Legal Compliance of Electronic Signature Software
In the United States
On June 30, 2000, the Electronic Signatures In Global and National Commerce (E-SIGN) Act was signed into federal law and became effective on October 1, 2000. The E-SIGN Act implements a national uniform standard for all electronic transactions that encourages the use of electronic signatures, electronic contracts and electronic records by providing legal certainty for these instruments when signatories comply with its standards.
The E-SIGN Act includes several key provisions that address its: (1) scope; (2) application; (3) consumer consent requirements; (4) validity requirements for electronic signatures, electronic contracts and electronic records; (5) retention requirements for electronic contracts and records; (6) notarization rules; and (7) national uniform standards for the banking, insurance and stock industries.
Similarly, the Uniform Electronic Transactions Act (UETA) provides a legal framework for electronic transactions, and it gives electronic signatures and records the same validity and enforceability as manual signatures and paper-based transactions. This model act was adopted by the National Conference of Commissioners on Uniform State Laws (NCCUSL) in 1999. To see the full text of the act and additional information, see the NCCUSL website at www.uniformlaws.org. AssureSign LLC guarantees full compliance with the requirements and standards of both the E-SIGN Act and UETA for all AssureSign Electronic Signature products.
On 13 December 1999 the European Parliament issued Directive 1999/93/EC addressing the acceptance of electronic signatures for the European Communities Member States. The European Parliament further defined electronic signature as a “means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication”. Additionally the term “Advanced Electronic Signature” was defined building upon the previous definition of electronic signature to include a) it is uniquely linked to the signatory; b) it is capable of identifying the signatory; c) it is created using means that the signatory can maintain under his sole control; and d) it is linked to the data which relates in such a manner that any subsequent change of the data is detectable.
The concept of an advanced electronic signature is often related to digital signature being applied to or associated with the document being signed. The Directive addresses the need for cross-border certificate authorities or “certification-service-providers” providing a framework of accreditation. What this directive did not do is create a homogenous landscape affecting the provisioning of services with respect to the confidentiality of information where they are covered by national provisions concerned with public policy or security. AssureSign LLC complies with both the definitions of “electronic signature” and “advanced electronic signature” as defined by the European Commission by optionally requiring the presence of a digital certificate during the signing process for all AssureSign Signature Products.
In the United Kingdom
On the 25 May 2000 the Electronic Communications Act 2000 was adopted. Part II of the Act specifically addressed the facilitation of electronic commerce, data storage, etc. which included electronic signature. Electronic signature was defined as “an electronic signature incorporated into or logically associated with a particular electronic communication or particular data, and the certification by any person of such a signature, shall be admissible in evidence in relation to any question as to the authenticity of the communication of data or as the integrity of the of the communication or data.”
Furthermore an electronic signature should be incorporated or otherwise logically associated with any electronic communication or electronic data. An electronic signature should provide the ability to establishing the authenticity of the communication or data. The signatory applying a mark as an electronic signature must accept a statement confirming that a) they intend to apply an electronic signature, b) have the means of producing, communicating or verifying the signature, or a procedure applied to the signature, is (either alone or in combination with other factors) a valid means of establishing the authenticity of the communication or data the integrity of the communication or data, or both. AssureSign complies with the Electronic Communications Act 2000 for all AssureSign Electronic Signature products.
Safe Harbour Statement
For personal information of employees, consumers, healthcare professionals, medical research subjects and investigators, customers, investors, and government officials that AssureSign LLC receives from the European Economic Area, AssureSign LLC has committed to handling such personal information in accordance with the Safe Harbor Principles. The AssureSign LLC Safe Harbor certification can be found at https://www.export.gov/safehrbr/list.aspx. For more information about the Safe Harbor Principles, and to view AssureSign’s certification, please visit the U.S. Department of Commerce’s Website at http://export.gov/safeharbor/.
For AssureSign’s full statement on Safe Harbor practices and privacy, see https://www.assuresign.net/documents/privacyPolicy.aspx.
Resiliency and Survivability
As a hosted, web-based, Software-as-a-Service (SaaS) offering, AssureSign is an enterprise-class mission critical application for all users and must be available 24 hours a day, 7 days a week. AssureSign data centers are hardened, carrier-grade facilities and all network elements are designed to support 99.99% uptime. AssureSign’s AssureSign servers and supporting systems are in secure, limited access, firewall protected, environmentally controlled, and geographically distributed centers. All systems are monitored via proactive mechanisms, and redundancy and distribution of our services allow us to keep your electronic signature transactions flowing without interruption.
An AssureSign electronic signature contains biometric and forensic elements that make it more secure than a pen and paper signature process. AssureSign captures ‘the act of signing’ and stores the biometrics of the signature executed with a mouse or stylus. Additional elements of the signature such as email address of signatories, recipients, IP addresses of signatories, dates and times are also captured and stored. AssureSign enlists numerous methods to ensure all transactions are confidential, secure and can only be accessed by authorized users. Each AssureSign user is provided with a unique user name and password that must be entered each time a user logs on. All signature and document review/retrieval transactions are conducted over Secure Socket Layer (SSL) technology. This protects your information using both server authentication and data encryption, ensuring that your data is safe, secure and available only to registered users in your organization. Your data will be completely inaccessible to any other AssureSign user organization.
AssureSign, and sister company 3PV, have completed and store over 29 million verbal and written contracts and documents for Fortune 500 companies; passing numerous security certifications and evaluations. These records and customer specific data contained therein, are encrypted in transit and at rest. To enhance security for the enterprise and the signatory, AssureSign can also offer front-end authentication options offering email, password and third-party integration to authentication providers.