Monday, February 24, 2014

Electronic Signatures: What Every Employer Needs to Know

...

The Handwritten Signature

In the past few centuries, a detailed body of law has developed regarding the effect of a handwritten signature. A signature shows intent to be bound in a contract. It can provide assurance that everyone understands the terms of an agreement. It can evidence approval of a document. We rely on handwritten signatures because a signature typically provides a way to prove who made the agreement (authentication) and what the parties intended and agreed to do (non-repudiation). ...

The Electronic Signature

An employer who uses electronic signatures should ensure that the electronic signature has the same effect and provides the same legal protections as a handwritten one. At the simplest level, an electronic signature must be unique and verifiable so that it can provide the authentication and non-repudiation benefits of a handwritten signature.

But what is an electronic signature? It is commonly defined as an electronic sound, symbol, or process attached to or associated with a record that someone executes or adopts with the intent to sign the record. Under this definition, the signature doesn't even need to be a person's name – as long as it is uniquely identifiable.

The trouble with typing one's name on a Word document is that anyone can do it.

The Law

The Uniform Electronic Transactions Act

The The Uniform Electronic Transactions Act was released in 1999 by the Uniform Law Commission (formerly the National Conference of Commissioners on Uniform State Laws), a non-profit, non-partisan organization that drafts model legislation for states to adopt when uniformity and consistency is desirable (such as commercial financial transactions). The UETA was the Commission's attempt to bring uniformity to the area of electronic records, including electronic signatures.

States are not required to adopt the UETA, and, although almost all states have enacted a version of it, some have made significant changes to the original "model" language. Thus, it is necessary for employers to evaluate the applicable law in every state in which they operate.

The UETA generally provides that a record, signature or contract will not be denied legal effect or enforceability solely because it is in electronic form. Regarding authentication of electronic signatures, the UETA provides that the signature is attributable to an individual if it can be shown in any manner to have been the act of that individual, including through the efficacy of a security measure. The UETA defines a "security measure" as any procedure used to verify an electronic signature, record or performance, including procedures that require the use of algorithms or codes, identifying words or numbers, encryption or callback, or other acknowledged procedures.

The E-SIGN Act

Because not every state adopted the UETA, the federal government attempted to promote electronic transactions by enacting the Electronic Signatures in Global and National Commerce Act ("E-SIGN") in 2000. The Act provides that a signature or contract related to interstate or foreign commerce may not be denied legal validity solely because it is electronic. However, the Act also includes numerous caveats, including that a consumer must consent to the electronic format. Further, E-SIGN is expressly preempted by any state that has enacted the UETA without substantial modification.

Court Opinions

Not only does the law vary from state to state depending on the version of the UETA enacted, but also courts have reached different conclusions based on the specific circumstances of the cases before them.

For example, the U.S. Court of Appeals for the First Circuit, which hears appeals from federal courts in most of the New England states and Puerto Rico, held in Campbell v. General Dynamics Govt. Systems Corp. (2005), that a straightforward email expressly describing a new, mandatory arbitration provision could form a valid arbitration agreement, especially if the company had a history of announcing policies via company-wide email or if it had required the employee to click a box or send a response. Nevertheless, the evidence in that case indicated the company did nottypically handle personnel matters via email and did not require a response from the employee. Under those circumstances, the court found that the email was not sufficient to establish a contract with the employee.

In Buckhalter v. J.C. Penney Corp. (2012), a federal judge in Mississippi found that an electronic signature on an arbitration agreement was binding – despite the plaintiff's claim that the signature was not his – because of the electronic integrity of the company's "onboarding" process for new hires. The system first assigned each new employee a unique identification number, and then required the employee to create a password that no one, not even the system administrator, knew. The employee was then required to log back into the company's online portal using the newly created password to complete his onboarding process, which included electronically signing the arbitration agreement. The employee also had to complete one form with a supervisor, which was further evidence that the employee had signed the arbitration agreement and thus was bound by it.

Similarly, in a case involving life insurance benefits, the Michigan Court of Appeals found that there was sufficient evidence that the deceased had changed his beneficiaries electronically about six months before committing suicide, where he entered into the insurance company's electronic system his policy number, his Social Security number, his mother's maiden name, and his email address, and then chose a password and verified it before changing the designations. Zulkiewski v. American General Life Ins. Co. (2012). Moreover, the insurance company's system then sent him an email verification with a method to challenge the beneficiary changes, to which he did not respond.

Rather than arguing that an electronic signature is per se insufficient, a savvy litigator is likely to argue that the signature is a mistake, or that the signature was transmitted by mistake, or even that the signature is an electronic forgery. According to the U.S. Court of Appeals for the Fifth Circuit in In re Piranha (2003), where the validity of an electronically signed resignation was at issue in a bankruptcy case, a litigant may challenge an electronic signature by discussing the context and surrounding circumstances at the time it was executed. In Piranha, the individual contended that an electronically-filed SEC document indicating that he had resigned was submitted in error. Based on its review of the circumstances and the individual's behavior during the period in question, the court agreed that his actions were not consistent with those of a person who had resigned. (The Fifth Circuit hears appeals from federal courts in Louisiana, Mississippi, and Texas.)

Employers should also keep in mind that the developing case law suggests that an email exchange can bind the sender just as much as a formal contract, assuming the traditional elements of a contract are met. For example, in International Casings Group, Inc. v. Premium Standard Farms, Inc. (2005) (not an employment case), a federal court in Missouri found that an electronic signature in an email formed a binding contract based, in part, on the fact that the email chain could be authenticated – meaning there was proof of who had sent it. The court noted that an email could be forged but that a handwritten contract could be forged as well. Because there were means to verify which computer sent the email, the fact that the negotiations were electronic did not render them invalid as evidence of the terms of the parties' agreement. (Missouri has adopted the UETA.)

Lessons for Employers

There isn't an exact digital analog to an original, handwritten signature – at least not yet. But following these guidelines will assist a company in implementing effective and enforceable e-signature practices:

- Put your e-signature policy in writing. It's easier to argue that an employee knew that it was important to check his email when that is included in the handbook.

- Know the e-signature laws of the states in which you do business. As already noted, most states have enacted a version of the UETA, but the details can still vary by state.

- Go beyond the "black-letter" law. Merely following the letter of the E-SIGN Act or your state's UETA may not be enough in the eyes of a court. Consult with outside professionals to make sure that your processes effectively establish authenticity and non-repudiation.

- Don't leave any "wiggle room." Whatever method you use, make sure that it provides assurance that the signature is actually from the individual; that the underlying document was not altered before it was e-signed (in other words, that both parties knowingly agreed to the same terms); and that the signees are closed off from later denying that they signed the document, or claiming that they signed or transmitted it by mistake.

- Make it a group effort. Implementing electronic signatures – and electronic business operations – should combine the professional expertise of your company's legal, technical, and business teams. Software, security, and programming issues will obviously need to be addressed by those who speak in binary and C++, while the lawyers can ensure that the system complies with applicable laws and provides the information necessary for your company to defend itself in litigation.

...