Saturday, January 23, 2010

Implementing Electronic Signatures - Emily Walsh

In 2000, Congress enacted the Electronic Signatures in Global and National Commerce Act (“E-SIGN”) to ensure the validity of contracts entered into electronically. 15 U.S.C.A. § 7001. E-SIGN allows parties to bind themselves contractually without traditional pen and paper, permits the electronic delivery of legally required notices and disclosures, allows for electronic record retention, and contains consumer protection measures requiring consumer notice and consent. When considering the implementation of an electronic signature there are a several issues a company should keep in mind. First, a record or signature signed electronically may not be denied legal validity or enforceability merely because it is in electronic form. 15 U.S.C.A. § 7001(a)(1). Second, if a statute requires a record to be in writing, an electronic record satisfies E-SIGN. Third, if a statute requires a signature, an electronic signature will satisfy the statute. Lastly, E-SIGN does not require use or acceptance of electronic records or signatures, and is only binding if the parties agree to use or accept electronic records and signatures. 15 U.S.C.A. § 7001(b)(2).

E-SIGN does not specify the form an electronic signature must take to be valid. The statute defines an electronic signature as “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” 15 U.S.C.A. § 7006(5). Therefore, a company can adopt any form of E signature required to fit its needs. For instance, a company can utilize a click through process (i.e. an “I Agree” or “I Accept” button), a pin number, a biometric measurement (i.e. fingerprint(s)), an “X” at the bottom of an email, or any other signature form. Once a company decides which form of electronic signature is best suited, the company should adhere to the following guidelines to implement an electronic signature:

1.) Identify Affected Policies and Procedures Review your company’s policies and procedures to determine whether they fall within the purview of E-SIGN. E-SIGN could potentially affect any policy or procedure that requires parties to use traditional paper and ink signatures. Yet, keep in mind that E-SIGN only applies if a statute, regulation, or other rule of law requires that information relating to a transaction is provided or made available to a consumer in writing. Thus, E-SIGN only affects laws imposing writing or signing requirements. Furthermore, the statute excepts certain contracts and records, including, but not limited to, the cancellation or termination of health insurance, benefits, or life insurance benefits, excluding annuities. 15 U.S.C.A § 7003(2)(C).

2.) Ensure the Consumer is Aware of Hardware and Software Requirements The statute defines “consumers” as those who obtain, “through a transaction, products or services which are used primarily for personal, family, or household purposes.” 15 U.S.C.A. § 7006(1). Before consumers can validly consent to a transaction, they must be aware of the hardware and software requirements for access and retention of electronic records. 15 U.S.C.A § 7001(c)(1)(C)(i). The company must provide a statement to the consumer detailing such requirements. Furthermore, the consumer must consent or confirm his or her consent electronically, in a way that “reasonably demonstrates” the consumer can access the information in the electronic form that he or she will use to offer consent. 15 U.S.C.A. § 7001(c)(1)(C)(ii). While the statute does not define “reasonably demonstrates,” legislative history provides some insight. A “reasonable demonstration” may be satisfied in several ways. First, the consumer may send an email confirming that he or she can access the electronic records. Or, a company can ask the consumer if he or she can access the electronic records, and the consumer can affirmatively respond. Lastly, a company may demonstrate that the consumer actually accessed the electronic records. See S.CONF. REP. No. 106-71, at S5282(2000).

3.) Provide Clear and Conspicuous Disclosures Before consumers can consent to electronic notices or disclosures, E-SIGN requires that consumers receive several clear and conspicuous disclosures. Such disclosures should not be buried or hidden in a company’s website, but should be prominently displayed. In addition to the hardware and software requirements, the company must notify consumers of:

a.) The Right and Procedure to Receive Paper Records. E-SIGN gives consumers the option to be provided with, or to have the record made available in a non-electronic form. The company must notify consumers of their right to receive a paper copy of an electronic record upon request, as well as any costs associated with obtaining such a copy.

b.) The Right to Withdraw Consent.
After consenting, consumers may withdraw their consent to have their records provided in electronic form. However, the company must notify consumers of their right prior to consumers giving consent. In addition, companies must inform consumers of any conditions or consequences in the event consent is withdrawn. Such consequences can include, but are not limited to, termination of the parties’ relationship or fees.

c.) The Need for Updates.
The company must also notify consumers of the consumer’s need to update their electronic contact information, should the company need to contact them.

d.) The Scope of the Consent. The company must notify consumers as to the application of their consent. For instance, the consumer’s consent may apply to categories of records that become available during the course of the parties’ relationship. The company must make a clear and conspicuous disclosure regarding what transactions and records fall within the scope of the consumer’s consent.

4.) Obtain the Consumer’s Informed Consent For a transaction to be valid, a consumer must affirmatively consent to receive documents in electronic form. While E-SIGN does not state what constitutes “affirmative consent,” in 2001 the Federal Trade Commission and the Department of Commerce held a workshop to discuss “best practices” for obtaining electronic consumer consent. The suggestions included using plain English in the disclosures. In addition, a company should provide information about what it means to consent to electronic delivery such as the ramifications of consumers agreeing to pop-up messages, and should encourage consumers to print out the disclosures. A company should also offer customer support. Documenting E-Commerce Transactions, § 4:3(2008). 5.) Notify Consumers Changes in Hardware or Software Requirements if Necessary

If the consumer affirmatively gave consent, has not withdrawn such consent, and has been provided with the above discussed disclosures, then the transaction is valid. However, the company’s obligations to consumers regarding their electronic signatures have not yet ended. If there is a change in hardware or software requirements which poses a material risk to the consumer’s ability to access or retain the electronic records that were subject to the consent, then the consumer must be notified of the subsequent change. In addition, the consumer must electronically re-consent in a manner that reasonably demonstrates the consumer’s ability to access the electronic record. The consumer must also be informed that he or she has a right to withdraw his or her consent. Should the consumer withdraw consent, he or she cannot be subject to any condition, consequence or fee that was not in the initial disclosures.

5.) Retain Records Under E-SIGN, an “electronic record” is “a record created, generated, sent, communicated, received, or stored by electronic means.” Essentially, the term covers any type of record that is electronically generated or stored. If a statute, regulation, or law requires that a record relating to a transaction be retained, a company, subject to two conditions precedent, may satisfy the statutory requirement by using electronic records. . First, the electronic records must accurately reflect the information in the record. Second, the record must be accessible to “all persons who are entitled to access by statute, regulation, or rule of law, for the period required. . . in the form that is capable of being accurately reproduced for later reference. . . .” 15 U.S.C.A. § 7001(d)(1)(B). E-SIGN offers a degree of flexibility in record retention, by not specifying a required method. The company can choose its method of retention, whether it be paper copies, a computer hard drive, CD-ROM, main server, or any other means the company chooses. The statute requires only that the information is accurate, stored, and readily available. Failure to provide proper electronic disclosures can subject a company to compliance risks.

I'm reading: Implementing Electronic Signatures - Emily WalshTweet this!

No comments:

Post a Comment

Discussion and feedback is encouraged, but civility and professionalism will be maintained by administrative censoring of abusive or off-topic comments. Thank you.

Note: Only a member of this blog may post a comment.