OFFICIAL POLICY. Policy Statement

Similar documents
NEVADA REVISED STATUTES. Title 59 - ELECTRONIC RECORDS AND TRANSACTIONS CHAPTER 719 ELECTRONIC TRANSACTIONS (UNIFORM ACT)

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 1999 S 1 SENATE BILL 1266

Title 10: COMMERCE AND TRADE

This title may be cited as the Uniform Electronic Transactions Act.

U.S. Code Title 15 Commerce and Trade Chapter 96 Electronic Signature in Global and National Commerce Act Section General rule of validity

NC General Statutes - Chapter 36F 1

As Introduced. 132nd General Assembly Regular Session S. B. No

UNCITRAL E-SIGN UETA COMPARISON 1

ELECTRONIC TRANSACTIONS LAW

Annex A ELECTRONIC TRANSACTIONS LAW

IC ARTICLE 39. REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT

NASS Resolution Reaffirming Support for the National Electronic Notarization Standards

1. Electronic means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.

NASS Support for the Revised National Electronic Notarization Standards

1 ELECTRONIC COMMUNICATIONS IN CONTRACTUAL TRANSACTIONS 2 DRAFT TABLE OF CONTENTS 3 PART 1 4 GENERAL PROVISIONS

H. R [Report No , Parts I and II]

Summary of Committee Discussion/Questions No discussion or questions occurred among Committee members prior to approval of the proposed policy.

REVISOR PMM/NB A

CHAPTER 308B ELECTRONIC TRANSACTIONS

Archival Legislation in Singapore

JUDICIARY OF GUAM ELECTRONIC FILING RULES 1

H 7502 SUBSTITUTE A ======== LC004302/SUB A ======== S T A T E O F R H O D E I S L A N D

STATE OF NEW JERSEY N J L R C NEW JERSEY LAW REVISION COMMISSION FINAL REPORT. Relating to RESIDENTIAL MORTGAGE SATISFACTION ACT.

RESIDENTIAL MORTGAGE SATISFACTION ACT

A Bill Regular Session, 2017 HOUSE BILL 1479

UNIFORM RESIDENTIAL MORTGAGE SATISFACTION ACT

H 7502 S T A T E O F R H O D E I S L A N D

ARRANGEMENT OF SECTIONS PART I PRELIMINARY

MONTANA CODE ANNOTATED

UNIFORM REAL PROPERTY ELECTRONIC RECORDING ACT UNIFORM REAL PROPERTY ELECTRONIC RECORDING ACT

ASEAN ELECTRONIC COMMERCE LEGISLATION COMPARISON TABLE (version dated 1 Dec 2000) MATRIX UNCITRAL Singapore Brunei Thailand Malaysia Philippines

Electronic Notarization

Referred to Committee on Judiciary. SUMMARY Makes various changes relating to electronic documents and electronic signatures.

EXEMPT (Reprinted with amendments adopted on June 5, 2017) FOURTH REPRINT A.B Referred to Committee on Judiciary

Chapter 340. H.B. No AN ACT. relating to appointment of and performance of notarial acts by an

BILL, Explanatory. (These notes form no part of the Bill but are intended only to indicate its general purport)

St",øtT sæ PUBL C CHAPTER NO. 93I

Mortgage Bankers Association-American Land Title Association Model Legislation for Remote Online Notarization Section-by-Section

DELAWARE CODE TITLE 6. COMMERCE AND TRADE SUBTITLE II. OTHER LAWS RELATING TO COMMERCE AND TRADE CHAPTER 12A. UNIFORM ELECTRONIC TRANSACTIONS ACT

Checklist for Conforming Laws Related to Remote Online Notarization ( RON )

2501 Aerial Center Parkway, Suite 103, Morrisville, NC enotary White Paper

Article III - ( ) ELECTRONIC SIGNATURES AND RECORDS ACT

Presenting a live 90-minute webinar with interactive Q&A. Today s faculty features:

CHAPTER 137. AUTHENTICATIONS AND ELECTRONIC TRANSACTIONS AND RECORDS SUBCHAPTER I

ELECTRONIC TRANSACTIONS ACT

EXHIBIT D THE UNITED NATIONS CONVENTION ON THE USE OF ELECTRONIC COMMUNICATIONS IN INTERNATIONAL CONTRACTS WITH AMERICAN COMMENTARY

