Recordkeeping considerations for electronic signatures

Last year I wanted to move some hand-signed paper forms to online forms in a Victorian (Australian) public-sector workplace. I initially was not sure if I was allowed to replace hand-signing with electronic signing. I also wondered what to consider to ensure the process remained legal as well as recordkeeping compliant.

A hand-drawn mark on paper is not the only analogue method of signing. Other methods that have been used include fingerprints, seals, as well as stamps. I became interested in signature stamps when I travelled to Seoul, South Korea, for a conference in 2016, and learnt that stamps were historically used as signatures (also in China, Japan, and some other countries). Interestingly, they are still in some use in South Korea.

The stamp is called a ‘Dojang’ in Korean (도장), and can also be called a seal, a name stamp, or a name chop. My ‘research focus group’ (my partner, who grew up in South Korea, plus some friends that he ‘KakaoTalk’ messaged) informed me that while the stamp is accepted as a legitimate signature, people these days tend to hand-sign (or e-sign) most documents in Korea. One of the reasons is that it’s a pain to have to carry the stamp around. However, my focus group told me that it’s likely they would make the point to use their stamp for very official documentation such as buying a house. They also need it to get another banking passbook issued, as the bank would compare their current stamp to the stamp they have on file from setting up the account (similar to how Australian banks have ‘signature books’ with copies of hand-signed names).

Dojang

A Dojang 도장 (Korean seal) Photo credit:
http://www.buhaykorea.com/2008/09/01/dojang-korean-chop/

Back to electronic signatures. Frustratingly, I found it difficult to find neutral authoritative sources of information on electronic signatures. It seemed that every article had been written by a vendor wanting to sell a workflow software product (though don’t discount these articles, as some of the products are very useful!)

I kept researching and talking to people until I felt informed enough to speak about it at first a State-wide, and then a National conference. If you are interested in this topic, here are some resources to get you started.

An electronic signature is any electronic method which carries the intention of being a signature. We already use these in our personal and work life. It can be a PIN when paying by credit card, drawing on an electronic pad when collecting a registered letter or parcel, or saying ‘yes’ on the phone when being recorded, to buy car insurance. It includes some emails and online forms, or using workflow within an electronic system. Technically, it includes hand-signing a form then scanning it, and submitting the scan electronically (which I had to do last week in order to submit an online form for an Australian Federal Police check – couldn’t I have submitted through the myGov portal?)

Strictly speaking, an electronic signature can use any appropriate method, whereas a digital signature is a specific type of electronic signature, which has more controls and security around it.  A digital signature is likely to be more difficult and expensive to implement, and is not necessary for lower-stakes or most internal-to-the-organisation approvals.

There are three criteria for a compliant electronic signature in Australia, and it’s similar in many other jurisdictions:

  1. Identity: you need to accept the approval in a way that identifies the person and indicates their intention to approve the matter
  2. Reliability: the method used to obtain the digital approval must be as reliable as appropriate for the purpose (use your judgement or seek legal advice as there’s no clear-cut definition of what is reliable)
  3. Consent: the entity requiring the signature must agree to receiving it this way.

At times there may be other criteria or conditions in other related laws. If in doubt, seek legal advice before making the changeover.

In addition, I recommend ensuring that the record of the signature is managed appropriately as a record, i.e. to ensure that it is authentic, reliable, usable, and has integrity (the four characteristics of a record from AS/ISO 15489).  Even if the record has a short-term retention period, you still need to ensure that the record is available for that entire period, as with any other record.

Are you interested in using electronic signatures in your organisation? Want to ensure they are recordkeeping compliant? Here are some resources to get you started:

Action plan for implementing electronic signatures PLUS considerations for purchasing electronic signature (approval) software

I wrote an article about this which is available in the Image and Data Manger (IDM) October-November 2017 print issue, or conveniently online. It has a four step action plan, plus four considerations for purchasing relevant software.

Community of practice

I have created a LinkedIn group called ‘Electronic signatures/digital approvals’. I invite you to join the group and share your resources, questions, challenges and success stories in implementing electronic signatures. Please join this community of practice so we can learn from each other, and have an audience to share our successes.

Journal on digital evidence and electronic signatures

Yes, there is an entire online journal available on electronic signatures worldwide.

Key legislation in Australia and my home state of Victoria

  • Section 10 of the Electronic Transactions Act 1999 (Commonwealth)
  • Section 9 of the Electronic Transactions Act 2000 (Victoria)

NAA Digital Authorisations Framework

This article in IDM introduces the new NAA Digital Authorisations Framework and provides links to the NAA’s website on it. You can use these resources to help understand what digital approval method is most appropriate for the situation.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s