Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Legal & Regulatory Update SPeRS 2.0


Published on

ESRA 2011 Fall Conference

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Legal & Regulatory Update SPeRS 2.0

  1. 1. Legal & Regulatory Update; SPeRS 2.0 John Richards Counsel BuckleySandler LLP Washington, DC [email_address] Margo Tank Partner BuckleySandler LLP Washington, DC [email_address] David Whitaker Senior Company Counsel Wells Fargo Bank, N.A. Des Moines, IA david.whitaker
  2. 2. Overview <ul><li>ESIGN and UETA (2000,1999): Enable the presentation of information and electronically signed agreements where ink and paper would have been required historically </li></ul><ul><ul><li>Federal E-SIGN Act since 2000 </li></ul></ul><ul><ul><li>UETA Enacted in 49 jurisdictions </li></ul></ul><ul><li>Slow Industry Adoption: </li></ul><ul><ul><li>Lack of a significant industry participant applying pressure to transition to the paperless transaction </li></ul></ul><ul><ul><li>Questions concerning whether a business should “build” or “buy” the technology </li></ul></ul><ul><ul><li>Evolving regulatory and judicial guidance </li></ul></ul><ul><ul><li>Market participants not perceiving the benefits of the first mover advantage </li></ul></ul><ul><ul><li>Emerging industry-level standards and guidelines </li></ul></ul><ul><ul><li>Resources that will be required to migrate an industry to electronic transactions </li></ul></ul>
  3. 3. <ul><li>Overarching focus in 2011 is moving from understanding legal framework to implementation </li></ul><ul><li>Questions are now: </li></ul><ul><ul><li>How reliable are electronic signatures and records? </li></ul></ul><ul><ul><li>How to authenticate individuals? </li></ul></ul><ul><ul><li>How can I minimize transaction and compliance risk? </li></ul></ul><ul><ul><li>Are contested electronic records and signatures admissible and enforceable? </li></ul></ul><ul><ul><li>Will subsequent transaction parties or the government accept electronic signatures and records? </li></ul></ul>Overview
  4. 4. Overview <ul><li>eCommerce laws pose new challenges </li></ul><ul><li>Designing systems to sign/store electronic records requires firm grasp of: </li></ul><ul><ul><li>Interaction between electronic processes used to sign and store electronic records and </li></ul></ul><ul><ul><ul><li>ESIGN/UETA requirements </li></ul></ul></ul><ul><ul><ul><li>Underlying substantive law ( e.g. , TILA, GLBA, State disclosure and record retention laws) </li></ul></ul></ul><ul><ul><ul><li>Regulator acceptance </li></ul></ul></ul><ul><ul><ul><li>Judicial precedent </li></ul></ul></ul>
  5. 5. Creating Reliable Electronic Signatures and Records <ul><li>Reliable electronic signatures and records are critical for a number of reasons to: </li></ul><ul><ul><li>Comply with state or federal “writing,” “signing” and “original” requirements </li></ul></ul><ul><ul><li>Enforceability </li></ul></ul><ul><ul><li>Meet state or federal record retention requirements </li></ul></ul><ul><ul><li>Obtain admission of electronic records into evidence in the event of a dispute (the mere fact that information has been created and stored within a computer system does not make that information reliable or authentic) </li></ul></ul>
  6. 6. Identifying Risks <ul><li>Authentication Risk: </li></ul><ul><ul><ul><li>The risk is that the signer says “that is not my signature” </li></ul></ul></ul><ul><ul><ul><ul><li>Is the signer: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>who they say they are </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>do they have the authority to bind </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Company relying on the signature has to bear the burden of proof </li></ul></ul></ul><ul><li>Compliance Risk: </li></ul><ul><ul><ul><li>The risk is that the rules and regulations that govern the transaction are not met </li></ul></ul></ul><ul><li>For example: Disclosure was not provided in the right format or at the right time in the transaction (possible statutory penalties) </li></ul><ul><li>For example: ESIGN & UETA requirements are not met (consequence may include statutory penalties based on conclusion that required disclosure was not provided because ESIGN/UETA consent was not obtained) </li></ul>
