Ink on E-Sign Still Isn't Dry; Feds to Review Process

Computerworld - Washington

A bill that would place electronic signatures on a level legal ground with written ones still remains a work in progress, despite becoming law in October.

The U.S. Federal Trade Commission and the Department of Commerce recently announced plans to seek public comment on some of the consumer protection provisions in the legislation and to hold a workshop on the issue April 3. The agencies then plan to report their findings to Congress, which, in turn, could decide to amend the law.

The act allows businesses to use electronic signatures in consumer transactions, provided the consumer "affirmatively consents" in a manner that demonstrates that he can receive electronic notices.

The fear is that a business will offer discounts to customers who agree to receive billing and other notices via e-mail. Customers, however, may agree to those provisions, "even when they don't have a computer, in order to get a transaction at a reasonable cost," said Margot Saunders, managing attorney at the Washington office of the National Consumer Law Center.

The consumer protection provisions are also intended to provide safeguards from unscrupulous business practices, said Saunders.

These issues aside, there is no evidence to suggest that companies began stampeding to adopt electronic signatures once the law took effect.

"People are still looking at it, figuring out what their real options are," said Jennifer Blackmore, an analyst at IDC in Framingham, Mass.

Analysts said companies are considering a variety of issues, such as the legal impact of using digital signatures, and customer acceptance. But there are clear benefits, such as speeding up a company's ability to cement a customer contract, particularly in financial online transactions that now require signed documents.

One of the issues affecting corporate adoption of digital signatures is whether signatures are actually required on some transactions, according to Victor Wheatman, an analyst at Gartner Group Inc. in Stamford, Conn.

A major push for adoption is coming from the Health Insurance Portability and Accountability Act (HIPAA), which sets security and privacy standards that health care providers will have to comply with in about two years.

Health care officials are being extra cautious about privacy and security because of the high stakes: Failure to comply with HIPAA could result in jail terms or fines.

"There is a general sense that passwords are not sufficient for applications on an open network," said Tom Hagan, CIO at Personal Path Systems Inc. in Saddle River, N.J. Personal Path is working with Plano, Texas-based Entrust Technologies Inc. to install digital signature capabilities at someBlue Cross/Blue Shield Association insurers.

Read more about privacy in Computerworld's Privacy Knowledge Center.