In the first part of this series, we explored the history of state and federal legislation governing electronic signatures and records, explained the key terminology, and addressed the fundamental principles undergirding the laws. In this part, we address some of the key requirements of the applicable laws.
The Consent Requirement
A fundamental requirement of the E-SIGN Act and UETA is the consent requirement. The E-SIGN Act and UETA do not require any party to a transaction to accept or agree to use electronic signatures or documents; they merely ensure the enforceability of such documents and signatures if the parties agree to use them.
The consent of a commercial party may sometimes be inferred. Many consumer electronic transactions, however, require affirmative consent. To avoid the possibility of a consumer slipping through, it may be prudent to include an opt-in provision in all electronic transactions without regard to whether they are believed to be consumer transactions.
Another aspect of the consent issue is that although electronic transactions are governed by UETA and the E-SIGN Act, the parties may opt out of many aspects of those laws. In other words, the parties may vary, waive or disclaim most of the provisions of UETA or E-SIGN Act by agreement, if both parties are "commercial" parties. This is not the case when one party is a consumer.
The North Carolina version of the UETA differs from the model UETA drafted by the NCUSL. It contains heightened consumer protection provisions, consisting of disclosures and procedural steps, that were not in the original UETA. These provisions were taken from the E-SIGN Act, although they do not match the E-SIGN Act perfectly. Importantly, if a party to an electronic transaction is a consumer in North Carolina, North Carolina law is deemed to apply regardless of any other contractual provision purporting to apply another state's laws.
When one party to an electronic agreement is a consumer, you must ask whether any statute, regulation, or rule of law requires the transaction be in writing or requires any information relating to the transaction be in writing. The answer is usually "yes." There are so many consumer protection laws and other laws requiring written disclosures or contracts, that it is easy to overlook one. The best practice is often to assume that some requirement of this sort applies to all consumer transactions. In these cases, the customer must be given certain disclosures prior to entering into an electronic transaction, including statements regarding various rights, as well as hardware and software requirements. It should be noted that North Carolina's UETA and the E-SIGN Act do not match perfectly in this regard, and care should be taken to satisfy both.
When any law requires a consumer be given something related to the transaction in writing, the consumer's consent must reflect the following procedural requirements:
- If the consumer provides an electronic signature using the other party’s equipment, such as a signature capture pad or a personal computer, the consumer must be given a hard copy of the relevant documents.
- If any other law requires future notices to the consumer (such as periodic statements, change in terms, etc.), they can be provided electronically, such as by email, but only if the consumer has reasonably demonstrated his or her ability to receive and access the notice in the electronic form that will be used to provide the information that is the subject of the consent. The burden of proof is on the non-consumer party, and a built-in assertion of ability to access might not suffice.
The Retention Requirement
If any law requires an electronic document be sent, provided, disclosed, retained or “in writing,” then an electronic form may be used only if the document is “capable of retention.” An electronic record is capable of retention if: (a) the recipient can print or store the electronic record; or (b) it is capable of being accurately reproduced for later reference by all parties entitled to access it. It can be accurately reproduced if it correctly reflects the information set forth in the record at the time it was first generated. The retention requirement applies to both consumer and non-consumer contexts. This does not, however, impose any new requirement to store records if the law does not otherwise require record retention.
Even though the UETA and E-SIGN Act are technologically neutral—that is, no particular format is given preferential treatment—if the format is proprietary, it must be accessible to all who are entitled to access the record. For this reason, widely-available formats are highly recommended. For example, it is easy to provide a link to the free Adobe Acrobat Reader, thereby making the PDF format accessible to a consumer. If a provider of a document chooses to use a proprietary format, the obligation is on that party ensure that the other party can access it.
For millenia, people have been denying that a signature or mark was made by them. Clearly, forgeries happen, and just as clearly, people try to get out of agreements they have made by claiming never to have made them. There is nothing new about this problem.
In the context of an electronic signature, technology could make the authentication easier or more difficult. Obviously, it is easy to type anyone's name into the signature block of a document, but that does not mean it is always hard to prove who did the typing. (That is the magic of metadata.)
The laws provide that the attribution of a signature or record to a person may be shown in any manner, including "a showing of the efficacy of any security procedure." Context can also be used. If you meet with someone in person, and they give you their email address, and you then email back and forth with them, you have evidence that an emailed signature is authentic.
In sum, while electronic signatures need to be capable of authentication, the issue is really no more problematic than in the realm of paper documents.