  7. 7. Identifying Risks <ul><li>Repudiation Risk: </li></ul><ul><ul><li>The risk is that the signer says, “that is not the record that I signed or the disclosure that I received” </li></ul></ul><ul><li>Admissibility Risk: </li></ul><ul><ul><li>The risk is that the electronic record is not admissible into evidence or for regulatory purposes </li></ul></ul><ul><ul><ul><li>Introduction into evidence will require proof of integrity: </li></ul></ul></ul><ul><ul><ul><ul><li>Identification to original transaction </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Freedom from alteration </li></ul></ul></ul></ul>
  8. 8. An Analytical Model <ul><li>Look to UETA Official Comments, and Congressional Record at time of ESIGN adoption in House and Senate, for interpretive rules </li></ul><ul><li>When interpreting ambiguous provisions, ask: if interpretation serves purpose of statute and meets “common sense” test </li></ul><ul><li>What would I do with a paper document? </li></ul>
  9. 9. Analyzing Systems for Creating, Storing and Retrieving Binding Agreements – A Provisional Checklist <ul><li>Agreement to Electronic Transaction </li></ul><ul><ul><li>Identify parties who must agree </li></ul></ul><ul><ul><ul><li>Direct participants </li></ul></ul></ul><ul><ul><ul><li>Vendors and service providers </li></ul></ul></ul><ul><ul><ul><li>Indirect stakeholders </li></ul></ul></ul><ul><ul><li>Establish manner of agreement </li></ul></ul><ul><ul><ul><li>B2B </li></ul></ul></ul><ul><ul><ul><li>Consumer (special ESIGN rules for consent) </li></ul></ul></ul><ul><ul><li>Agreement to system rules </li></ul></ul>
  10. 10. Analyzing Systems for Creating, Storing and Retrieving Binding Agreements – A Provisional Checklist <ul><li>Execution </li></ul><ul><ul><li>Signature </li></ul></ul><ul><ul><ul><li>Authority to sign </li></ul></ul></ul><ul><ul><ul><li>Evidence of intent </li></ul></ul></ul><ul><ul><ul><li>Intent to sign </li></ul></ul></ul><ul><ul><ul><li>Purpose of signature </li></ul></ul></ul><ul><ul><li>Per document basis </li></ul></ul><ul><ul><li>Logically associated with record </li></ul></ul><ul><ul><li>Process </li></ul></ul><ul><ul><li>Attribution </li></ul></ul>
  11. 11. Analyzing Systems for Creating, Storing and Retrieving Binding Agreements – A Provisional Checklist <ul><li>Document Format and Delivery </li></ul><ul><ul><li>Compliance with existing formatting rules </li></ul></ul><ul><ul><li>Standards for document formats </li></ul></ul><ul><ul><ul><li>Non-proprietary </li></ul></ul></ul><ul><ul><ul><li>Self-contained </li></ul></ul></ul><ul><ul><li>Delivery methods </li></ul></ul><ul><ul><ul><li>Mailing or hand delivery currently required </li></ul></ul></ul><ul><ul><ul><li>Mailing or hand delivery not currently required </li></ul></ul></ul>
  12. 12. Analyzing Systems for Creating, Storing and Retrieving Binding Agreements – A Provisional Checklist <ul><li>Record Integrity: </li></ul><ul><ul><li>Tracking alterations or versions </li></ul></ul><ul><ul><li>Preventing alteration of executed documents </li></ul></ul><ul><ul><li>Associating records </li></ul></ul><ul><ul><li>Replacing records </li></ul></ul><ul><ul><li>Identifying authoritative copies </li></ul></ul><ul><ul><li>Encryption of executed documents to prevent undetected alteration </li></ul></ul><ul><ul><li>Use of hash algorithms and date and time stamp technology </li></ul></ul><ul><li>Record Management Controls: </li></ul><ul><ul><li>Control of access to databases </li></ul></ul><ul><ul><li>Recording and logging of changes </li></ul></ul><ul><ul><li>Backup practices </li></ul></ul><ul><ul><li>Audit procedures </li></ul></ul>
  13. 13. Controlling Risks with SPeRS (Standards and Procedure for Electronic Records and Signatures) <ul><li>A cross-industry initiative to establish commonly understood “rules of the road” available to all parties seeking to take advantage of the powers conferred by ESIGN and UETA; </li></ul><ul><li>Helps create the implementation guidance not present in ESIGN and UETA </li></ul><ul><li>Initially published 2003; update coming in November 2011; </li></ul><ul><li>Founded on the proposition that much of the time and effort being invested by companies “re-inventing the wheel” could be avoided if cross-industry standards for these elements of electronic transactions could be established; </li></ul><ul><li>Focused on the behavioral and legal aspects of the interaction between parties to the transaction, not on technology. SPeRS is intended to be technology neutral; </li></ul><ul><li>Standards are not necessarily legal minimums, but implementing the standards should enhance reliability and sufficiency. </li></ul>
  14. 14. The SPeRS Objectives <ul><li>SPeRS: </li></ul><ul><ul><li>Permits businesses to establish a common understanding with vendors concerning design parameters for routine functions, without having to develop detailed custom specifications, </li></ul></ul><ul><ul><li>Assists in establishing industry standards for commercially reasonable, enforceable structures and processes, and </li></ul></ul><ul><ul><li>Provides the customer with a “common experience” across various online transactions, increasing the customer’s comfort level with the transactions. </li></ul></ul>
  15. 15. The SPeRS Structure <ul><li>SPeRS is divided into five sections: </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Consent </li></ul></ul><ul><ul><li>Agreements, Notices and Disclosures </li></ul></ul><ul><ul><li>Electronic Signatures </li></ul></ul><ul><ul><li>Record Retention </li></ul></ul><ul><li>Each section is comprised of an Introduction and Outline and a series of Standards with supporting materials. </li></ul>
  16. 16. The SPeRS Structure <ul><li>Introduction and Outline </li></ul><ul><ul><li>Purpose: to help orient the system design team to the subject covered and its relevance to system design. </li></ul></ul><ul><li>Standards and Principles </li></ul><ul><ul><li>Purpose: high-level guidance reflecting important design parameters. </li></ul></ul><ul><ul><li>Standard is accompanied by statement of underlying principle. </li></ul></ul>
  17. 17. The SPeRS Structure <ul><li>Considerations </li></ul><ul><ul><li>Purpose: raise a series of questions, with the answers impacting the system design. </li></ul></ul><ul><li>Checklists and Examples </li></ul><ul><ul><li>Purpose: detailed, step-by-step guidance and assistance for implementing the standards. </li></ul></ul><ul><li>Commentary </li></ul><ul><ul><li>Purpose: legal and other support for standards. </li></ul></ul>
  18. 18. SPeRS Methodology <ul><li>Designed to assist with identification of issues related to legal sufficiency. </li></ul><ul><li>Designed to assist with weighing options and strategies. </li></ul><ul><li>Intended to prompt questions and systematically construct answers. </li></ul>
  19. 19. SPeRS Methodology <ul><li>Consult SPeRS at the beginning of design cycle: </li></ul><ul><ul><li>Identify appropriate members of design team </li></ul></ul><ul><ul><li>Review 30 high-level standards </li></ul></ul><ul><ul><li>For each standard that applies –review, identify issues, resolve </li></ul></ul><ul><ul><li>Document process </li></ul></ul>
  20. 20. SPeRS 2.0 <ul><li>No New Standards </li></ul><ul><ul><li>Range of new issues addressed in existing standards </li></ul></ul><ul><li>Overview of eNotarization Developments </li></ul><ul><ul><li>URPERA, RULONA, state activities </li></ul></ul><ul><li>Other Case Law and Regulatory Updates </li></ul><ul><ul><li>2003 -2011 Select Developments </li></ul></ul><ul><li>Format More Accessible than 1.0 </li></ul><ul><ul><li>Indexed, Searchable CD-ROM </li></ul></ul>
  21. 21. SPeRS 2.0/eNotarization <ul><li>Will eNotary be available? </li></ul><ul><ul><li>While eNotarizations are recognized, not all are permitted </li></ul></ul><ul><li>What are the costs? </li></ul><ul><li>Are there special state rules? </li></ul><ul><ul><li>California, Colorado </li></ul></ul><ul><li>Are there industry standards or requirements? </li></ul><ul><ul><li>NASS, GSEs </li></ul></ul>
