Navigation
Syndicate
ESIGN Laws Research and Whitepapers
Research - Paper and the Costs of Doing Business Using Paper
Paper, we all use it, and we all know there is a better way. What many organizations do not understand is the costs associated with not converting to an electronic platform. Paper, ink, time, shipping, storing, and retrieving paper costs money, so what does it all cost? Take a look at some of this research and judge for yourself.
Citigroup and Environmental Defense - Copy Paper Costs
City of Menasha - Image Feasibility Study - Paper Storage Costs
University of Massachusetts Medical Center - Paper Storage Costs
Bruce Silver Associates Law Firm - Paper Storage Costs
The Solid Waste Management Coordinating Board - Office Paper Costs
Public Key Infrastructure (PKI)
Currently, when most people think of digital signature capturing the first technology that comes to mind is Public Key Infrastructure or ("PKI"). However, the old guard of PKI is a dying technology. PKI is a good solution with serious limitations that will hinder and impede its continued growth. PKI is both expensive to implement and maintain.
PKI also frustrates the business process because it requires a third party to issue a certificate to an individual. Essentially this certificate says the third party has verified the person and they are who they say they are. This process can work for internal business operations; however, it is completely ineffective in a sales or transaction driven process. No one will slow down the sales cycle to send someone to a third party vendor just to make a sale.
The following articles help to support these statements:
“PKI systems are particularly expensive to maintain if they are based on software installed internally.” VeriaSign on the TCO for in house PKI installations.
Verisign and Blue Bridge - Total Cost of Ownership for Public Key Infrastructure
ABA describes a critical weakness of PKI based signatures in their PKI Assessment Guidelines. PKI authenticates but it fails to identify who a user is - Sec D.3.1.2 on page 147
The ABA's Information Security Committee (ISC) - PKI Assessment Guidelines
Executive overview of problems with PKI
Griffin Technologies - PK-Why?
Problems with traditional PKI
ArticSoft - Solving problems in PKI
Webtrust study on the merits and failures of PKI
AICPA/CICA - WebTrust Program for Certification Authorities
Electronic Signatures in Global and National Commerce Act (ESIGN)
On June 30, 2000, Congress enacted the Electronic Signatures in Global and National Commerce Act ("ESIGN" or "the Act"), to facilitate the use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically. The Act went into effect in October 2000.
McBride Baker & Coles - state-by-state breakdown of electronic signature laws
Fastwater - Electronic Signatures - E-Sign Act Opinion Piece
Rogers Joseph O'Donnell & Phillips - Electronic Signature Statutes
North Carolina Secretary of State - Electronic Signatures
National Electronic Commerce Coordination Council White Papers - E-Sign
IT Audit - Institute of Internal Auditors - Electronic Signatures
U.S. Department of Education - Standards for e-Sign Student Loans
Sarbanes-Oxley Act (SOX) (SOA)
The strength of the U.S. financial markets depends on investor confidence. Recent events involving allegations of misdeeds by corporate executives, independent auditors and other market participants have undermined that confidence. In response to this threat to the U.S. financial markets, Congress passed, and the President signed into law, the Sarbanes-Oxley Act of 2002 (the "Sarbanes-Oxley Act"), which effects sweeping corporate disclosure and financial reporting reform. One of the most effective solutions for compliance with SOX is to make tracking and monitoring your electronic communications automated. PrivaSign will help you comply with SOX and give you superior control over the flow and access to your electronic files.
U.S. Department of Labor - Office of Administrative Law Judges - Sarbanes Oxley
Entrust - Sarbanes Oxley - Information Security Governance
Securities and Exchange Commission - Frequently Asked Questions - Electronic Filling
Health Insurance Portability and Accountability Act (HIPAA)
The privacy provisions of the federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses. The Department of Health and Human Services (HHS) has issued the regulation, "Standards for Privacy and Security of Individually Identifiable Health Information," applicable to entities covered by HIPAA. The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation.
Health and Human Services Electronic Signature Standards - HIPAA
Minnesota State Archive - Electronic and Digital Signatures - HIPAA
Iowa - HIPAA Electronic Signature Standards
North Dakota - HIPAA Electronic Signature Standards
Mississippi - HIPAA Electronic Signature Standards
Medicare - Kansas, Nebraska and NW Missouri - Electronic Signature Standards
Virginia Department of Medical Assistance Services - HIPAA - Electronic Signatures
Gramm-Leach-Bliley Act (GLB)
The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act, includes provisions to protect consumers personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.
The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to “financial institutions,” which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional “financial institutions” are regulated by the FTC.
Department of Education - Electronic Signatures - GLB - Student Loans
Office of Comptroller of the Currency - Electronic Signatures - GLB
Government Paperwork Elimination Act (GPEA)
The Government Paperwork Elimination Act (GPEA, P.L. 105-277) requires that, when practicable, Federal agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with the public by 2003. In doing this, agencies will create records with business, legal and, in some cases, historical value. This guidance focuses on records management issues involving records that have been created using electronic signature technology.
OMB Procedures & Guidance - Implementing Government Paperwork Elimination Act
Department of Justice - Legal Considerations in Designing and Implementing Electronic Processes
Government Paperwork Elimination Act
Measuring the Success of Office Paper Reduction Efforts
Records Management Office - GPEA - Electronic Signature Guidelines
Chief Information Officers Council - Electronic Signatures and the GPEA
U.S. Department of Agriculture - Electronic Signatures and the GPEA
Chief Information Officers Council - Electronic Signatures and the GPEA H.R. 4328
Department of the Interior - CIO Report on GPEA and Electronic Signatures