Digital Signatures: The Law and Best Practices for Compliance

5,825 views
5,582 views

Published on

The CoSign Digital Signature solution automates your signature-based approvals compliantly and affordably, allowing you to cut costs and automate business processes.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,825
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
126
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Digital Signatures: The Law and Best Practices for Compliance

  1. 1. Digital Signatures The Law and Best Practices For compliance
  2. 2. Electronic/Digital Signature Legislation Disclaimer: ARX is not a law firm and does not provide legal advice. We make no warranty, express or implied, concerning any interpretation of laws and regulations or its reliability as presented here or of the content on websites cited in this presentation.
  3. 3. Electronic vs. Digital Signatures Electronic signatures:  Legally defined as an electronic sound, symbol (e.g., a graphic representation of a person in JPEG file), or process, attached to or logically associated with a record, and executed or adopted by a person with the intent to sign the record.  Some of the solutions that fit this legal definition can be very problematic with regards to maintaining integrity and security, and especially a good business policy or practice. Digital signatures :  Digital signatures, often referred to as advanced or standard electronic signatures, provide the highest form of signature and content integrity as well as universal acceptance.  Digital signatures help organizations sustain signer authenticity, accountability, data integrity, and non-repudiation (a signer cannot later deny their participation in a transaction they signed) of electronic documents and forms.
  4. 4. US/EU Federal and State Statutes  Legislation  Uniform Electronic Transactions Act (“UETA”) – 1999  Electronic Signatures in Global and National Commerce Act (“E-Sign”) – 2000  EU Directive for Electronic Signatures – 1999 These Acts give legal force and effect to electronic or digital signatures.
  5. 5. Uniform Electronic Transactions Act (UETA)  UETA http://www.law.upenn.edu/bll/archives/ulc/fnact99/1990s/ueta99.htm  SECTION 7. LEGAL RECOGNITION OF ELECTRONIC RECORDS, ELECTRONIC SIGNATURES, AND ELECTRONIC CONTRACTS. (a) A record or signature may not be denied legal effect or enforceability solely because it is in electronic form; (b) A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation; (c) If a law requires a record to be in writing, an electronic record satisfies the law; (d) If a law requires a signature, an electronic signature satisfies the law.
  6. 6. E-Sign Act  ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT (aka E-Sign) at: http://frwebgate.access.gpo.gov/cgi- bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106  Mirrors various provisions of UETA (which preceded it)  section a) says electronic signatures and documents are legal;  section b) this act does not override other acts that may mandate use of paper-based transactions;  section c) “Consents” outlines what the parties must agree, and declare they agree(d), to use of electronic signatures/contracts between them; important in B2C and B2B scenarios.
  7. 7. State Compliance with UETA  46 US States (+ DC, Puerto Rico, and the Virgin Islands) have adopted UETA. http://www.ncsl.org/programs/lis/CIP/ueta-statutes.htm  Georgia; Illinois; New York; Washington have other statutes pertaining to electronic transactions (GA: Ga. Code Ann., § 10-12-1; IL: 5 ILCS 175/1-101; NY: NY CLS State Technology § 301 et seq.; WA: http://apps.leg.wa.gov/RCW/default.aspx?cite=19.34)  The US Federal Act, E-Sign, governs if disputes cannot be settled at the state level. Note: US courts seem to be so routinely admitting electronic signatures due to the E-Sign Act that it is unnecessary for them to write a written opinion actually going through the analysis under the statute. In a sense, the statute is doing its job by obviating the need for any court to think twice about whether an electronic signature could be admissible (assuming it met all the other rules of evidentiary procedure).
  8. 8. EU Directive for Electronic/Digital Signatures  Directive 1999/93/EC Of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures:  The directive indicates standard digital signatures are required, without explicitly saying so (wanting to appear technology neutral).  All EU Member States have adopted this directive with local legislation, as of 2003.  EU Member States are not allowed to add additional requirements to those in the directive.  EU VAT Directive 2001: Council directive 2001/115/EC:  Directive for electronic invoices calls for electronic signatures as defined by the 1999 directive for electronic signatures.
  9. 9. Legal Summary  US and EU law accept electronic and digital signatures but state nothing of specific technology choices.  US law allows for a broad definition of electronic signature.  EU law narrows the definition and implies that digital signatures should be used.  Regulations in specific industries tend to lean toward digital signatures.  The courts are concerned with:  Admissible evidence  Was a policy/procedure followed consistently in the execution of routine business?
  10. 10. Best Practices for Digital Signature Deployment A legally enforceable digitally signed record should have:  Admissible evidence:  Attached to signed information  Uniquely linked to the signer  Capable of identifying the signer  Been created using means signer maintains under his/her control  Verifiable by anyone at anytime  Anyone at anytime should easily be able to detect changes to signed information  Organizational policy:  Digital signing should be part of a standard automated organizational policy/process  There should be a clear audit track
  11. 11. When are Digital Signatures Needed? When proof of identity, intent, and integrity is needed  Audit and regulatory requirements  Particular to industry/geography  Acceptance  Inside and outside the organization  Verification  Now and in the archive
  12. 12. CoSign Digital Signature Compliance  CoSign creates legally enforceable digital signatures in accordance with UETA, 15 U.S.C. 7001 (E-Sign) and EU Directives 1999/93/EC and 2001/115/EC  The Cosign digital signature solution, when implemented with a proper organizational policy, can comply with:  FDA Title 21 CFR Part 11 (Life Sciences)  HIPAA (Healthcare)  Most states’ PE boards (Engineering)  Sarbanes Oxley  EU VAT Directive  SAFE BioPharma Association  United States Department of Agriculture (USDA)
  13. 13. About CoSign The CoSign digital signature solution automates your signature-based approvals compliantly and affordably, allowing you to cut costs and expedite business processes. For more information, please contact John Marchioni, VP Business Development johnmarc@arx.com Tel: (415) 839 8161 www.arx.com

×