UNIFORM REAL PROPERTY ELECTRONIC RECORDATION ACT

Report of Banking, Commercial and Bankruptcy Law Committee

COLORADO REVISED STATUTES

TABLE OF CONTENTS. TITLE 57 NOTARIES PUBLIC Revised Uniform Law on Notarial Acts

ELECTRONIC COMMERCE ACT

UNIFORM RULES RELATING TO DISCOVERY OF ELECTRONICALLY STORED INFORMATION

Tentative Translation ELECTRONIC TRANSACTIONS ACT, B.E (2001) 1

Georgia Computer System Protection Act

ORGANISATION OF EASTERN CARIBBEAN STATES

CODE OF VIRGINIA TITLE NOTARIES AND OUT-OF-STATE COMMISSIONERS CHAPTER 1. GENERAL PROVISIONS

1 HB By Representative Williams (P) 4 RFD: Technology and Research. 5 First Read: 13-FEB-18. Page 0

Colorado Revised Statutes 2016 TITLE 12

NEW JERSEY LAW REVISION COMMISSION. Revised Tentative Report Relating to RULONA / New Jersey Notaries Public Act. September 23, 2013

Privacy Impact Assessment. April 25, 2006

REPUBLIC OF THE PHILIPPINES DEPARTMENT OF TRADE AND INDUSTRY DEPARMENT OF BUDGET AND MANAGEMENT BANGKO SENTRAL NG PILIPINAS

Resolution adopted by the General Assembly. [on the report of the Sixth Committee (A/56/588 and Corr.1)]

THE ERIE WESTERN-PENNSYLVANIA PORT AUTHORITY RULES AND REGULATIONS GOVERNING THE RELEASE OF PUBLIC RECORDS UNDER THE PENNSYLVANIA RIGHT-TO-KNOW LAW

UNIFORM RESIDENTIAL MORTGAGE SATISFACTION ACT * UNIFORM RESIDENTIAL MORTGAGE SATISFACTION ACT

NORTH DAKOTA CENTURY CODE TITLE 9. CONTRACTS AND OBLIGATIONS CHAPTER 9-16 ELECTRONIC TRANSACTIOSN

INTERNATIONAL CHAMBER OF COMMERCE INTERNATIONAL STANDBY PRACTICES (ISP98) (ICC publication No. 590)

Memorandum. To: The Commission From: John JA Burke Date: 10 May 2004 Re: Uniform Commercial Code Revision Process (Working Paper)

Obligation of good faith.

CHAPTER 1 RECORDS RETENTION AND DISPOSITION

OHIO REVISED CODE TITLE 1. STATE GOVERNMENT CHAPTER 147. NOTARIES PUBLIC

FINAL REPORT ON THE LAW OF INFORMATION TECHNOLOGY

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE PRE-FILED FOR INTRODUCTION IN THE 2016 SESSION

E-Signatures and Electronic Loan Documentation: Complying with ESIGN/UETA, Interplay With the UCC

NC General Statutes - Chapter 32C Article 1 1

Belton I.S.D. Records Management Policy and Procedural Manual. Compiled by: Record Management Committee

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

The Electronic Information and Documents Act, 2000

202.5-b. Electronic Filing in Supreme Court; Consensual Program.

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

Kane County Local Rule

MARCH 13, Referred to Committee on Judiciary. SUMMARY Makes various changes to provisions pertaining to Uniform Commercial Code.

Subpart A General Provisions

Revised Uniform Law on Notarial Acts (RULONA)

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

H 8072 S T A T E O F R H O D E I S L A N D

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Enrolled. House Bill 2610

Going Paperless: Legal Requirements And Best Practices For Online Enrollment Agreements 1 April 11, 2013

ARTICLE ONE GENERAL 2009 OPERATING RULES ARTICLE ONE. SUBSECTION Effect of Illegality

RIVERSIDE SCHOOL DISTRICT

Legal Counsel to the Financial Services Industry

General Assembly. United Nations A/CN.9/WG.I/WP.42/Add.1

NC General Statutes - Chapter 1 Article 45C 1

Provider Electronic Trading Partner Agreement

Template Commission pursuant to Section 11 BDSG

ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]

OBJECTS AND REASONS

Security Video Surveillance Policy

Information Technology (Amendment) Act, 2008

Scott Gessler. Notice of Proposed Rulemaking

REVISED UNIFORM LAW ON NOTARIAL ACTS

Transcription:

OFFICIAL POLICY 11.5.1 COLLEGE OF CHARLESTON POLICY ON UNIFORM ELECTRONIC TRANSACTIONS ACT 7/26/2016 Policy Statement It is the Policy of the College to use and accept Electronic Records and Electronic Signatures and to do so in a manner and to an extent that is fully consistent with both the UETA and the Standards. Policy Manager and Responsible Department or Office Information Security/ Information Technology Policy 1.0 PURPOSE This Policy implements the South Carolina Uniform Electronic Transactions Act ( UETA ) (S.C. Code Ann. 26-6-10 et seq.) that was enacted in 2004 and the South Carolina Standards for Electronic Signatures promulgated on February 28, 2007 (the Standards ) by the South Carolina Budget and Control Board.1 This Policy also specifies the terms and conditions under which the College will use Electronic Records and Electronic Signatures for the conduct of its business and academic operations.2 2.1 DEFINITIONS3 The following terms shall have the definition ascribed to each:

(a) "Agreement" means the bargain of the parties in fact, as found in their language or inferred from other circumstances and from rules, regulations, and procedures giving the effect of agreements under law otherwise applicable to a particular Transaction. (b) "Computer Program" means a set of statements or instructions used directly or indirectly in an Information Processing System to bring about a certain result. (c) "Electronic" means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities. (d) "Electronic Agent" means a Computer Program or an Electronic or other automated means used independently to initiate an action or respond to Electronic Records or performances in whole or in part, without review or action by an Individual. (e) "Electronic Record" means a Record created, generated, sent, communicated, received, or stored by Electronic means. 1 Section 26-6-190 of UETA states, in part: The South Carolina State Budget and Control Board shall adopt standards to coordinate, create, implement, and facilitate the use of common approaches and technical infrastructure, as appropriate, to enhance the utilization of Electronic Records, Electronic signatures, and security procedures by and for public entities of the State. The Standards are available at: http://cio.sc.gov/nr/rdonlyres/a825af86-8fda-4a63-8a02-8907639020ec/0/scruetascstandardsforelectronicsignatures.pdf. 2 Statutory references in this Policy will be to the South Carolina Uniform Electronic Transactions Act, unless otherwise noted. Portions of this Policy are quoted directly from the statute and the Standards or are slightly modified to more directly relate to the operations of the College. 3 S.C. Code Ann. 26-6-20. (f) "Electronic Signature" means an Electronic sound, symbol, or process attached to or logically associated with a Record and executed or adopted by a Person with the intent to sign the Record. (g) "Individual" means a single natural Person; one human being. (h) "Information" means data, text, images, sounds, codes, Computer Programs, software, databases, or other forms for the communication or reception of knowledge. (i) "Information Processing System" means an Electronic system for creating, generating, sending, receiving, storing, displaying, or processing Information. (j) "Person" means an Individual, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, governmental agency, public corporation, or other legal or commercial entity. (k) "Record" means Information that is inscribed on a tangible medium or that is stored in an Electronic or other medium and is retrievable in perceivable form. (l) "Transaction" means an action or set of actions occurring between two or more Persons relating to the conduct of business, commercial, or governmental affairs. 3.0 POLICY STATEMENT It is the Policy of the College to use and accept Electronic Records and Electronic

Signatures and to do so in a manner and to an extent that is fully consistent with both the UETA and the Standards. 4.1 APPLICABILITY TO TRANSACTIONS AND RECORDS 4.2 Generally. (a) In accordance with the Standards, while Fax transmissions, voice mails, PDA communications, and tape backups are Electronic Records, they are out of the scope of these [S]tandards. 4 Consequently, unless otherwise specifically noted below, this Policy will not apply to Fax transmissions, voice mails, or PDA communications. (b) The decision as to whether Electronic Signatures or Records may be used with respect to a particular type of Transaction or Record shall be made by Executive Vice President or Senior Vice President having management responsibility for that type of Transaction or custody over that type of Record. 4.3 Electronic Records. Except as specifically excluded by the UETA5, all Records that the 4 Standards, Section 1.2. 5 See S.C. Code Ann. 26-6-30. Neither this Policy nor the UETA is applicable, for example, to wills, codicils or testamentary trusts; an order for prescription drugs; certain sections of the Uniform Commercial Code; and several consumer notices required by law. In addition, neither this Policy nor UETA is intended to override any provision of the federal Electronic Signatures and National Commerce Act (15 USC 7001 et seq.)(the E- Act ). Accordingly, any conflict between UETA/this Policy and the E-Act will be resolved in favor of the E-Act. College is required to maintain under the South Carolina Public Records Act (S.C. Code Ann. 30-1-10 et seq.) or any other provision of State law may be stored and maintained in an Electronic format, provided that all State laws, rules, regulations and guidance of particular application to each type or class of Records are observed by the custodian of the Records. 4.4 Electronic Signatures. There are four elements to a valid Electronic Signature: (1) use of a signature unique to the signer; (2) Agreement by the parties to use an Electronic Signature; (3) a clear intent to sign; and (4) association of the signature with the signed Record. When determining if the conditions are present, the College will examine the authentication of the signer, non-repudiation by the signer, and integrity of Record. 6 4.5 Originality. In the absence of any reasonable suspicion, when an Electronic Signature meeting the four elements listed in Section 4.3 is presented the College will presume the originality of the Record that has been signed. Only one version may be treated as the authoritative version and as the original Record, whether or not there are

