record should address the issues that concern the courts in this regard The record can be considered admissible evidence only if it is: Attached to signed information Uniquely linked to the signer Capable of identifying the signer Verifiable by anyone at anytime Created using means that the signer maintains under his/her control Capable of easily showing anyone at any time that changes have been made to the signed information The record was created in the execution of routine business while consistently following the relevant organizational policy/procedure: Digital signing should be part of a standard automated organizational policy/process There should be a clear audit track

When are Digital Signatures Required? When a proof of identity, intent, and integrity is needed Audit and regulatory requirements Particular to industry/geography Acceptance Inside and outside the organization Verification Now and in the archive

Compliance Elements Provided by CoSign A CoSign Digital Signature is: Strongly bound to the signed document; Uniquely linked to the signatory; Capable of identifying the specific individual signatory; Created using a means the signatory maintains under his/her control; Verifiable by anyone at any time; and Ensuring that changes to signed information can be plainly seen by anyone at any time. The CoSign System Provides: Centralized control of signature-credential provisioning and revocation; Centralized control of user-enrollment and authentication policies; and User control of signature credential and signature function by the specific signatory.

CoSign Digital Signature Compliance CoSign creates legally enforceable digital signatures in accordance with: UETA 15 U.S.C. 7001 (E-Sign) EU (eidas) Regulation The CoSign digital signature solution, when implemented with a proper organizational policy, can comply with: FDA Title 21 CFR Part 11 (Life Sciences) HIPAA (Healthcare) PE board regulations in most US states Sarbanes Oxley EU VAT Directive USDA regulations NIST FIPS 140-2 level 3 Common Criteria EAL4+

About CoSign CoSign by ARX is the most widely used digital signature solution with millions of signers at businesses, governments and cloud services around the world using it to securely sign documents on any device. CoSign was recognized by Forrester as the strongest digital signature solution in their Wave: E-Signatures, Q2 2013 report. Contact us for a live demo and quote based on your organization s needs.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information