Have you recently enjoyed the convenience of completing a form electronically, only to get to the end of the process and realise that you need to print it out so you can sign it? Does your agency have any processes that start as electronic, only to stumble at the last hurdle and require a physical signature?
In the age of ‘born digital, stay digital’, there is an increased expectation that the majority of routine transactions should be processed digitally from beginning to end. However, for a variety of reasons, this can seem to be the exception rather than the norm.
To help debunk some of the myths that maintain the use of wet (physical) signatures, we’ve developed a new mythbuster that summarises some of the most common questions we receive. The information below provides some advice that might assist with the transition from wet to electronic signatures.
Are electronic signatures the same as digital signatures?
Without getting too technical, an electronic signature essentially refers to the method of authenticating a person as the source of a digital message and also indicates that person’s approval of the information contained in the message.
There are a variety of types of electronic signatures, including:
- digitised signatures – e.g. a scanned handwritten signature inserted as an image; use of signature blocks (e.g. on emails)
- online forms – e.g. Adobe forms; workflow approvals in applications (e.g. timesheets)
- touch screens – e.g. Australia Post courier delivery
- digital signatures – e.g. use of encryption technology to transform a message to a seemingly unintelligible form and back again.
What does the legislation say about using electronic signatures?
For cultural reasons, some people still like to rely on wet signatures. However the Electronic Transactions (Queensland) Act 2001 provides for the use of electronic signatures, as long as they meet three key criteria:
- the signature identifies a person and indicates their intention (e.g. providing approval via an email)
- is appropriate (reliable) for the purposes in which they are used (noting that digital signatures offer greater security compared to digitised signatures)
- the person receiving the document consents to receiving a signature in electronic form.
Some exclusions regarding the use of electronic signatures are outlined in Schedule 1 of the Act. You may also have more specific provisions within legislation relevant to your business which may require legal analysis.
An informative article published by the Queensland Law Society – Electronic signatures: When are they effective? – goes into more detail about the relationship between electronic signatures and legislative framework for electronic communications.
What’s QSA’s advice about using electronic signatures?
Here within the Government Recordkeeping team, we often receive queries from government agencies regarding the use of electronic signatures. Questions are usually along the lines of “How can we implement electronic signatures to reduce the need for ‘wet’ signatures”?
At QSA, we asked ourselves this very same question as we started our paperlite journey last year. What we found during our transition, and through discussions with other agencies, is that while the process of implementing electronic signatures isn’t a one-size-fits-all approach, there are a few key recordkeeping steps that will help with the implementation of electronic signatures. These include:
- perform (and document) a risk assessment for the use of electronic signatures for the work processes you would like to digitise – some records may potentially require more robust forms of identification/authorisation than others (e.g. contractual documents over a certain value)
- undertake an environmental scan for business requirements or other legal or policy obligations which may require ‘wet’ signatures
- develop and document processes and/or any policies and related responsibilities regarding the use of electronic signatures
- ensure any newly developed processes are understood so they can be implemented as standard business practice (for defensibility)
- ensure appropriate security measures are in place to prevent any unauthorised use of electronic signatures
- appropriate management of the document to which the signature has been added as a record, to ensure it maintains its ‘full and accurate’ characteristics throughout its life (see principle 7 from IS40: Recordkeeping).
It is also important to note that any significant change will take time to establish and embed, for example:
- to identify business processes that can transition to using electronic signatures
- to obtain necessary support and approvals
- to overcome potential resistance.
It’s an old catch phrase, but the most appropriate solution in relation to using electronic signatures needs to be a risk-based one. Therefore, that big expensive contract worth millions of dollars will most likely be best served with a physical signature. However, documents with a lower level of risk, such as your timesheet or an internal memo requesting approval to attend a free one-hour training session, can realistically be signed off electronically. If you are unsure, obtain legal advice to fully understand your own specific requirements.
If you’ve been able to bust some of the common myths around using wet signatures in your agency, we would like to hear about your experiences, including what worked and what the main challenges were. You can contact us via email, Twitter or Facebook.
A/Principal Policy Officer