multiple copies of that Record. If Information is added or changed to that Record it will be deemed to comprise a new version of the Record, to which the original signature no longer applies. This new Record may be stored as a separate, duplicate or ancillary Record. The version to be treated as an original signed version may not change. The new Record may in turn be signed, creating a new, separately verifiable Electronic Signature.7 5.1 STANDARDS FOR ELECTRONIC SIGNATURES 5.2 General Rule. Electronic Signatures accepted by the College must meet the standards contained in this Section 5.0 in addition to any other standards that may be imposed by a law of specific application to the particular Record that is being signed. 5.3 Use of Signature Unique to the Signer. (a) The Electronic Signature must uniquely identify the signer, be under the reasonable control of the signer, and be unlikely of use by any unauthorized entity. The Standards advise, in part, as follows: The Electronic sign, symbol, or process serving as the Electronic Signature must uniquely identify the Person, business, agency, or system which is the signer of the Electronic Record, and be under the reasonable control of that party. The most commonly used form of identification in Electronic Transactions is the Personal Identification Number (PIN) or password, either assigned arbitrarily to the party by a service provider or self-selected by the party, and used in conjunction with a unique user identification. This PIN or password serves as an Electronic Signature either by being entered in response to a request to sign a Transaction, or by the party s executing an action with intent to sign, while 6 Standards, Section 1.2 7 Standards, 1.2 authenticated by the PIN or password.8 (b) The party using the Electronic Signature bears the responsibility for maintaining control and security of the relevant sign, symbol, or process signifying the signature. Security, however, over the means for assigning the means of creating the Electronic Signature, and for maintaining the confidentiality of the Electronic Signature received reside with the College office that has custody of the Records and administrative control over the Electronic Signature process. 5.4 Agreement by The Parties. (a) In the case of an Electronic Signature, both the signer of the signed document and the authorized College representative for that Transaction must agree, either explicitly or implicitly, that the Electronic sound, symbol, or process will serve as a signature for the Electronic document or Record.

(b) The College may negotiate separate Agreements with business concerns dealing with the use and acceptance of Electronic Signatures. Such Agreements, however, are not necessary. Participation in a Transaction by a business or Individual party containing clear and unambiguous provisions dealing with the required or permitted use of Electronic Signatures constitutes acceptance of those provisions and all other terms and conditions of the underlying Transaction. (c) An Electronic Signature may be created by the signing party or on behalf of a party by an authorized agent, including an Electronic Agent. (d) A party that agrees to conduct a Transaction by Electronic means may refuse to conduct other Transactions by Electronic means. This right of refusal shall not be waived by Agreement.9 5.5 Intent to Sign. The act of applying the Electronic Signature to a Record must be intentional. Intent will be inferred by the contents of the document or Record and the facts and circumstances surrounding the Transaction. The College requires a prior Agreement with the signer or clear and unambiguous notification in or accompanying the Transactional document or subject Record stating that the execution of the Transaction or authentication of the Record can or must be effected by an Electronic Signature. 5.6 Association of the Signature With the Signed Record. The Electronic Signature must be physically or logically associated with the Electronic Record that is signed, and that association must persist for as long as the Record is maintained in accord with the Records retention schedule of the College or, if the Record is maintained for a longer period for good cause, then for the life of the Record. 5.7 Notarized Signatures. A law requiring a signature or record to be notarized, acknowledged, verified, or made under oath is satisfied if the Electronic Signature of the person 8 Standards, 1.4 9 S.C. Code Ann. 26-6-50 authorized to perform those acts, together with all other information required to be included by other applicable law, is attached to or logically associated with the signature or record.10 6.1 SECURITY 6.2 Risk Assessment. (a) The Chief Information Officer of the College ( CIO ) shall perform, or cause to be performed with outside consultants, as appropriate, periodic risk assessments to determine the best means of implementing Electronic Signatures and maintaining the appropriate level of security for each type of activity for which Electronic Signatures may be used. The first such assessment shall be conducted and completed by July 23, 2010. Thereafter, such assessments must be conducted no less frequently that once during each three year period.

