PRIOR PRINTER'S NO. 741 PRINTER'S NO 1182
No. 555 Session of 1999
INTRODUCED BY HART, JUBELIRER, MELLOW, BRIGHTBILL, CONTI, DENT,
THOMPSON, GERLACH, WOZNIAK, EARLL, SLOCUM, KUKOVICH, MUSTO,
WAGNER, BOSCOLA, WAUGH, CORMAN, KASUNIC, ROBBINS AND MURPHY,
MARCH 24, 1999
SENATOR TOMLINSON, COMMUNICATIONS AND HIGH TECHNOLOGY, AS
AMENDED, JUNE 8, 1999
AN ACT
1 Regulating electronic records and electronic signatures; <--
2 providing for their security and for their use by
3 governmental entities; imposing duties on the Secretary of
4 the Commonwealth; providing for enforcement; and establishing
5 civil remedies.
6 TABLE OF CONTENTS
7 Chapter 1. Preliminary Provisions
8 Section 101. Short title.
9 Section 102. Purposes and construction.
10 Section 103. Application.
11 Section 104. Definitions.
12 Section 105. Public access to information.
13 Chapter 3. Electronic Records and Electronic Signatures
14 Section 301. Legal recognition.
15 Section 302. Electronic records.
16 Section 303. Electronic signatures.
17 Section 304. Originals forms.
18 Section 305. Admissibility into evidence.
1 Section 306. Retention of electronic records.
2 Section 307. Electronic use not required.
3 Section 308. Applicability of other statutes or rules.
4 Chapter 5. Secure Electronic Records and Secure Electronic
5 Signatures
6 Section 501. Secure electronic records.
7 Section 502. Secure electronic signatures.
8 Section 503. Commercially reasonableness and reliance.
9 Section 504. Rebuttable presumptions.
10 Section 505. Creation and control of signature devices.
11 Section 506. Attribution of signature.
12 Section 507. Notarization and acknowledgment.
13 Section 508. Secretary's authority to certify security
14 procedures.
15 Section 509. Unauthorized use of signature devices.
16 Chapter 7. Use of Electronic Records And Signatures
17 by Governmental Entities
18 Section 701. Use of electronic records by governmental
19 entities.
20 Section 702. Adoption of standards for use by governmental
21 entities.
22 Section 703. Interoperability.
23 Chapter 9. Administration
24 Section 901. Departmental regulations.
25 Section 902. Enforcement.
26 Chapter 11. Miscellaneous Provisions
27 Section 1101. Severability.
28 Section 1102. Effective date.
29 PROVIDING FOR USE OF ELECTRONIC RECORDS AND SIGNATURES, FOR <--
30 APPLICATION AND CONSTRUCTION, FOR LEGAL RECOGNITION OF
31 ELECTRONIC RECORDS, FOR PROVISION OF INFORMATION IN WRITING,
19990S0555B1182 - 2 -
1 FOR ATTRIBUTION AND EFFECT OF ELECTRONIC RECORD AND
2 SIGNATURE, FOR EFFECT OF CHANGES AND ERRORS, FOR NOTARIZATION
3 AND ACKNOWLEDGMENT, FOR RETENTION OF ELECTRONIC RECORDS AND
4 ORIGINALS, FOR ADMISSIBILITY IN EVIDENCE, FOR FORMATION OF
5 CONTRACT, FOR OPERATIONS OF ELECTRONIC AGENTS, FOR TIME AND
6 PLACE OF SENDING AND RECEIPT, FOR TRANSFERABLE RECORDS, FOR
7 SECURE ELECTRONIC RECORDS AND SIGNATURES, FOR PRESUMPTIONS
8 AND FOR GOVERNMENTAL ELECTRONIC RECORDS AND SIGNATURES.
9 TABLE OF CONTENTS
10 CHAPTER 1. GENERAL PROVISIONS
11 SECTION 101. SHORT TITLE.
12 SECTION 102. DEFINITIONS.
13 SECTION 103. SCOPE.
14 SECTION 104. USE OF ELECTRONIC RECORDS AND SIGNATURES;
15 VARIATION BY AGREEMENT.
16 SECTION 105. APPLICATION AND CONSTRUCTION.
17 SECTION 106. LEGAL RECOGNITION OF ELECTRONIC RECORDS,
18 SIGNATURES AND CONTRACTS.
19 SECTION 107. PROVISION OF INFORMATION IN WRITING.
20 SECTION 108. ATTRIBUTION AND EFFECT OF ELECTRONIC RECORD AND
21 SIGNATURE.
22 SECTION 109. EFFECT OF CHANGES AND ERRORS.
23 SECTION 110. NOTARIZATION AND ACKNOWLEDGMENT.
24 SECTION 111. RETENTION OF ELECTRONIC RECORDS AND ORIGINALS.
25 SECTION 112. ADMISSIBILITY IN EVIDENCE.
26 SECTION 113. FORMATION OF CONTRACT.
27 SECTION 114. TIME AND PLACE OF SENDING AND RECEIPT.
28 SECTION 115. TRANSFERABLE RECORDS.
29 CHAPTER 2. SECURE ELECTRONIC RECORDS AND SIGNATURES
30 SECTION 201. SECURE ELECTRONIC RECORDS.
31 SECTION 202. SECURE ELECTRONIC SIGNATURES.
32 SECTION 203. PRESUMPTIONS.
33 CHAPTER 3. GOVERNMENTAL ELECTRONIC RECORDS
19990S0555B1182 - 3 -
1 SECTION 301. CREATION AND RETENTION OF ELECTRONIC RECORDS;
2 CONVERSION OF WRITTEN RECORDS.
3 SECTION 302. SENDING AND ACCEPTING ELECTRONIC RECORDS.
4 SECTION 303. INTEROPERABILITY.
5 CHAPTER 4. MISCELLANEOUS PROVISIONS
6 SECTION 401. SEVERABILITY.
7 SECTION 402. EFFECTIVE DATE.
8 The General Assembly of the Commonwealth of Pennsylvania
9 hereby enacts as follows:
10 CHAPTER 1 <--
11 PRELIMINARY PROVISIONS
12 Section 101. Short title.
13 This act shall be known and may be cited as the Electronic
14 Transactions Act.
15 Section 102. Purposes and construction.
16 This act shall be construed consistently with what is
17 commercially reasonable under the circumstances and to
18 effectuate the following purposes:
19 (1) To facilitate electronic communications by means of
20 reliable electronic records.
21 (2) To facilitate and promote electronic commerce, by
22 eliminating barriers resulting from uncertainties over
23 writing and signature requirements and by promoting the
24 development of the legal and business infrastructure
25 necessary to implement secure electronic commerce.
26 (3) To facilitate electronic filing of documents with
27 State and local government agencies and to promote efficient
28 delivery of government services by means of reliable
29 electronic records.
30 (4) To minimize the incidence of forged electronic
19990S0555B1182 - 4 -
1 records, intentional and unintentional alteration of records
2 and fraud in electronic commerce.
3 (5) To help to establish uniformity of rules and
4 standards regarding the authentication and integrity of
5 electronic records.
6 (6) To promote public confidence in the integrity and
7 reliability of electronic records and electronic commerce.
8 Section 103. Application.
9 (a) General rule.--This act applies to all parties involved
10 in generating, sending, receiving, storing or otherwise
11 processing electronic records and, except for section 509, may
12 be varied by an agreement of the parties.
13 (b) Application to executive agencies.--
14 (1) Unless specifically provided by law to the contrary,
15 this act shall apply to all executive agencies. The
16 Governor's Office of Administration may adopt standards
17 setting forth the minimum security requirements for the use
18 of electronic records and electronic signatures by executive
19 agencies. The Governor's Office of Administration shall
20 specify appropriate minimum security requirements to be
21 implemented and followed by executive agencies.
22 (2) Notwithstanding the provisions of subsection (a), an
23 executive agency may not vary this act by any agreement that
24 is inconsistent with the standards published by the
25 Governor's Office of Administration without the written
26 approval of the Governor's Office of Administration.
27 (c) Application to independent agencies and State-affiliated
28 entities.--Independent agencies and State-affiliated entities
29 may adopt standards setting forth the minimum security
30 requirements for their use of electronic records and electronic
19990S0555B1182 - 5 -
1 signatures.
2 (d) Application to General Assembly and unified judicial
3 system.--The General Assembly and its agencies and the unified
4 judicial system and its agencies may adopt rules setting forth
5 the minimum security requirements for their use of electronic
6 records and electronic signatures.
7 (e) Application to political subdivisions.--Political
8 subdivisions may adopt a resolution or take other official
9 action setting forth the minimum security requirements for their
10 use of electronic records and electronic signatures.
11 Section 104. Definitions.
12 The following words and phrases when used in this act shall
13 have the meanings given to them in this section unless the
14 context clearly indicates otherwise:
15 "Department." The Department of State of the Commonwealth.
16 "Electronic." An electrical, digital, magnetic, optical,
17 electromagnetic or any other form of technology that entails
18 capabilities similar to these technologies.
19 "Electronic record." A record generated, communicated,
20 received or stored by electronic means for use in an information
21 system or for transmission from one information system to
22 another.
23 "Electronic signature." A signature in electronic form
24 attached to or logically associated with an electronic record.
25 "Executive agency." A department, board, commission,
26 authority or officer or agency of the executive branch of the
27 Commonwealth subject to the policy, supervision and control of
28 the Governor.
29 "Governmental entity." An executive agency, independent
30 agency, State-affiliated entity or other instrumentality of the
19990S0555B1182 - 6 -
1 Commonwealth. The term includes the General Assembly and its
2 agencies, the unified judicial system and its agencies as well
3 as all State-related institutions, authorities and political
4 subdivisions.
5 "Independent agency." A board, commission or other agency or
6 officer of the Commonwealth which is not subject to the policy
7 supervision and control of the Governor. This term does not
8 include any State-affiliated entity, any court or other officer
9 or agency of the unified judicial system, the General Assembly
10 and its officers and agencies, any State-related institution,
11 political subdivision or any local, regional or metropolitan
12 transportation authority.
13 "Information." Data, text, images, sound, codes, computer
14 programs, software, data bases and the like.
15 "Person." An individual, corporation, business trust,
16 estate, trust, partnership, limited partnership, limited
17 liability partnership, limited liability company, association,
18 joint venture, government, governmental entity, agency, or
19 instrumentality, or any other legal or commercial entity.
20 "Qualified security procedure." A methodology or procedure
21 approved by the Secretary of the Commonwealth or agreed upon by
22 the parties and used for the purpose of:
23 (1) verifying that an electronic record is that of a
24 specific person; or
25 (2) detecting error or alteration in the communication,
26 content or storage of an electronic record since a specific
27 point in time and that may use algorithms or codes,
28 identifying words or numbers, encryption, answer back or
29 acknowledgment procedures or similar security devices.
30 "Record." Information that is inscribed, stored or otherwise
19990S0555B1182 - 7 -
1 fixed on a tangible medium or that is stored in an electronic or
2 other medium and is retrievable in perceivable form.
3 "Secretary." The Secretary of the Commonwealth.
4 "Signature device." Unique information, including, but not
5 limited to, codes, algorithms, letters, numbers, personal
6 identification numbers (PINs) or a uniquely configured physical
7 device, that is required, alone or in conjunction with other
8 information or devices, in order to create an electronic
9 signature attributable to a specific person.
10 "Signed" or "signature." A symbol executed or adopted or a
11 security procedure employed or adopted, using electronic means
12 or otherwise, by or on behalf of a person with intent to
13 authenticate a record.
14 "State-affiliated entity." A Commonwealth authority or a
15 Commonwealth entity. The term includes the Pennsylvania Turnpike
16 Commission, the Pennsylvania Housing Finance Agency, the
17 Pennsylvania Municipal Retirement Board, the Pennsylvania
18 Infrastructure Investment Authority, the State Public School
19 Building Authority, the Pennsylvania Higher Education Facilities
20 Authority and the State System of Higher Education. The term
21 does not include a court or an officer or agency of the unified
22 judicial system, the General Assembly and its officers and
23 agencies, any State-related institution, political subdivision
24 or a local, regional or metropolitan transportation authority.
25 "Trustworthy manner." Through the use of computer hardware,
26 software and procedures that in the context in which they are
27 used:
28 (1) Can be shown to be reasonably resistant to
29 penetration, compromise and misuse.
30 (2) Provide a reasonable level of reliability and
19990S0555B1182 - 8 -
1 correct operation.
2 (3) Are reasonably suited to performing their intended
3 functions or serving their intended purposes.
4 (4) Comply with applicable agreements between the
5 parties, if any.
6 (5) Adhere to generally accepted security procedures.
7 Section 105. Public access to information.
8 Information or records created by or provided to a
9 governmental entity shall be subject to inspection and copying
10 only to the extent already required under the act of June 21,
11 1957 (P.L.390, No.212), referred to as the Right-to-Know Law.
12 CHAPTER 3
13 ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES
14 Section 301. Legal recognition.
15 Information, records, agreements and signatures may not be
16 denied legal effect, validity or enforceability solely on the
17 grounds that they are in electronic form.
18 Section 302. Electronic records.
19 (a) General rule.--Where a law requires information to be in
20 writing or provides for certain consequences if it is not, an
21 electronic record satisfies that law or regulation.
22 (b) Inapplicability.--This section shall not apply:
23 (1) when its application would involve construction of a
24 law or regulation that is clearly inconsistent with the
25 manifest intent of the lawmaking body or repugnant to the
26 context of the same law or regulation, provided that the mere
27 requirement that information be in writing or printed shall
28 not by itself be sufficient to establish the intent;
29 (2) to any law or regulation governing the creation or
30 execution of a will or trust, living will or health care
19990S0555B1182 - 9 -
1 power of attorney; or
2 (3) to any record that serves as a unique and
3 transferable instrument of rights and obligations, including,
4 without limitation, negotiable instruments and other
5 instruments of title wherein possession of the instrument is
6 deemed to confer title unless an electronic version of the
7 record is created, stored and transferred in a manner:
8 (i) that allows for the existence of only one
9 unique, identifiable and unalterable original with the
10 functional attributes of an equivalent physical
11 instrument;
12 (ii) that can be possessed by only one person; and
13 (iii) that cannot be copied except in a form that is
14 readily identifiable as a copy.
15 Section 303. Electronic signatures.
16 (a) General rule.--Where a law or regulation requires a
17 signature or provides for certain consequences if a document is
18 not signed, an electronic signature shall be deemed to satisfy
19 that law or regulation.
20 (b) Proof.--An electronic signature may be proved in any
21 manner, including, but not limited to, by showing that a
22 procedure existed by which a party must, of necessity, have
23 executed a symbol or security procedure for the purpose of
24 verifying that an electronic record is that of the party in
25 order to proceed further with a transaction.
26 (c) Inapplicability.--This section shall not apply:
27 (1) when its application would involve a construction of
28 a law or regulation that is clearly inconsistent with the
29 manifest intent of the lawmaking body or repugnant to the
30 context of the same law or regulation, provided that the mere
19990S0555B1182 - 10 -
1 requirement of a signature shall not by itself be sufficient
2 to establish the intent;
3 (2) to any law or regulation governing the creation or
4 execution of a will or trust, living will or health care
5 power of attorney; or
6 (3) to any record that serves as a unique and
7 transferable instrument of rights and obligations, including,
8 without limitation, a negotiable instrument and any other
9 instrument of title wherein possession of the instrument is
10 deemed to confer title unless an electronic version of that
11 record is created, stored and transferred in a manner:
12 (i) that allows for the existence of only one
13 unique, identifiable and unalterable original with the
14 functional attributes of an equivalent physical
15 instrument;
16 (ii) that can be possessed by only one person; and
17 (iii) that cannot be copied except in a form that is
18 readily identifiable as a copy.
19 Section 304. Original forms.
20 (a) General rule.--Where a law or regulation requires
21 information to be presented or retained in its original form or
22 provides consequences if the information is not presented or
23 retained in its original form, that law or regulation shall be
24 deemed satisfied by an electronic record if there exists
25 reliable assurance as to the integrity of the information from
26 the time when it was first generated in its final form as an
27 electronic record or otherwise.
28 (b) Assessment of integrity and standard of reliability.--
29 (1) The criteria for assessing integrity
30 shall be whether the information has remained complete and
19990S0555B1182 - 11 -
1 unaltered, apart from the addition of any endorsement or
2 other information that arises in the normal course of
3 communication, storage and display.
4 (2) The standard of reliability required to ensure that
5 information has remained complete and unaltered shall be
6 assessed in the light of the purpose for which the
7 information was generated and in the light of all the
8 relevant circumstances.
9 (c) Inapplicability.--This section shall not apply to any
10 record that serves as a unique and transferable instrument of
11 rights and obligations, including, without limitation, a
12 negotiable instrument and any other instrument of title wherein
13 possession of the instrument is deemed to confer title unless an
14 electronic version of the record is created, stored and
15 transferred in a manner:
16 (1) that allows for the existence of only one unique,
17 identifiable and unalterable original with the functional
18 attributes of an equivalent physical instrument;
19 (2) that can be possessed by only one person; and
20 (3) that cannot be copied except in a form that is
21 readily identifiable as a copy.
22 Section 305. Admissibility into evidence.
23 (a) General rule.--In any legal proceeding, the
24 admissibility of an electronic record or electronic signature
25 into evidence may not be denied:
26 (1) on the sole ground that it is an electronic record
27 signature; or
28 (2) on the grounds that it is not in its original form
29 or is not an original.
30 (b) Weight of evidence.--Information in the form of an
19990S0555B1182 - 12 -
1 electronic record shall be given due evidentiary weight by the
2 trier of fact. In assessing the evidentiary weight of an
3 electronic record or electronic signature where its authenticity
4 is at issue, the trier of fact may consider:
5 (1) The manner in which it was generated, stored or
6 communicated.
7 (2) The reliability of the manner in which its integrity
8 was maintained.
9 (3) The manner in which its originator was identified or
10 the electronic record was signed.
11 (4) Any other relevant information or circumstances.
12 Section 306. Retention of electronic records.
13 (a) General rule.--Where a law or regulation requires that
14 certain documents, records or information be retained, that
15 requirement is met by retaining electronic records of the
16 information in a trustworthy manner provided that the following
17 conditions are satisfied:
18 (1) The electronic record and the information contained
19 therein are accessible so as to be usable for subsequent
20 reference at all times when the information must be retained.
21 (2) The information is retained in the format in which
22 it was originally generated, sent or received or in a format
23 that can be demonstrated to represent accurately the
24 information originally generated, sent or received.
25 (3) Such data as enables the identification of the
26 origin and destination of the information, the authenticity
27 and integrity of the information and retention of the date
28 and time when it was sent or received.
29 (b) Qualification.--An obligation to retain documents,
30 records or information in accordance with subsection (a) does
19990S0555B1182 - 13 -
1 not extend to any data, the sole purpose of which is to enable
2 the record to be sent or received.
3 (c) Construction.--Nothing in this section shall be
4 construed to prohibit a governmental entity from specifying
5 additional requirements for the retention and use of records
6 that are subject to the jurisdiction of the entity.
7 Section 307. Electronic use not required.
8 Nothing in this act shall be construed to:
9 (1) require any person to create, store, transmit,
10 accept or otherwise use or communicate information, records
11 or signatures by electronic means or in electronic form; or
12 (2) prohibit any person engaged in an electronic
13 transaction from establishing reasonable requirements
14 regarding the medium on which it will accept records or the
15 method and type of symbol or security procedure it will
16 accept as a signature.
17 Section 308. Applicability of other statutes.
18 (a) Laws.--Notwithstanding any other provision of this act,
19 if any other law requires approval by a governmental entity
20 prior to the use or retention of electronic records or the use
21 of electronic signatures, the provisions of that other law shall
22 also apply.
23 (b) Discretion to governmental entities.--Nothing in this
24 act shall prohibit a governmental entity from requiring persons
25 who are authorized to do business in this Commonwealth to use
26 nonelectronic records or signatures.
27 CHAPTER 5
28 SECURE ELECTRONIC RECORDS AND SECURE ELECTRONIC SIGNATURES
29 Section 501. Secure electronic records.
30 (a) General rule.--If through the use of a qualified
19990S0555B1182 - 14 -
1 security procedure it can be verified that an electronic record
2 has not been altered since a specified point in time, then the
3 electronic record shall be considered to be a secure electronic
4 record from the specified point in time to the time of
5 verification if the relying party establishes that the qualified
6 security procedure was:
7 (1) Commercially reasonable under the circumstances.
8 (2) Applied by the relying party in a trustworthy
9 manner.
10 (3) Reasonably and in good faith relied upon by the
11 relying party.
12 (b) Qualified security procedures.--A qualified security
13 procedure for purposes of this section is a security procedure
14 to detect changes in the content of an electronic record that
15 is:
16 (1) previously agreed to by the parties; or
17 (2) certified by the secretary in accordance with
18 section 901 as being capable of providing reliable evidence
19 that an electronic record has not been altered.
20 Section 502. Secure electronic signatures.
21 (a) General rule.--If through the use of a qualified
22 security procedure it can be verified that an electronic
23 signature is the signature of a specific person, then the
24 electronic signature shall be considered to be a secure
25 electronic signature at the time of verification if the relying
26 party establishes that the qualified security procedure was:
27 (1) Commercially reasonable under the circumstances.
28 (2) Applied by the relying party in a trustworthy
29 manner.
30 (3) Reasonably and in good faith relied upon by the
19990S0555B1182 - 15 -
1 relying party.
2 (b) Qualified security procedure.--A qualified security
3 procedure for purposes of this section is a security procedure
4 for identifying a person that is:
5 (1) previously agreed to by the parties; or
6 (2) certified by the secretary in accordance with
7 section 901 as being capable of creating in a trustworthy
8 manner an electronic signature that:
9 (i) is unique to the signer within the context in
10 which it is used;
11 (ii) can be used to objectively identify the person
12 signing the electronic record;
13 (iii) was reliably created by the identified person,
14 insofar as some aspect of the procedure involves the use
15 of a signature device or other means or method that is
16 under the sole control of this person, and that it cannot
17 be readily duplicated or compromised; and
18 (iv) is created and is linked to the electronic
19 record to which it relates in a manner such that if the
20 record or the signature is intentionally or
21 unintentionally changed after signing, the electronic
22 signature is invalidated.
23 Section 503. Commercially reasonableness and reliance.
24 (a) Considerations for determining commercial
25 reasonableness.--The commercial reasonableness of a security
26 procedure is a question of law to be determined in light of the
27 purposes of the procedure and the commercial circumstances at
28 the time the procedure was used, including:
29 (1) The nature of the transaction.
30 (2) Sophistication of the parties.
19990S0555B1182 - 16 -
1 (3) Volume of similar transactions engaged in by either
2 or both of the parties.
3 (4) Availability of alternatives offered to but rejected
4 by either of the parties.
5 (5) Cost of alternative procedures.
6 (6) Procedures in general use for similar types of
7 transactions.
8 (b) Considerations for determining reliance.--Whether
9 reliance on a security procedure was reasonable and in good
10 faith is to be determined in light of all the circumstances
11 known to the relying party at the time of the reliance, giving
12 due regard to the:
13 (1) information that the relying party knew or should
14 have known at the time of reliance that would suggest that
15 reliance was or was not reasonable;
16 (2) the value or importance of the electronic record, if
17 known;
18 (3) the course of dealing between the relying party and
19 the purported sender, if any, and the available indicia of
20 reliability or unreliability apart from the security
21 procedure;
22 (4) the usage of trade, particularly if the trade is
23 conducted by trustworthy systems or other computer-based
24 means, if any; and
25 (5) whether the verification was performed with the
26 assistance of an independent third party.
27 Section 504. Rebuttable presumptions.
28 (a) Secure electronic records.--In resolving a civil dispute
29 involving a secure electronic record, it shall be rebuttably
30 presumed that the electronic record has not been altered since
19990S0555B1182 - 17 -
1 the specific point in time to which the secure status relates.
2 (b) Secure electronic signatures.--In resolving a civil
3 dispute involving a secure electronic signature, it shall be
4 rebuttably presumed that the secure electronic signature is the
5 signature of the person to whom it correlates.
6 (c) Effect of presumptions.--The effect of the presumptions
7 set forth in this section is to place on the party challenging
8 the integrity of a secure electronic record or challenging the
9 genuineness of a secure electronic signature with both the
10 burden of going forward with evidence to rebut the presumption
11 and the burden of persuading the trier of fact that the
12 nonexistence of the presumed fact is more probable than its
13 existence.
14 (d) Existing law and rules.--In the absence of a secure
15 electronic record or a secure electronic signature, nothing in
16 this act shall change existing law or evidentiary rules
17 regarding the burden of proving the authenticity and integrity
18 of an electronic record or an electronic signature.
19 Section 505. Creation and control of signature devices.
20 Except as otherwise provided by another applicable rule of
21 law, whenever the creation, validity or reliability of an
22 electronic signature created by a qualified security procedure
23 under section 501 or 502 is dependent upon the secrecy or
24 control of a signature device of the signer:
25 (1) The person generating or creating the signature
26 device must do so in a trustworthy manner.
27 (2) The signer and all other persons that rightfully
28 have access to the device must exercise reasonable care to
29 retain control and maintain the secrecy of the device and to
30 protect it from any unauthorized access, disclosure or use
19990S0555B1182 - 18 -
1 during the period when reliance on a signature created by the
2 device is reasonable.
3 (3) In the event that the signer or any other person
4 that rightfully has access to the device knows or has reason
5 to know that the secrecy or control of the device has been
6 compromised, that person must make a reasonable effort:
7 (i) to promptly notify all persons who might
8 foreseeably be damaged as a result of the compromise; or
9 (ii) where an appropriate publication mechanism is
10 available, to publish notice of the compromise and a
11 disavowal of any signatures created thereafter. For
12 executive agencies, independent agencies and State-
13 affiliated entities, notice may include publication in
14 the Pennsylvania Bulletin.
15 Section 506. Attribution of signature.
16 Except as provided by another applicable law or regulation, a
17 secure electronic signature is attributable to the person to
18 whom it correlates, whether or not authorized, if:
19 (1) The electronic signature resulted from acts of a
20 person that obtained the signature device or other
21 information necessary to create the signature from a source
22 under the control of the alleged signer, creating the
23 appearance that it came from that party.
24 (2) The access or use occurred under circumstances
25 constituting a failure to exercise reasonable care by the
26 alleged signer.
27 (3) The relying party relied reasonably and in good
28 faith to his detriment on the apparent source of the
29 electronic record.
30 Section 507. Notarization and acknowledgment.
19990S0555B1182 - 19 -
1 If a law or regulation requires that a signature be notarized
2 or acknowledged or provides consequences in the absence of a
3 notarization or acknowledgment, the requirement is satisfied
4 with respect to an electronic record if a security procedure was
5 applied to the electronic signature which establishes by clear
6 and convincing evidence the identity of the person signing the
7 electronic record.
8 Section 508. Secretary's authority to certify security
9 procedures.
10 (a) Investigation and review.--A security procedure may be
11 certified by the secretary as a qualified security procedure for
12 purposes of sections 501 and 502 following an appropriate
13 investigation or review if:
14 (1) The security procedure, including any technology and
15 algorithms it employs, is completely open and fully disclosed
16 to the public and has been so for a sufficient length of time
17 so as to facilitate a comprehensive review and evaluation of
18 its suitability for the intended purpose by the applicable
19 information security or scientific community.
20 (2) The security procedure, including any technology and
21 algorithms it employs, has been generally accepted in the
22 applicable information security or scientific community as
23 being capable of satisfying the requirements of section 501
24 or 502 as applicable in a trustworthy manner.
25 (b) Opinion of independent experts.--In making a
26 determination regarding whether the security procedure,
27 including any technology and algorithms it employs, has been
28 generally accepted in the applicable information security or
29 scientific community, the secretary shall consider the opinion
30 of independent experts in the applicable field and the published
19990S0555B1182 - 20 -
1 findings of the community, including applicable standards
2 organizations such as the American National Standards Institute
3 (ANSI), International Standards Organization (ISO),
4 International Telecommunications Union (ITU) and the National
5 Institute of Standards and Technology (NIST).
6 (c) Regulation.--Certification under this section shall be
7 performed through the adoption of regulations in accordance with
8 the act of June 25, 1982 (P.L.633, No.181), known as the
9 Regulatory Review Act, and shall specify a full and complete
10 identification of the security procedure, including requirements
11 as to how it is to be implemented, if appropriate.
12 (d) Decertification.--If subsequent developments establish
13 that the security procedure is no longer sufficiently
14 trustworthy or reliable for its intended purpose or for any
15 other reason no longer meets the requirements for certification,
16 the secretary may, following an appropriate investigation and
17 review, decertify a security procedure as a qualified security
18 procedure for purposes of section 501 or 502 by publishing
19 notice of the decertification in the Pennsylvania Bulletin.
20 (e) Exclusive authority.--The secretary shall have exclusive
21 authority to certify and decertify security procedures under
22 this section.
23 § 509. Unauthorized use of signature device.
24 (a) Offense defined.--A person commits an offense if he:
25 (1) knowingly or intentionally accesses, copies or
26 otherwise obtains possession of or recreates the signature
27 device of another person without authorization for the
28 purpose of creating, allowing or causing another person to
29 create an unauthorized electronic signature using such
30 signature device; or
19990S0555B1182 - 21 -
1 (2) knowingly alters, discloses or uses the signature
2 device of another person without authorization, or in excess
3 of lawful authorization, for the purpose of creating, or
4 allowing or causing another person to create, an unauthorized
5 electronic signature using such signature device.
6 (b) Grading.--An offense under subsection (a)(1) is a
7 misdemeanor of the first degree. An offense under subsection
8 (a)(2) is a felony of the third degree, except that an offense
9 under subsection (a)(2) in furtherance of any scheme or artifice
10 to defraud in excess of $50,000 is a felony of the second
11 degree.
12 CHAPTER 7
13 USE OF ELECTRONIC RECORDS AND SIGNATURES
14 BY GOVERNMENTAL ENTITIES
15 Section 701. Use of electronic records by governmental
16 entities.
17 (a) Executive agencies.--In accordance with the standards
18 published by the Governor's Office of Administration, each
19 executive agency shall determine if and the extent to which it
20 will send and receive electronic records and electronic
21 signatures to and from other persons and otherwise create, use,
22 store and rely upon electronic records and electronic
23 signatures.
24 (b) Governmental entities.--
25 (1) All other governmental entities shall determine if
26 and the extent to which they will send and receive electronic
27 signatures to and from other persons and otherwise create,
28 use, store and rely upon electronic records and electronic
29 signatures.
30 (2) In any case where a governmental entity decides to
19990S0555B1182 - 22 -
1 send or receive electronic records or to accept document
2 filings by electronic records, the governmental entity may,
3 giving due consideration to security, specify:
4 (i) The manner and format in which the electronic
5 records must be created, sent, received and stored.
6 (ii) If the electronic records must be signed, the
7 type of electronic signature required, the manner and
8 format in which the signature must be affixed to the
9 electronic record and the identity of or criteria that
10 must be met by any third party used by the person filing
11 the document to facilitate the process.
12 (iii) Control processes and procedures as
13 appropriate to ensure adequate integrity, security,
14 confidentiality and to audit the electronic records.
15 (iv) Any other required attributes for the
16 electronic records that are currently specified for
17 corresponding paper documents, or reasonably necessary
18 under the circumstances.
19 (c) Minimum standards.--Standards adopted by an executive
20 agency shall include the relevant minimum security requirements
21 established by the Governor's Office of Administration, if any.
22 (d) Effect of certain electronic record filings.--Whenever
23 any law or regulation requires or authorizes the filing of any
24 information, notice, lien or other document or record with any
25 governmental entity, a filing made by an electronic record shall
26 have the same force and effect as a filing made on paper in all
27 cases where the governmental agency has authorized or agreed to
28 the electronic filing and the filing is made in accordance with
29 the applicable rules or agreement.
30 (e) Construction.--Nothing in this act shall be construed to
19990S0555B1182 - 23 -
1 require a governmental entity to use or to permit the use of
2 electronic records or electronic signatures.
3 Section 702. Adoption of standards for use by governmental
4 entities.
5 (a) Governor's Office of Administration.--The Governor's
6 Office of Administration may establish standards setting forth
7 minimum security requirements for the use of electronic records
8 and electronic signatures by executive agencies. The Governor's
9 Office of Administration shall specify appropriate minimum
10 security requirements to be implemented and followed by
11 executive agencies.
12 (b) Minimum security requirement standards.--Governmental
13 entities may establish standards setting forth minimum security
14 requirements for the use of electronic records and electronic
15 signatures.
16 Section 703. Interoperability.
17 To the extent reasonable under the circumstances, the
18 standards adopted by the Governor's Office of Administration or
19 any other governmental entity relating to the use of electronic
20 records or electronic signatures shall be drafted in a manner
21 designed to encourage and promote consistency and
22 interoperability with similar requirements adopted by government
23 agencies of the Federal Government and other states.
24 CHAPTER 9
25 ADMINISTRATION
26 Section 901. Departmental regulations.
27 (a) Interim regulation.--
28 (1) Within 90 days of the effective date of this act,
29 the department shall promulgate interim regulations
30 applicable to both governmental entities and the private
19990S0555B1182 - 24 -
1 sector in order to implement this act. The regulations may
2 establish fees to be charged by the department to recover all
3 or a portion of its costs.
4 (2) In developing the interim regulations, the
5 department shall provide maximum flexibility to the
6 implementation and incorporation of technology and, to the
7 extent reasonably possible, maximize the opportunities for
8 uniformity with the laws of other jurisdictions, both within
9 the United States and internationally.
10 (3) The interim regulations shall not be subject to
11 review under any of the following:
12 (i) Section 205 of the act of July 31, 1968
13 (P.L.769, No.240), referred to as the Commonwealth
14 Documents Law.
15 (ii) Section 204(b) of the act of October 15, 1980
16 (P.L.950, No.164), known as the Commonwealth Attorneys
17 Act.
18 (iii) Act of June 25, 1982 (P.L.633, No.181), known
19 as the Regulatory Review Act.
20 (b) Other regulations.--The interim regulations under
21 subsection (a) shall expire July 1, 2001 and shall be replaced
22 with regulations that are promulgated as provided by law.
23 Section 902. Enforcement.
24 The secretary may investigate complaints or other information
25 indicating violations of rules adopted by the secretary under
26 this act. The secretary shall refer to the Attorney General for
27 such action as the Attorney General may deem appropriate all
28 information the secretary obtains that discloses a violation of
29 any provision of this act or the regulations adopted under this
30 act.
19990S0555B1182 - 25 -
1 CHAPTER 11
2 MISCELLANEOUS PROVISIONS
3 Section 1101. Severability.
4 The provisions of this act are severable. If any provision of
5 this act or its application to any person or circumstance is
6 held invalid, the invalidity shall not affect other provisions
7 or applications of this act which can be given effect without
8 the invalid provision or application.
9 Section 1102. Effective date.
10 This act shall take effect in 30 days.
11 CHAPTER 1 <--
12 GENERAL PROVISIONS
13 SECTION 101. SHORT TITLE.
14 THIS ACT SHALL BE KNOWN AND MAY BE CITED AS THE ELECTRONIC
15 TRANSACTIONS ACT.
16 SECTION 102. DEFINITIONS.
17 THE FOLLOWING WORDS AND PHRASES WHEN USED IN THIS ACT SHALL
18 HAVE THE MEANINGS GIVEN TO THEM IN THIS SECTION UNLESS THE
19 CONTEXT CLEARLY INDICATES OTHERWISE:
20 "AGREEMENT." THE BARGAIN OF THE PARTIES IN FACT AS FOUND IN
21 THEIR LANGUAGE OR INFERRED FROM OTHER CIRCUMSTANCES, AND RULES,
22 REGULATIONS AND PROCEDURES GIVEN THE EFFECT OF AGREEMENTS UNDER
23 LAWS OTHERWISE APPLICABLE TO A PARTICULAR TRANSACTION.
24 "AUTOMATED TRANSACTION." A TRANSACTION CONDUCTED OR
25 PERFORMED, IN WHOLE OR IN PART, BY ELECTRONIC MEANS OR
26 ELECTRONIC RECORDS IN WHICH THE ACTS OR RECORDS OF ONE OR BOTH
27 PARTIES ARE NOT REVIEWED BY AN INDIVIDUAL IN THE ORDINARY COURSE
28 IN FORMING A CONTRACT, PERFORMING UNDER AN EXISTING CONTRACT OR
29 FULFILLING ANY OBLIGATION REQUIRED BY THE TRANSACTION.
30 "COMPUTER PROGRAM." A SET OF STATEMENTS OR INSTRUCTIONS TO
19990S0555B1182 - 26 -
1 BE USED DIRECTLY OR INDIRECTLY IN AN INFORMATION PROCESSING
2 SYSTEM IN ORDER TO BRING ABOUT A CERTAIN RESULT. THE TERM DOES
3 NOT INCLUDE INFORMATIONAL CONTENT.
4 "CONSUMER." AN INDIVIDUAL INVOLVED IN A TRANSACTION
5 PRIMARILY FOR PERSONAL, FAMILY OR HOUSEHOLD PURPOSES.
6 "CONTRACT." THE TOTAL LEGAL OBLIGATION RESULTING FROM THE
7 PARTIES' AGREEMENT AS AFFECTED BY THIS ACT AND OTHER APPLICABLE
8 LAW.
9 "ELECTRONIC." OF OR RELATING TO TECHNOLOGY HAVING
10 ELECTRICAL, DIGITAL, MAGNETIC, WIRELESS, OPTICAL,
11 ELECTROMAGNETIC OR SIMILAR CAPABILITIES.
12 "ELECTRONIC AGENT." A COMPUTER PROGRAM OR ELECTRONIC OR
13 OTHER AUTOMATED MEANS USED TO INITIATE OR RESPOND TO ELECTRONIC
14 RECORDS OR PERFORMANCES IN WHOLE OR IN PART, WITHOUT REVIEW BY
15 AN INDIVIDUAL IN THE ORDINARY COURSE OF A TRANSACTION.
16 "ELECTRONIC RECORD." A RECORD CREATED, STORED, GENERATED,
17 RECEIVED OR COMMUNICATED BY ELECTRONIC MEANS.
18 "ELECTRONIC SIGNATURE." AN ELECTRONIC IDENTIFYING SOUND,
19 SYMBOL OR PROCESS ATTACHED TO OR LOGICALLY CONNECTED WITH AN
20 ELECTRONIC RECORD AND EXECUTED OR ADOPTED BY A PERSON WITH THE
21 INTENT TO ASSOCIATE THE PERSON WITH THE ELECTRONIC RECORD.
22 "EXECUTIVE AGENCY." A DEPARTMENT, BOARD, COMMISSION,
23 AUTHORITY OR OFFICER OR AGENCY OF THE EXECUTIVE BRANCH OF THE
24 COMMONWEALTH SUBJECT TO THE POLICY, SUPERVISION AND CONTROL OF
25 THE GOVERNOR.
26 "GOVERNMENTAL AGENCY." AN EXECUTIVE AGENCY, INDEPENDENT
27 AGENCY, STATE-AFFILIATED ENTITY OR OTHER INSTRUMENTALITY OF THE
28 COMMONWEALTH. THE TERM INCLUDES STATE-RELATED INSTITUTIONS,
29 AUTHORITIES AND POLITICAL SUBDIVISIONS.
30 "INFORMATION." DATA, TEXT, IMAGES, SOUNDS, CODES, COMPUTER
19990S0555B1182 - 27 -
1 PROGRAMS, SOFTWARE, DATA BASES OR THE LIKE.
2 "INFORMATION PROCESSING SYSTEM." AN ELECTRONIC SYSTEM FOR
3 CREATING, GENERATING, SENDING, RECEIVING, STORING, DISPLAYING OR
4 PROCESSING INFORMATION.
5 "INFORMATIONAL CONTENT." INFORMATION THAT IS INTENDED TO BE
6 COMMUNICATED TO OR PERCEIVED BY AN INDIVIDUAL IN THE ORDINARY
7 USE OF THE INFORMATION.
8 "PERSON." AN INDIVIDUAL, CORPORATION, BUSINESS TRUST,
9 ESTATE, TRUST, PARTNERSHIP, LIMITED LIABILITY COMPANY,
10 ASSOCIATION, JOINT VENTURE, GOVERNMENTAL AGENCY OR PUBLIC
11 CORPORATION, OR ANY OTHER LEGAL OR COMMERCIAL ENTITY.
12 "RECORD." INFORMATION THAT IS INSCRIBED ON A TANGIBLE MEDIUM
13 OR THAT IS STORED IN AN ELECTRONIC OR OTHER MEDIUM AND IS
14 RETRIEVABLE IN PERCEIVABLE FORM.
15 "SECURITY PROCEDURE." A PROCEDURE EMPLOYED FOR THE PURPOSE
16 OF VERIFYING THAT AN ELECTRONIC SIGNATURE, RECORD OR PERFORMANCE
17 IS THAT OF A SPECIFIC PERSON OR FOR DETECTING CHANGES OR ERRORS
18 IN THE INFORMATIONAL CONTENT OF AN ELECTRONIC RECORD. THE TERM
19 INCLUDES A PROCEDURE THAT REQUIRES THE USE OF ALGORITHMS OR
20 OTHER CODES, IDENTIFYING WORDS OR NUMBERS, ENCRYPTION, CALLBACK
21 OR OTHER ACKNOWLEDGMENT PROCEDURES.
22 "TRANSACTION." AN ACTION OR SET OF ACTIONS RELATING TO THE
23 CONDUCT OF BUSINESS OR GOVERNMENTAL AFFAIRS AND OCCURRING
24 BETWEEN TWO OR MORE PERSONS.
25 "TRANSFERABLE RECORD." AN ELECTRONIC RECORD THAT:
26 (1) IF THE ELECTRONIC RECORD WERE IN WRITING, WOULD BE A
27 NOTE UNDER DIVISION 3 OF THE UNIFORM COMMERCIAL CODE (13
28 PA.C.S. § 101 ET SEQ.); AND
29 (2) THE OBLIGOR HAS AGREED EXPRESSLY IS SUBJECT TO THE
30 PROVISIONS OF THIS ACT.
19990S0555B1182 - 28 -
1 "WRITING." PRINTING, TYPEWRITING AND ANY OTHER INTENTIONAL
2 REDUCTION OF A RECORD TO TANGIBLE FORM. THE TERM HAS A
3 CORRESPONDING MEANING.
4 SECTION 103. SCOPE.
5 (A) APPLICATION OF ACT.--EXCEPT AS OTHERWISE PROVIDED IN
6 SUBSECTION (B), THIS ACT APPLIES TO ELECTRONIC RECORDS AND
7 ELECTRONIC SIGNATURES THAT RELATE TO ANY TRANSACTION.
8 (B) EXCEPTIONS.--THIS ACT DOES NOT APPLY TO ELECTRONIC
9 RECORDS AND ELECTRONIC SIGNATURES WHEN USED FOR PURPOSES OF
10 TRANSACTIONS GOVERNED BY ANY OF THE FOLLOWING:
11 (1) A LAW GOVERNING THE CREATION AND EXECUTION OF WILLS,
12 CODICILS AND TESTAMENTARY TRUSTS.
13 (2) DIVISIONS 3, 4, 4A, 5, 7 AND 8 OF THE UNIFORM
14 COMMERCIAL CODE (13 PA.C.S. § 101 ET SEQ.).
15 (3) REVISED DIVISIONS 2, 2A AND 9 OF THE UNIFORM
16 COMMERCIAL CODE (13 PA.C.S. § 101 ET SEQ.).
17 (4) OTHER LAWS, IF ANY, IDENTIFIED BY THE COMMONWEALTH.
18 (5) LAWS SPECIFICALLY EXCLUDED BY ANY GOVERNMENTAL
19 AGENCY OF THIS COMMONWEALTH UNDER CHAPTER 2.
20 (C) ELECTRONIC RECORDS AND SIGNATURES.--THIS ACT APPLIES TO
21 ELECTRONIC RECORDS AND SIGNATURES OTHERWISE SUBJECT TO
22 SUBSECTION (B) WHEN USED FOR PURPOSES OF TRANSACTIONS GOVERNED
23 BY LAWS OTHER THAN THOSE SPECIFIED IN SUBSECTION (B).
24 (D) EXCEPTION.--THIS ACT DOES NOT AFFECT A REQUIREMENT IN A
25 LAW RELATING TO A SPECIFIC MEANS OF DELIVERY OR DISPLAY OF
26 INFORMATION.
27 (E) OTHER SUBSTANTIVE LAW.--A TRANSACTION SUBJECT TO THIS
28 ACT IS ALSO SUBJECT TO OTHER APPLICABLE SUBSTANTIVE LAW. THESE
29 LAWS MUST BE CONSTRUED, WHENEVER REASONABLE, AS CONSISTENT WITH
30 THIS ACT.
19990S0555B1182 - 29 -
1 SECTION 104. USE OF ELECTRONIC RECORDS AND SIGNATURES;
2 VARIATION BY AGREEMENT.
3 (A) ELECTRONIC MEANS OR FORM NOT REQUIRED.--THIS ACT DOES
4 NOT REQUIRE THAT RECORDS OR SIGNATURES BE GENERATED, STORED,
5 SENT, RECEIVED OR OTHERWISE PROCESSED OR USED BY ELECTRONIC
6 MEANS OR IN ELECTRONIC FORM.
7 (B) REASONABLE USE.--THE USE OF AN ELECTRONIC RECORD OR
8 ELECTRONIC SIGNATURE IN A TRANSACTION MUST BE REASONABLE.
9 WHETHER THE USE OF AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE
10 IN A TRANSACTION IS REASONABLE MUST BE DETERMINED FROM THE
11 CIRCUMSTANCES AND CONTEXT IN WHICH IT IS USED, INCLUDING THE
12 PARTIES' STATEMENTS AND AGREEMENT, IF ANY, AND OTHER APPLICABLE
13 LAW. THE OBLIGATION OF REASONABLENESS PRESCRIBED IN THIS
14 SUBSECTION MAY NOT BE DISCLAIMED BY AGREEMENT.
15 (C) VARIATION BY AGREEMENT.--EXCEPT AS OTHERWISE PROVIDED IN
16 THIS ACT, THE EFFECT OF ANY PROVISION OF THIS ACT MAY BE VARIED
17 BY AGREEMENT BETWEEN PARTIES INVOLVED IN GENERATING, STORING,
18 SENDING, RECEIVING OR OTHERWISE PROCESSING OR USING ELECTRONIC
19 RECORDS OR ELECTRONIC SIGNATURES. THE PRESENCE IN CERTAIN
20 PROVISIONS OF THIS ACT OF THE WORDS "UNLESS OTHERWISE AGREED,"
21 OR WORDS OF SIMILAR IMPORT, DOES NOT IMPLY THAT THE EFFECT OF
22 OTHER PROVISIONS MAY NOT BE VARIED BY AGREEMENT.
23 (D) LEGAL CONSEQUENCES OF AGREEMENT.--WHETHER AN AGREEMENT
24 HAS LEGAL CONSEQUENCES IS DETERMINED BY THIS ACT, IF APPLICABLE;
25 OTHERWISE, IT IS DETERMINED BY OTHER APPLICABLE RULES OF LAW.
26 SECTION 105. APPLICATION AND CONSTRUCTION.
27 THIS ACT MUST BE CONSTRUED AND APPLIED, CONSISTENTLY WITH
28 REASONABLE PRACTICES UNDER THE CIRCUMSTANCES, TO FACILITATE
29 ELECTRONIC TRANSACTIONS AND TO EFFECTUATE ITS GENERAL PURPOSE TO
30 MAKE UNIFORM THE LAW WITH RESPECT TO THE SUBJECT OF THIS ACT
19990S0555B1182 - 30 -
1 AMONG STATES ENACTING IT.
2 SECTION 106. LEGAL RECOGNITION OF ELECTRONIC RECORDS,
3 SIGNATURES AND CONTRACTS.
4 (A) ELECTRONIC FORM.--A RECORD OR SIGNATURE MAY NOT BE
5 DENIED LEGAL EFFECT OR ENFORCEABILITY SOLELY BECAUSE IT IS IN
6 ELECTRONIC FORM.
7 (B) USE OF ELECTRONIC RECORD.--A CONTRACT MAY NOT BE DENIED
8 LEGAL EFFECT OR ENFORCEABILITY SOLELY BECAUSE AN ELECTRONIC
9 RECORD WAS USED IN ITS FORMATION.
10 (C) ELECTRONIC RECORD.--IF A LAW REQUIRES A RECORD TO BE IN
11 WRITING OR PROVIDES CONSEQUENCES IF IT IS NOT, AN ELECTRONIC
12 RECORD SATISFIES THE LAW.
13 (D) ELECTRONIC SIGNATURE.--IF A LAW REQUIRES A SIGNATURE OR
14 PROVIDES CONSEQUENCES IN THE ABSENCE OF A SIGNATURE, THE LAW IS
15 SATISFIED WITH RESPECT TO AN ELECTRONIC RECORD IF THE ELECTRONIC
16 RECORD INCLUDES AN ELECTRONIC SIGNATURE.
17 (E) REASONABLE REQUIREMENTS.--AS PART OF A TRANSACTION,
18 NOTHING IN THIS ACT PRECLUDES A PERSON FROM ESTABLISHING
19 REASONABLE REQUIREMENTS REGARDING THE TYPE OF RECORDS OR
20 SIGNATURES ACCEPTABLE TO IT.
21 SECTION 107. PROVISION OF INFORMATION IN WRITING.
22 (A) ELECTRONIC RECORD.--IF A LAW REQUIRES A PERSON TO
23 PROVIDE INFORMATION IN WRITING TO ANOTHER PERSON, THAT
24 REQUIREMENT IS SATISFIED IF THE INFORMATION IS PROVIDED TO THE
25 PERSON IN AN ELECTRONIC RECORD THAT THE PERSON IS CAPABLE OF
26 ACCESSING AND RETAINING FOR SUBSEQUENT REFERENCE.
27 (B) SECTION NOT VARIED BY AGREEMENT.--THE EFFECT OF THIS
28 SECTION MAY NOT BE VARIED BY AGREEMENT.
29 SECTION 108. ATTRIBUTION AND EFFECT OF ELECTRONIC RECORD AND
30 SIGNATURE.
19990S0555B1182 - 31 -
1 (A) GENERAL RULE.--AN ELECTRONIC RECORD OR ELECTRONIC
2 SIGNATURE IS ATTRIBUTABLE TO A PERSON IF IT WAS IN FACT THE ACT
3 OF THE PERSON OR ITS ELECTRONIC AGENT. ATTRIBUTION MAY BE PROVED
4 IN ANY MANNER, INCLUDING A SHOWING OF THE EFFICACY OF ANY
5 SECURITY PROCEDURE APPLIED TO DETERMINE THE PERSON TO WHICH THE
6 ELECTRONIC RECORD OR ELECTRONIC SIGNATURE WAS ATTRIBUTABLE.
7 (B) DETERMINATION OF EFFECT.--THE EFFECT OF AN ELECTRONIC
8 RECORD OR ELECTRONIC SIGNATURE ATTRIBUTED TO A PERSON UNDER
9 SUBSECTION (A) MUST BE DETERMINED FROM THE CONTEXT AND
10 SURROUNDING CIRCUMSTANCES AT THE TIME OF ITS CREATION, EXECUTION
11 OR ADOPTION, INCLUDING THE PARTIES' AGREEMENT, IF ANY, AND AS
12 OTHERWISE PROVIDED BY LAW.
13 SECTION 109. EFFECT OF CHANGES AND ERRORS.
14 UNLESS OTHERWISE AGREED, IF A CHANGE OR ERROR IN AN
15 ELECTRONIC RECORD OCCURS IN A TRANSMISSION BETWEEN PARTIES TO A
16 TRANSACTION, THE FOLLOWING RULES APPLY:
17 (1) IF THE PARTIES HAVE AGREED TO USE A SECURITY
18 PROCEDURE TO DETECT CHANGES OR ERRORS AND ONE PARTY HAS
19 CONFORMED TO THE PROCEDURE, BUT THE OTHER PARTY HAS NOT, AND
20 THE NONCONFORMING PARTY WOULD HAVE DETECTED THE CHANGE OR
21 ERROR HAD THAT PARTY ALSO CONFORMED, THE EFFECT OF THE
22 CHANGED OR ERRONEOUS ELECTRONIC RECORD IS AVOIDABLE BY THE
23 CONFORMING PARTY.
24 (2) IN AN AUTOMATED TRANSACTION INVOLVING AN INDIVIDUAL,
25 THE INDIVIDUAL MAY AVOID THE EFFECT OF AN ELECTRONIC RECORD
26 THAT RESULTED FROM AN ERROR BY THE INDIVIDUAL MADE IN DEALING
27 WITH THE ELECTRONIC AGENT OF ANOTHER PERSON ONLY IF THE
28 ELECTRONIC AGENT DID NOT PROVIDE AN OPPORTUNITY FOR THE
29 PREVENTION OR CORRECTION OF THE ERROR AND, AT THE TIME THE
30 INDIVIDUAL LEARNS OF THE ERROR, THE INDIVIDUAL:
19990S0555B1182 - 32 -
1 (I) PROMPTLY NOTIFIES THE OTHER PERSON OF THE ERROR
2 AND THAT THE INDIVIDUAL DID NOT INTEND TO BE BOUND BY THE
3 ELECTRONIC RECORD RECEIVED BY THE OTHER PERSON;
4 (II) TAKES REASONABLE STEPS, INCLUDING STEPS THAT
