Using electronic signatures
The Victorian Government is using electronic communications as a means of conducting business more than ever before. Many Victorian government agencies are therefore having to manage evidence and verification issues regarding records of transactions that were either created digitally or are converted into a digital format.
In Victoria, certain transactions require a written signature to be legally enforceable. In accordance with the Electronic Transactions Act 2000, a transaction will not be invalid simply because it is conducted electronically. The act establishes a set of factors which, when applied, will mean that any written or signature requirements under the statute are satisfied even though the transaction was performed electronically.
What is the difference between electronic and digital signatures?
An electronic signature or e-signature on an electronic document is intended to perform the same purpose as a handwritten signature on a paper document. Types of e-signatures include, for example:
- applying a generic email signature
- applying a digitised image of a handwritten signature to a scanned copy of a document or a born-digital document
- typing a name and then clicking ‘accept’ to agree to terms and conditions on a website
- scanned copy of a wet (i.e. ink) signature
- using a digital pen to manually sign on an electronic device.
A digital signature is a cryptographic technique that creates a unique and unforgeable identifier in an electronic document. This type of signature can be checked by the receiver to verify the identity of the author and that it has not been interfered with.
What is PROV’s view on the legality of digitised signatures?
Most commercial contracts executed by agencies are documented and signed by the contracting parties as proof that the contract close contract Definition Voluntary, deliberate, and legally enforceable (binding) agreement between two or more competent parties. A contractual relationship is evidenced by(1) an offer, (2) acceptance of the offer, and a (3) valid (legal and valuable) consideration. was authorised and can be legally enforced. Courts should now accept documents as evidence in their native form, whether born-digital or paper.
Public Record Office Victoria (PROV) does not prescribe particular requirements to agencies upon the use of digitised signatures in terms of ensuring that the records represent legal enforceability transactions.
However, to ensure that agencies continue to meet PROV recordkeeping close recordkeeping Definition Making and maintaining complete, accurate and reliable evidence of business transactions in the form of recorded information. standards the use of digitised signatures should not impact on the preservation of the record or undermine the integrity close integrity Definition The integrity of a record refers to its being complete and unaltered. of the record itself.
Retaining hardcopy records for evidential purposes
When a record is converted to a digital image and entered into an agency’s records management close records management Definition Field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records. system, it becomes the converted record and the ‘official’ record. The original hardcopy scanned record is the ‘source record’.
All agencies should retain the source records for a determined period of time (see PROS 11/07 G1 Guide to Digitisation Requirements) and in accordance with PROS 10/01 Converted Source Records Retention and Disposal Authority.
In addition to these requirements, where the hardcopy source record represents a transaction, including a record authenticated with a wet signature, agencies should consider the particular risks associated with the record type and its value.
Where the value of the document is low (e.g. routine correspondence) it may not be necessary to retain the source record, including those which have a wet signature, so long as your agency close agency Definition Any department, agency or office of the Government of Victoria has a reliable recordkeeping system close system Definition Information system which captures manages and provides access to records through time. A system may be manual or automated and includes the processes, procedures and business rules required to operate it. in place. It can be helpful to document the decision not to retain the source records for later verification purposes. On the other hand, if the value of the transaction and associated risk is high, then it may be prudent to keep the hardcopy/signed wet signature source record to verify the authenticity close authenticity Definition An authentic record is one that can be proven a, to be what it purports to be, b, to have been created or sent by the person purported to have created or sent it; and c, to have been created or sent at the time purported of the transaction, for at least the duration period of the agreement.
Agencies must verify with their legal team that their management of records with electronic and/or wet signatures complies with their particular business needs and legal obligations.
Evidence and EDRMS
An Electronic Document Records Management System (EDRMS) can strengthen the credibility of a record by documenting the process used to generate the record and, if necessary, could be used to show that this was the normal process used to generate such records. Typically, the EDRMS would be set up to:
- record an explicit approval step, together with the copy that was ‘approved’, and the date and time it was approved
- prevent subsequent tampering or disposal close disposal Definition A range of processes associated with implementing appraisal decisions which are documented in disposal authorities or other instruments. of the record of approval
- have audit logs listing who accessed the record.
Where a dispute arises as to the credibility of a record, it might be necessary to demonstrate the quality of the EDRMS and the integrity of its configuration. Controls such as the following would be important markers of a quality system with the appropriate configuration:
- proposed procedures/business rules would be part of normal business practice
- publishing takes a document out of draft and creates a 'published' version
- inability to delete a document marked as ‘Corporate Value’
- an audit trail supports the process by recording events
- security can be applied if necessary to restrict access close access Definition Refers either to the process of providing records for researchers to use in PROV reading rooms, or to the process of determining if records should or should not be withheld from researchers for a period of time. to the document once signed e.g. to apply for read-only access
- the document can be rendered into a PDF close PDF Definition A file format created by Adobe. A digital photo of a physical file. version close version Definition A copy of a record that has been changed as part ofa revision process, resulting in a new record being created. A minor version is created as part of the drafting process and a major version as part of the authorisation process. if necessary
- use of the EDRMS ‘approval’ process
- the signatory controls the process
- should any changes be made to the document, they are captured.