Records and information management FAQs – Are signatures the final barrier to a truly digital business environment? September 28, 2015
I recently moved into an old, slightly creaky house, so have spent the last few months organising for various work to be done to make the house less likely to burn down, less accessible to creepy crawlies and generally more habitable. I have been continually amazed by the reliance of various tradespeople on a piece of paper with my signature on it. In many cases they have emailed me a scanned copy of a quote, which I have been required to print out, sign, scan and email back to them. (This is particularly frustrating for someone who doesn’t own a printer!!)
A survey conducted by Adobe late last year found that while many people have embraced digital behaviours, digitally authenticating business documents is one of the remaining obstacles to the creation of a truly digital (or ‘paperless’) workplace. This reticence to embrace digital authentication presents a significant obstacle to conducting business digitally from start to finish.
This is something that citizens in NSW are also thinking about. In 2014 the Accelerating Digital Government Taskforce conducted a public survey to seek input from the community about preferences and priorities for digital government in NSW. Among other issues, respondents commented that digital signatures should be accepted as readily as physical signatures.
So what’s holding people back?
As we noted in a previous blog post, there is no legal need for a ‘wet’ signature. The two key pieces of legislation which affect the legality of using any form of digital signature are the Electronic Transactions Act 2000 and the Evidence Act 1995. The National Archives of Australia has published a great summary of evidence law in Australia – because the NSW Evidence Act mirrors the Commonwealth Evidence Act, this advice is also applicable to NSW public offices.
I also recently came across this advice from law firm HopgoodGanim Lawyers on electronic signatures and their legal validity in Australia. As this advice notes, while electronic signatures are a valid way of executing agreements under Australian law, there are risks associated with their use:
Arguably the biggest failing with digital signatures and public-key cryptography generally, is that they are dependent on the private key being kept secret. If the private key is exposed, it is open for someone to dispute that they were indeed the person who ‘digitally signed’ a document.
Do we need a shift in attitude rather than the deployment of specific technology?
The Adobe survey mentioned above found that while people are happy to use credit cards to buy things online, they are worried that digitally signed documents won’t be accepted.
It may be that replacing paper processes with digital ones is not enough – we need to re-examine and re-design our processes for the digital world. Instead of identifying where ‘wet’ signatures have been used in the past and simply implementing a technology solution to provide digital signatures instead, it may be better to look at processes, determine what types of authorisation are required, and then design a digital process with the necessary level of authorisation (which may or may not include digital signatures). In other words, information management by design!
A discussion on the Records and Information Management Professionals Australasia (RIMPA) listserv earlier this year about digital signatures noted this exact need. Participants in the discussion commented that:
We looked at this extensively last year and concluded that, with few exceptions, ‘wet’ signatures (on paper documents) were really only required on contractual documents over a certain value. I think most organisations misunderstand what a signature achieves and as a result, overstate the requirement for ‘wet’ one.
The level of evidence (signatures, embedded metadata, audit trails, etc) should be assessed with reference to risk and resources required for implementation.
It can be really hard to shake the notion that paper records are still required and that ‘wet’ signatures are essential. On the other hand, audit logs and digital trails (for example email routing details) can be incredibly powerful to show who did or saw what, and when. And sometimes why.
I’d suggest that it’s worth reviewing processes that require approval/sign-off and consider the level of authenticity required as proof. In many cases email approval may be sufficient, or else using an approval button built into a tool used to manage a process. An example would be if you are using a workflow tool to manage invoice payment, at some point payment needs approval. Many finance systems have inbuilt capability to indicate approval electronically. In this case as long as there is an audit trail with some level of authentication around who the person is then you don’t need a ‘signature’. Even simpler, if someone sends an email authorising payment, this email could be retained as proof. It doesn’t need to be a huge investment or a big process – the main thing for me would be maintaining the authentic record of sign-off.
What has been your organisation’s experiences with signatures? Are there certain teams within your organisation that still insist on ‘wet’ signatures? Have you had success in re-designing processes for the digital world? We’d love to hear from you – please leave a comment below or contact us.
Leave a Reply
You must be logged in to post a comment.