PoPIA: 5 tips to secure electronic signatures in your business
This presents business with several opportunities in terms of cost savings on printing, courier fees, storage and retrieval of documents.
However, the challenges that must be met for legal compliance with the Protection of Personal Privacy Act (PoPIA) in South Africa and the EU’s General Data Protection Regulation (GDPR) may include the signing of documents remotely using digital signatures, often by more than one party.
Take board resolutions, where members are based in offices around the region or even the country. Like every legal document, resolutions need to be signed and dated by the members of the board as they would do with minutes of meetings.
Such signing of documents using digital or electronic signatures brings its own specific complications. Signatures can easily be copied and pasted into online versions of documents using simple technology, such as standard snipping tools, an online signing tool or any graphic design system. This makes signatures vulnerable to cyber threats.
Electronic and digital signing technology is often costly, particularly where several individuals in an organisation are signatories. Digital signatures can lock a document once signed and will not allow any changes, but the same is not always true of electronic signatures.
Secure solutions for legal compliance
- Find signature technology that all of your main signatories will have access to, and be able to use for all documents. This must be a single system, controlled centrally in your organisation or for your board of directors. If this functionality is embedded within software that your company or board already uses, such as your paperless agenda software, it will ensure lower cost and maximum efficiency.
- Ensure that the signature created using this system has both a “user identity” stamp and a “date and time” stamp created automatically by the secure signature system with each signature made. Ensure these electronic stamps are entirely tamper-proof. Note that where user identity and date and time stamps are not present, the signature might not be valid and documents can be contested.
- Make sure documents to be stamped can only be signed by designated signatories.
- A signing system that keeps a record of document version control is vital, and your software must note a version for every person who has edited a document.
- A truly secure system where individuals can sign documents legally has the necessary security protocols in place, such as: Secure login credentials with an email notification to the user for every login, One-Time-Pins (OTPs) sent via SMS or Email of the appropriate signatory; or an Authenticator App for each login, encryption of all documents for signing, Secure audit logs of who signed which document, on which days and at what time, and the ability to lock the file once signed.