  22. 22. SPeRS 2.0/Legal Developments <ul><li>Authentication and Authority </li></ul><ul><ul><li>The Prudential Ins. Co. of America v. Dukoff , No. 07-1080, 2009 WL 4884008 (E.D.N.Y. Dec. 18, 2009) (Materially false statements made by reasonably authenticated insurance applicants may be used to challenge the validity of the application) </li></ul></ul><ul><ul><li>National Auto Lenders, Inc. v. SysLOCATE, Inc. , No. 09-21765, 2010 WL 527866 (S.D. Fla. Feb. 10, 2010) (Online agreement held unenforceable where website operator knew the persons accepting the agreement lacked actual or apparent authority)  </li></ul></ul><ul><ul><li>Earll v. eBay, Inc., No. 5:11-cv-00262-JF (N.D. Cal. Sept. 7, 2011)(Class Action Alleges eBay's Identity Verification Policy Violates the ADA); National Federation of Blind v. Target Corp., 582 F.Supp.2d 1185, N.D.Cal., 2007. </li></ul></ul><ul><ul><li>FFIEC Supplement, Identity Management </li></ul></ul><ul><li>Consent </li></ul><ul><ul><li>OCC, Reg. AA, B, C, DD, E, M, P, V, X and Z Requirements; SEC Guidance </li></ul></ul><ul><ul><li>DWP Pain Free Med. P.C. v. Progressive Northeastern Ins. Co. , 831 N.Y.S.2d 849 (Dist. Ct. of Suffolk County, Third District, 2006)(Neither ESIGN nor state law overcomes a party’s rejection of eRecords/eSignatures) </li></ul></ul>
  23. 23. SPeRS 2.0/Legal Developments <ul><li>Agreements, Notices & Disclosures </li></ul><ul><ul><li>Swift v. Zynga Game Network, Inc. , 2011 U.S. Dist. Lexis 85983 (N.D. Cal. Aug. 4, 2011)(upheld validity of clickwrap agreement effected through social media sites such as Facebook) </li></ul></ul><ul><ul><li>In re Apple and AT&T Unlimited Data Plan Litig. , 2011 U.S. Dist. Lexis 78276 (N.D. Cal. July 19, 2011)(upheld validity of tapping “I Agree” on iPad screen) </li></ul></ul><ul><ul><li>But see Schnabel v. Trilegiant Corp. , 2011 US Dist. Lexis 18132 (D. Conn. Feb. 24, 2011)(denying validity because user did not have opportunity to view terms or reject same) </li></ul></ul><ul><li>Clearly Presented Agreements and Disclosures will be Enforced Unless Unconscionable </li></ul><ul><ul><li>Bar-Ayal v. Time Warner Cable Inc. , 03 CV 9905 (KMW) (S.D.N.Y. Oct. 16, 2006); Douglas v. Talk America , No. 06-75424 (9th Cir. July 18, 2007); Margae, Inc. v. Clear Link Technologies, LLC, et al. , No. 2:07-CV-916 (D. Ut. June 16, 2008) (Cannot use technology to obscure or dilute consumer information) </li></ul></ul>
  24. 24. SPeRS 2.0/Legal Developments <ul><li>Electronic Signatures </li></ul><ul><ul><li>Martyn v. J.W. Korth & Co. , 2011 U.S. Dist. Lexis 59416 (W.D. Mich. June 1, 2011)(ESIGN applied to validate typewritten eSignature) </li></ul></ul><ul><ul><li>Centrifugal Force, Inc. v. Softnet Communications , 2011 U.S. Dist. Lexis 20536 (S.D.N.Y. Mar. 1, 2011)(Modified terms of clickwrap agreement upheld where user required to agree to each such modification) </li></ul></ul><ul><ul><li>Shattuck v. Klotzbach, 14 Mass. L. Rep. 360 (Super. Ct., Mass., December 11, 2001); Rosenfeld v. Zerneck, 4 Misc. 3d 193, 776 N.Y.S.2d 458 (Sup. Ct., Kings Co. 2004) (but see Vista Developers Corp. v. VFP Realty LLC , 17 Misc. 3d 914, 847 N.Y.S.2d 416 (Sup. Ct., Queens Co. 2007) (Signed emails could be used to prove the existence of a real estate sale contract) </li></ul></ul><ul><ul><li>But see Ni v. Slocum , 2011 Cal. App. Lexis 862 (Cal. Ct. App. June 30, 2011)(rejecting petition eSignature traced on a smartphone screen, contrary to state election law requirement that signatures be “personally affix[ed]” to petitions and witnessed by election officials) </li></ul></ul>
  25. 25. SPeRS 2.0/Legal Developments <ul><li>Record Retention </li></ul><ul><ul><li>Novak v. Tucows, Inc., 2007 WL 922306 (E.D.N.Y. Mar. 26, 2007) aff'd, 330 F. App'x 204 (2d Cir. 2009)(storage processes must be properly documented in order to admit electronic records into evidence) </li></ul></ul><ul><ul><li>Glarum v. LaSalle Bank Nat’l Assoc. , Slip Op. 4D10-1372 (Fla. Ct. App. Sept. 7, 2011)( per curiam )(employee affidavit inadmissible hearsay because the employee not competent to authenticate data) </li></ul></ul><ul><ul><li>Griffin v. State , 2011 Md. LEXIS 226, 27-28 (Md. Apr. 28, 2011)(social networking page printouts require greater degree of authentication given potential for manipulation) </li></ul></ul>
