Your SlideShare is downloading. ×
The Role of the Business Manager in
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

The Role of the Business Manager in

304
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
304
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The Role of the Business Manager in Implementing an Electronic Transaction Process Electronic Signatures and Electronic Records Under Colorado’s Uniform Electronic Transactions Act (UETA) Colorado Department of State, 1700 Broadway, Suite 300, Denver, CO 80290 303-894-2200 Fax: 303-869-4871 www.sos.state.co.us
  • 2. Licensing Division Secretary of State’s Office Barbara Groth, J.D. UETA Program Manager Phil Gehlich UETA Program IT Analyst Carrie London Administrative Assistant
  • 3. Business Manager’s Role
    • Existing electronic processes or records
      • Database information collection, storage and retrieval
      • Email
      • Internal time cards, leave slips, expense reports
  • 4. Business Manager’s Role
    • New electronic process
      • Often involves “converting” a paper process to an electronic process
      • Critical to document workflow and procedures as initial step
      • Opportunity for re-engineering paper process
      • Be open-minded – electronic process need not “duplicate” paper process
  • 5. Business Manager’s Role
    • Electronic process
      • Perform risks analysis
      • Perform benefits analysis
      • Perform costs analysis
      • Consider legal, business and technology issues and options in each analysis
  • 6. Business Manager’s Role
    • Electronic process
      • Consider quantitative factors, e.g.
        • Reduction in cost for storage of paper records
        • Less time spent inputting data or processing applications
        • Greater accuracy due to reduction of transcription errors
        • Cost of new equipment or software
        • “ Instantaneous” transmission, compared to time and expense of mail or courier
  • 7. Business Manager’s Role
    • Electronic process
      • Consider qualitative factors, e.g.
        • Change in customer satisfaction
        • Potential for increase or decrease in fraud
  • 8. Business Manager’s Role
    • Consult with your legal advisor in AG’s office
    • Consult with your IT advisors
    • Consult with the UETA team
  • 9. Business Manager’s Role
    • Legal issues
      • Statutory requirements or prohibitions
        • Federal Laws & Regulations, e.g.
          • Health Insurance Portability and Accountability Act (HIPAA)
          • Drivers Privacy Protection Act (DPPA)
        • Colorado Laws & Rules, e.g.
          • Prohibitions on using or recording SSNs (see 23-5-127, C.R.S.; 4-3-506, C.R.S.)
          • Open records laws
  • 10. Business Manager’s Role
    • Examine why pen and ink (“wet”) signature is requested on a paper document
      • It’s required by law
      • It serves an important purpose , even if not mandated
      • It’s “always been done that way”
  • 11. Business Manager’s Role
    • Purpose of a signature
      • Serve to authenticate a record by identifying the signer with the signed record
      • Serve “ceremonial” function – call signer’s attention to significance of signing and potential legal implications
      • Serve to express signer’s approval or agreement of contents
      • Serve to express finality of document (not a draft; not accidentally submitted)
  • 12. Business Manager’s Role
    • If signature needed on electronic record:
      • What type of electronic signature?
      • Create document/form to capture signer’s intent to sign
      • Create document/form to fulfill reason for requesting signature
  • 13. Business Manager’s Role
    • Evaluate whether these attributes of your electronic process need be set at low, medium or high level
      • Authentication
      • Confidentiality
      • Integrity
      • Non-repudiation
      • Authorization
      • Auditability
      • Preservation
  • 14. Business Manager’s Role
    • Authentication
      • The process of identifying an individual
      • Authentication merely ensures that the individual is who he or she claims to be
      • Authentication says nothing about the access rights of the individual
      • Not necessarily the same as an electronic signature, which must demonstrate intent to sign
      • May not care about identity in some cases
  • 15. Business Manager’s Role
    • Confidentiality
      • Assurance that information is not disclosed to unauthorized persons, processes, or devices
      • Assurance that information is protected against intentional or accidental unauthorized disclosure
  • 16. Business Manager’s Role
    • Integrity
      • Information protected against corruption, tampering, or other alteration
        • By unauthorized persons
        • By accidental actions of authorized persons
        • By intentional actions of authorized persons
      • Assurance of accuracy and completeness of information
        • Need to capture questions asked on form, not just responses
  • 17. Business Manager’s Role
    • Non-repudiation
      • Evidence that can be used to contradict a person who is (falsely) denying sending or receiving a specific communication or engaging in a specific transaction.
  • 18. Business Manager’s Role
    • Non-repudiation
      • Some authorization and electronic signature technologies, e.g. digital signatures, assure high confidence that identity or signature cannot be repudiated
        • Such technologies also assure that any change in document after digital signature applied will invalidate signature
          • Content of document can’t be repudiated if digital signature still valid
  • 19. Business Manager’s Role
    • Non-repudiation
      • PINs and passwords easily compromised
        • People can’t remember them, so they write them down
        • People intentionally let others “borrow” them
        • People using same computer can often discover them
        • People may intentionally use one PIN or password for multiple people, such as both spouses
        • People are scammed into revealing them through “phishing” attacks or social engineering
        • They can be hacked, intercepted, etc.
      • PINs and passwords do not assure that data not changed
      • PINs and passwords provide low (no?) assurance of non-repudiation
  • 20. Business Manager’s Role
    • Authorization
      • The process of granting or denying access to systems, networks or applications based on identity
  • 21. Business Manager’s Role
    • Auditability
      • Also referred to as Accountability
      • The ability to identify the person or organization that performed, or is responsible for, the actions affecting information
      • “Audit trail”
      • Who, what, when, how
  • 22. Business Manager’s Role
    • Preservation
      • Consider records retention issues
        • More problematic to store electronic records long term in usable form than paper
          • Must be able to migrate applications/systems as versions/equipment changes
          • Electronic records with “secure” signatures especially difficult
  • 23. Conclusion
    • Business manager must take the lead in
      • Managing an electronic process implementation
      • Reviewing existing electronic processes
    • Should request input from other sources: Legal, IT, UETA
    • Should understand laws and rules that may affect implementation of process
  • 24. Conclusion
    • Business manager has role in shaping ultimate form of UETA rules through involvement of UETA team with your analysis and implementation
      • We’ll learn from your experience and it will help us shape rules that work
      • Your implementation much more likely to be compliant with rules finally adopted
  • 25. Additional Information
    • Contact a member of the UETA Team
    • Licensing tab at www.sos.state.co for info on UETA Program
      • General Information
      • UETA Statute (24-71.3, C.R.S et seq.)
      • FAQs about UETA (the Act)
      • Glossary
      • Power Point Slide Shows
      • Calendar of Presentations and Demonstrations
      • UETA Task Force
      • Resources & Links
  • 26. Contact Information
    • Colorado Department of State
      • Licensing Division, UETA Program
      • 1700 Broadway, Suite 300
      • Denver, CO 80290
      • 303 894-2200
    • Barbara Groth – ext. 6423
      • [email_address]
    • Phil Gehlich – ext. 6624
      • [email_address]