(b) The assessment referred to in subsection (a) of this Section 6.1 shall include consideration of the following: (i) nature and value of the data and Records in the Transactions; (ii) susceptibility of the Transaction s data to fraud; (iii) type of communication for the Transactions; (iv) security of the systems which host the Transaction processes and data; (v) reliability of the systems which host the Transaction processes and data; (vi) consequences of successful fraud for participants, the College, and the system(s); (vii) role and authority of the user base, especially on those systems where there are multiple levels of authorization on the data; (viii) existing technology base and the cost of technology; (ix) required level of confidence in establishing the users identity; (x) required level of communication integrity; (xi) required level of Record integrity; and (xii) required level of non-repudiation for Records.11 6.3 Risk Mitigation Plan. Within 30 days after the first risk assessment required under Section 6.1(a), the CIO shall prepare, and keep current, a risk mitigation plan that will detail how action will or can be taken to resolve all known risks, mitigate the risk, or have a contingency operating plan in response to a particular risk. The risk mitigation process will be fully documented. No system for the collection or use of Electronic Signatures or sensitive Records will continue to be operated if there is an unacceptable risk of unauthorized access, improper Recordation of the Transaction, or other critical failure dealing with the integrity or security of the Record. The determination of an unacceptable risk shall be made by the appropriate Executive or Senior Vice President having management responsibility for that type of Transaction or custody over that type of Record. 10 S.C. Code Ann. 26-6-110 11 Standards, 3.1. 6.4 Freedom of Information Act. Because of the risk to Individual privacy and identity theft, and the need to protect critical operations and Records of the College, risk assessments and the Risk Mitigation Plan will not be provided to the general public under the provisions of the South Carolina Freedom of Information Act (S.C. Code Ann. 30-4- 10 et seq.). Within the College, such assessments and Plan may only be provided to the following: the President, each member of the President s Executive Team, and upon request, to the Chair of the Board of Trustees or such other members of the Board as may be designated by the Chair. Others within the employee of the College may have access to such documents only on a need-to-know basis, as determined by the Executive Vice President for Business Affairs.

7.1 TECHNICAL OPERATING PROCEDURES The CIO shall establish, develop, implement and maintain operating procedures to carry out this Policy and to ensure its continued effectiveness, security and ease of operation and continuing compliance with the provisions of S.C. Code Ann. 26-6-180 (B).12 In addition thereto, the CIO shall also investigate and develop capabilities for systems that would address each of the following: 12 S.C. Code Ann. 26-6-180 (B) provides: (B) To the extent that a governmental agency uses electronic records and electronic signatures pursuant to subsection (A), the governmental agency, in consultation with the South Carolina State Budget and Control Board, giving due consideration to security, may specify: (1) the manner and format in which the electronic records must be created, generated, sent, communicated, received, and stored and the systems established for those purposes; (2) if electronic records must be signed by electronic means, the type of electronic signature required, the manner and format in which the electronic signature must be affixed to the electronic record, and the identity of, or criteria that must be met by, a third party used by a person filing a document to facilitate the process; (3) control processes and procedures appropriate to ensure adequate preservation, disposition, integrity, security, confidentiality, and auditability of electronic records; and (4) other attributes required for electronic records which are specified for corresponding nonelectric records or reasonably necessary under the circumstances. (a) Use of Countersignatures - The capability to prove the order of application of signatures. (b) Independent Verifiability - The capability to verify a party s Electronic signature without the cooperation of the signer. (c) Interoperability of Electronic Signature Technology - The assurance that applications, systems or other Electronic components used during phases of communication between trading partners and/or between internal components of an entity, are able to read and correctly interpret the Transaction Information communicated from one to the other. (d) Multiple Signatures - The capability of multiple parties to sign an Electronic Record, document or Transaction. (e) Data Transportability - The ability of a signed document to be transported over an insecure network to another system, while maintaining the integrity of the document, including content, signatures, signature attributes, and (if present) document attributes.13

8.0 AMENDMENTS This Policy may be amended at anytime in accordance with the Colleges Campus Wide Policy Making Procedures. 9.0 RESPONSIBILITY The Chief Information Officer of the College shall be responsible for the maintenance of this Policy. Sections 6.1 and 6.2 of this Policy shall become effective immediately. All other sections of the Policy shall be effective 30 days after completion of the first Risk Mitigation Plan, as further described in Section 6.2. ********** Departments/Offices Affected by the Policy All Departments Procedures Related to the Policy Related Policies, Documents or Forms

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback