IP, Technology & Data

Adobe yesterday announced that it had acquired electronic signature provider Echosign. Adobe’s intention is to integrate Echosign’s products and tools into Adobe’s PDF format/Acrobat products. Echosign’s tools allow users to electronically sign a document, or apply a traditional (inked) signature that is scanned and then incorporated into a PDF of the “signed” document.

Douglas has blogged previously about exchanging PDFs of inked signature pages, but I thought it might be worthwhile to look at the use of so called electronic signing.

Signing documents electronically
We have a number of clients that use tools similar to Echosign to allow contracts to be signed electronically. There are a number of advantages to these products – signing documents is quicker and easier, and avoids the need for physically delivering and retaining a “wet” signature page.

For standard commercial contracts, using products like Echosign generally doesn’t cause any problems from a legal perspective, but there are some things to watch out for:

Who has actually signed?
An electronic signature is generally appended by a user receiving an email that then takes the user to a website that allows the user to “sign” the document (perhaps using a unique signature key). Whilst the e-sign tool will provide evidence of the signature being appended, if the e-mail is accessed by a third party (eg someone who has access to that e-mail account) it would be open to one party to say that he/she had not signed the contract; it had been signed by someone else/someone who did not have authority. The e-sign tool does not provide evidence of who signed the contract.

In one sense, this is no different from the use of “real” signatures in the offline world where it is definitely possible for someone to say that their signature had been forged. In each case, the onus on proving that the document had been signed by the person whose signature it purports to be will fall on the person who is trying to allege that there is a valid contract. Evidentially, however, this is probably easier to do when comparing inked signatures.

Many organisations using e-sign services will take comfort from the fact that once the parties begin performing their obligations (for example, providing services and paying invoices) it will be harder for a party to argue that it was not bound by the contract because it had not signed it.

Data Protection
Many of the companies providing e-sign services are based in the US, and will host your contracts (and data about signatories) on their servers. Data protection laws contain specific rules in relation to the transfer of personal data outside the EEA. Generally, the US is not considered to provide an adequate level of protection of personal data for the purposes of European data protection legislation. Any organisation that decides to adopt such a system for signing its standard customer contracts should highlight to its customers that the data they submit may be held in the US and held by the e-sign provider subject to the terms of its privacy policy.

If the contracts contain personal data (for example, about employees) then this will be more problematic.

Confidentiality and liability of the e-sign provider
More generally, organisations may also wish to consider whether they are comfortable with commercially sensitive contracts (or contracts containing personal data) being hosted in a third party repository, and whether the service provider has in place appropriate information security controls.

In particular, you may find that the e-sign provider’s standard terms are weighted heavily in the e-sign provider’s favour. I have seen standard terms for e-sign services that contain no confidentiality obligation by the e-sign provider in favour of the user. This will cause particular concerns where copies of contracts are being held/hosted by the e-sign provider.

Data ransom
Finally, remember also that these services are generally delivered using the software as a service model. If you decide to stop using the service, can you get access to your archive of contracts and associated data? Is it in a useable form? Again, Douglas has blogged on this.

Follow me