Appendix 3 - Electronic signatures

Purpose

This guidance should be considered when the use of electronic signatures is contemplated, as part of designing new or revised systems, forms or processes involving expenditure.

Definitions

“Signature” derives from the Latin signum, meaning “sign, mark or seal”, today it usually involves the application of some version of a party’s name to the document by that party. In general, signature is a voluntary act of a party in relation to a document by which it becomes an expression of that party’s wishes and intentions. Signatures are of course used in contexts where their legal effect is at best evidential: e.g. to make a claim of ownership of a book on its flyleaf; or to declare one’s presence at a particular place, as in a visitor’s book; or to take responsibility for the contents of a manuscript, as in an examination script book; or to send personal greetings to another elsewhere, as in birthday, Christmas, retirement or get well cards.

But they can have a greater legal effect where the intention is to create legally enforceable rights and duties (whether immediately or in the future) through the document being signed, as for example in a contract, a will or a disposition of heritable property. It should be noted, however, that a signature is not necessarily enough by itself to make a document legally effective: in a multi-party document it may not come into effect before all parties have signed, while a unilateral document may require delivery to its beneficiary and/or an equivalent, such as registration in a public register, to become effective.

“Electronic signature”

Electronic signatures deliver a way to sign documents in the online world, much like one signs a document with a pen in the offline world. Electronic signatures come in many forms, including:

• Typewritten
• Scanned
• An electronic representation of a handwritten signature
• A unique representation of characters
• A digital representation of characteristics, for example,
• fingerprint or retina scan
• A signature created by cryptographic means

Electronic signatures can be divided into three groups:

• Simple electronic signatures – these include scanned signatures and tick-box plus declarations.
• Advanced electronic signatures – these are uniquely linked to the signatory, are capable of identifying the signatory, and are linked to data within the signature that can detect any changes made.
• Qualified electronic signatures – an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.

Electronic signatures are only as secure as the business processes and technology used to create them. High value transactions need better quality electronic signatures; more securely linked to the owner in order to provide the level of assurance needed and to ensure trust in the underlying system.

Better quality electronic signatures can offer:

• Authentication – linking the signatory to the information
• Integrity – allowing any changes to the information provided to be detected more easily
• Non-repudiation – ensuring satisfaction (in a legal sense) about where the electronic signature has come from

Electronic signatures in Scotland’s public sector

There are surely many examples of the use of ‘electronic signatures’ as defined, and some outside this definition, across the public sector in Scotland.

Within health, for example, the use of electronic signatures to authenticate the writer’s willingness to be bound by the legal terms or otherwise, of a document, will also surely increase, given the Scottish Government’s continuing progress with both the e-Health and 2020 Vision strategies for improvements in NHS Scotland health and social care delivery.

Given the size and complexity of core and ancillary business transactions, messaging, processes and procedures which govern spending of public funds, trying to cover all of the potential variants whereby electronic signatures in their various forms may be used, is not possible in this brief guidance.

The most common general areas are:

• Employment: processes in the remuneration of travel & subsistence expenses by employees, contractors or agency labour provision
• Procurement & Commissioning: contracts being signed by economic operators and public sector contracting authorities for the supply of goods, equipment and services
• NHS Primary Care: signing of contracts between primary care contractors and NHSS public contracting authorities for the supply of goods, equipment and services

General principles

There are some general principles of good guidance which can be provided and applied to these common general areas, and any messaging associated with them. These are as follows:

Establish whether the electronic document or form should be ‘subscribed’ or not (see para 7.1 above). If this is required then the signature is placed at the end of the document text.

Ensure that the name of the writer and owner, or individual willing to be bound by the legal obligations or otherwise of the document, is placed in the body of the document, should you wish to have the electronic signature as a ‘tick-box’ or ‘I accept’ type of positive consent entry box. This will enable the ‘tick-box’ method of signature entry to meet the legal requirements as laid down by relevant case law.

In general only the owner or individual willing to be bound by the legal obligations or otherwise of the document can electronically sign a document, unless provision is made in relevant legal instruments for third party signatories, such as a power of attorney.

Further guidance

Further guidance on electronic signatures can be provided by the Prevention Team at CFS.