  26. 26. SPeRS 2.0/Preserving Evidence of Data Integrity, Screen Shots & Process Flows is Essential <ul><li>In Re Vee Vinhnee , 336 B.R. 437 (9th Cir. BAP (Cal.) 2005) – Court refused to admit electronic credit card transaction records due to inadequate authentication </li></ul><ul><ul><li>11-Factor Foundation For Electronic Records: </li></ul></ul><ul><ul><ul><li>The business uses a computer. </li></ul></ul></ul><ul><ul><ul><li>The computer is reliable. </li></ul></ul></ul><ul><ul><ul><li>The business has developed a procedure for inserting data into the computer. </li></ul></ul></ul><ul><ul><ul><li>The procedure has built-in safeguards to ensure accuracy and identify errors. </li></ul></ul></ul><ul><ul><ul><li>The business keeps the computer in a good state of repair. </li></ul></ul></ul><ul><ul><ul><li>The witness had the computer readout certain data. </li></ul></ul></ul><ul><ul><ul><li>The witness used the proper procedures to obtain the readout. </li></ul></ul></ul><ul><ul><ul><li>The computer was in working order at the time the witness obtained the readout. </li></ul></ul></ul><ul><ul><ul><li>The witness recognizes the exhibit as the readout. </li></ul></ul></ul><ul><ul><ul><li>The witness explains how he or she recognizes the readout. </li></ul></ul></ul><ul><ul><ul><li>If the readout contains strange symbols or terms, the witness explains the meaning of the symbols or terms for the trier of fact Id . at 14 (citing Edward J. Imwinkelried, Evidentiary Foundations § 4.03[2] (5th ed. 2002)). </li></ul></ul></ul>
  27. 27. SPeRS 2.0/Emerging Principles & Significant Cases Involving Electronic Records <ul><li>The primary authenticity issue as identified by the court in In Re Vee Vinhnee , 336 B.R. 437 (9th Cir. BAP (Cal.) 2005), focuses on: </li></ul><ul><ul><li>. . . what has, or may have, happened to the record in the interval between when it was placed in the files and the time of trial. In other words, the record being proffered must be shown to continue to be an accurate representation of the records that originally was created . . . . Hence, the focus is not on the circumstances of the creation of the record, but rather on the circumstances of the preservation of the record during the time it is in the file so as to assure that the document being proffered is the same as the document that was originally created . </li></ul></ul><ul><li>The court focused on the 4th factor and noted that for electronically stored information: </li></ul><ul><ul><li>[t]he logical questions extend beyond the identification of the particular computer equipment and programs used. The entity’s policies and procedures for the use of the equipment, database, and programs are important. How access to the pertinent database is controlled and, separately, how access to the specific program is controlled are important questions. How changes in the database are logged or recorded, as well as the structure and implementation of backup systems and audit procedures for assuring the continuing integrity of the database, are pertinent to the question of whether the records have been changed since their creation. </li></ul></ul>
  28. 28. SPeRS 2.0/Emerging Principles & Significant Cases Involving Electronic Records <ul><li>Lorraine v. Markel American Ins. Co ., 241 F.R.D. 534, 538 (D.Md. 2007). Judge Grimm in Lorraine v. Markel American Ins. Co ., 241 F.R.D. 534, 538 (D.Md. 2007): </li></ul><ul><ul><li>[C]onsidering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted. </li></ul></ul>
  29. 29. Industry Adoption <ul><li>Successes/Guidance </li></ul><ul><ul><li>Mortgage </li></ul></ul><ul><ul><ul><li>http:// =19 </li></ul></ul></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><li>Student Lending </li></ul></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><li>Variable Annuities </li></ul></ul><ul><ul><ul><li>http:// /standards </li></ul></ul></ul><ul><ul><li>Electronic Chattel Paper </li></ul></ul><ul><ul><ul><li> =1245199808682 </li></ul></ul></ul><ul><ul><li>Online Banking </li></ul></ul><ul><ul><ul><li>http:// </li></ul></ul></ul>
  30. 30. Contact Information <ul><li>Margo Tank </li></ul><ul><li>202.349.8050 </li></ul><ul><li>[email_address] </li></ul><ul><li>David Whitaker </li></ul><ul><li>david.whitaker </li></ul><ul><li>John Richards </li></ul><ul><li>202.349.8046 </li></ul><ul><li>[email_address] </li></ul>