5 CONFORM TO THE OTHER PERSON'S REASONABLE INSTRUCTIONS, TO
6 RETURN TO THE OTHER PERSON OR, IF INSTRUCTED BY THE OTHER
7 PERSON, TO DESTROY THE CONSIDERATION RECEIVED, IF ANY, AS
8 A RESULT OF THE ERRONEOUS ELECTRONIC RECORD; AND
9 (III) HAS NOT USED OR RECEIVED THE BENEFIT OR VALUE
10 OF THE CONSIDERATION, IF ANY, RECEIVED FROM THE OTHER
11 PERSON.
12 (3) IF NEITHER PARAGRAPH (1) NOR (2) APPLIES, THE CHANGE
13 OR ERROR HAS THE EFFECT PROVIDED BY LAW, INCLUDING THE LAW OF
14 MISTAKE, AND THE PARTIES' CONTRACT, IF ANY.
15 SECTION 110. NOTARIZATION AND ACKNOWLEDGMENT.
16 IF A LAW REQUIRES THAT A SIGNATURE BE NOTARIZED OR
17 ACKNOWLEDGED OR PROVIDES CONSEQUENCES IN THE ABSENCE OF
18 NOTARIZATION OR ACKNOWLEDGMENT, THE LAW IS SATISFIED WITH
19 RESPECT TO AN ELECTRONIC SIGNATURE IF A SECURITY PROCEDURE WAS
20 APPLIED WHICH ESTABLISHES THE IDENTITY OF THE PERSON SIGNING THE
21 ELECTRONIC RECORD AND THAT THE ELECTRONIC RECORD HAS NOT BEEN
22 ALTERED SINCE IT WAS ELECTRONICALLY SIGNED.
23 SECTION 111. RETENTION OF ELECTRONIC RECORDS AND ORIGINALS.
24 (A) GENERAL RULE.--IF A LAW REQUIRES THAT CERTAIN RECORDS BE
25 RETAINED, THAT REQUIREMENT IS MET BY RETAINING AN ELECTRONIC
26 RECORD OF THE INFORMATION IN THE RECORD, IF THE ELECTRONIC
27 RECORD REFLECTS ACCURATELY THE INFORMATION SET FORTH IN THE
28 RECORD AFTER IT WAS FIRST GENERATED IN ITS FINAL FORM AS AN
29 ELECTRONIC RECORD OR OTHERWISE, AND THE ELECTRONIC RECORD
30 REMAINS ACCESSIBLE FOR LATER REFERENCE.
19990S0555B1182 - 33 -
1 (B) EXCEPTION.--A REQUIREMENT TO RETAIN RECORDS IN
2 ACCORDANCE WITH SUBSECTION (A) DOES NOT APPLY TO ANY INFORMATION
3 WHOSE SOLE PURPOSE IS TO ENABLE THE RECORD TO BE SENT OR
4 RECEIVED.
5 (C) SERVICES OF OTHER PERSON.--A PERSON SATISFIES SUBSECTION
6 (A) BY USING THE SERVICES OF ANY OTHER PERSON IF THE CONDITIONS
7 SET FORTH IN SUBSECTION (A) ARE MET.
8 (D) ORIGINAL FORM REQUIREMENT.--IF A LAW REQUIRES A RECORD
9 TO BE PRESENTED OR RETAINED IN ITS ORIGINAL FORM OR PROVIDES
10 CONSEQUENCES IF THE RECORD IS NOT PRESENTED OR RETAINED IN ITS
11 ORIGINAL FORM, THAT LAW IS SATISFIED BY AN ELECTRONIC RECORD
12 RETAINED IN ACCORDANCE WITH SUBSECTION (A).
13 (E) RETENTION REQUIREMENT.--A RECORD RETAINED AS AN
14 ELECTRONIC RECORD IN ACCORDANCE WITH SUBSECTION (A) SATISFIES
15 LAWS REQUIRING A PERSON TO RETAIN RECORDS FOR EVIDENTIARY, AUDIT
16 OR LIKE PURPOSES, UNLESS A LAW PROMULGATED AFTER THE EFFECTIVE
17 DATE OF THIS ACT SPECIFICALLY PROHIBITS THE USE OF AN ELECTRONIC
18 RECORD FOR A SPECIFIED PURPOSE.
19 (F) ADDITIONAL REQUIREMENTS.--THIS SECTION DOES NOT PRECLUDE
20 A GOVERNMENTAL AGENCY FROM SPECIFYING ADDITIONAL REQUIREMENTS
21 FOR THE RETENTION OF RECORDS, EITHER WRITTEN OR ELECTRONIC,
22 SUBJECT TO THE AGENCY'S JURISDICTION.
23 SECTION 112. ADMISSIBILITY IN EVIDENCE.
24 (A) GENERAL RULE.--IN A LEGAL PROCEEDING, EVIDENCE OF AN
25 ELECTRONIC RECORD OR ELECTRONIC SIGNATURE MAY NOT BE EXCLUDED
26 BECAUSE OF ANY OF THE FOLLOWING REASONS:
27 (1) IT IS AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE.
28 (2) IT IS NOT AN ORIGINAL OR IS NOT IN ITS ORIGINAL
29 FORM.
30 (B) FACTS FOR CONSIDERATION.--IN ASSESSING THE PERSUASIVE
19990S0555B1182 - 34 -
1 EFFECT OF AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE, THE
2 TRIER OF FACT SHALL CONSIDER THE MANNER IN WHICH THE ELECTRONIC
3 RECORD OR ELECTRONIC SIGNATURE WAS GENERATED, STORED,
4 COMMUNICATED OR RETRIEVED, THE RELIABILITY OF THE MANNER IN
5 WHICH THE INTEGRITY OF THE ELECTRONIC RECORD OR ELECTRONIC
6 SIGNATURE WAS MAINTAINED, THE MANNER IN WHICH ITS ORIGINATOR WAS
7 IDENTIFIED OR THE ELECTRONIC RECORD WAS SIGNED, AND ANY OTHER
8 RELEVANT CIRCUMSTANCES.
9 SECTION 113. FORMATION OF CONTRACT.
10 (A) GENERAL RULE.--IF AN OFFER IN AN ELECTRONIC RECORD
11 INITIATED BY A PERSON, OR BY ITS ELECTRONIC AGENT, EVOKES AN
12 ELECTRONIC RECORD IN RESPONSE, A CONTRACT IS FORMED IN THE SAME
13 MANNER AND WITH THE SAME EFFECT AS IF THE ELECTRONIC RECORDS
14 WERE NOT ELECTRONIC, EXCEPT THAT A CONTRACT IS FORMED, IF AT
15 ALL:
16 (1) WHEN AN ACCEPTANCE IS RECEIVED; OR
17 (2) IF THE RESPONSE CONSISTS OF ELECTRONIC PERFORMANCE
18 OF THE REQUESTED CONSIDERATION IN WHOLE OR IN PART, WHEN THE
19 REQUESTED CONSIDERATION, TO BE PERFORMED ELECTRONICALLY, IS
20 RECEIVED, UNLESS THE OFFER PROHIBITED THAT FORM OF RESPONSE.
21 (B) ADDITIONAL RULES.--IN AN AUTOMATED TRANSACTION, THE
22 FOLLOWING RULES APPLY:
23 (1) A CONTRACT MAY BE FORMED BY THE INTERACTION OF
24 ELECTRONIC AGENTS OF THE PARTIES, EVEN IF NO INDIVIDUAL WAS
25 AWARE OF OR REVIEWED THE ELECTRONIC AGENTS' ACTIONS OR THE
26 RESULTING TERMS AND AGREEMENTS.
27 (2) A CONTRACT MAY BE FORMED BY THE INTERACTION OF A
28 PERSON'S ELECTRONIC AGENT AND AN INDIVIDUAL, INCLUDING BY AN
29 INTERACTION IN WHICH THE INDIVIDUAL PERFORMS ACTIONS THAT IT
30 IS FREE TO REFUSE TO PERFORM AND THAT IT KNOWS OR HAS REASON
19990S0555B1182 - 35 -
1 TO KNOW WILL CAUSE THE ELECTRONIC AGENT TO COMPLETE THE
2 TRANSACTION OR PERFORMANCE.
3 (C) SUBSTANTIVE LAW.--THE TERMS OF A CONTRACT ARE DETERMINED
4 BY THE SUBSTANTIVE LAW APPLICABLE TO THE PARTICULAR CONTRACT.
5 SECTION 114. TIME AND PLACE OF SENDING AND RECEIPT.
6 (A) SENDING.--UNLESS OTHERWISE AGREED BETWEEN THE SENDER AND
7 THE RECIPIENT, AN ELECTRONIC RECORD IS SENT WHEN THE INFORMATION
8 IS ADDRESSED OR OTHERWISE DIRECTED PROPERLY TO THE RECIPIENT AND
9 ENTERS AN INFORMATION PROCESSING SYSTEM OUTSIDE THE CONTROL OF
10 THE SENDER OR OF A PERSON THAT SENT THE ELECTRONIC RECORD ON
11 BEHALF OF THE SENDER.
12 (B) RECEIPT.--UNLESS OTHERWISE AGREED BETWEEN THE SENDER AND
13 THE RECIPIENT, AN ELECTRONIC RECORD IS RECEIVED WHEN THE
14 ELECTRONIC RECORD ENTERS AN INFORMATION PROCESSING SYSTEM THAT
15 THE RECIPIENT HAS DESIGNATED OR USES FOR THE PURPOSE OF
16 RECEIVING ELECTRONIC RECORDS OR INFORMATION OF THE TYPE SENT, IN
17 A FORM CAPABLE OF BEING PROCESSED BY THAT SYSTEM, AND FROM WHICH
18 THE RECIPIENT IS ABLE TO RETRIEVE THE ELECTRONIC RECORD.
19 (C) APPLICATION OF SUBSECTION (B).--SUBSECTION (B) APPLIES
20 EVEN IF THE PLACE THE INFORMATION PROCESSING SYSTEM IS LOCATED
21 IS DIFFERENT FROM THE PLACE THE ELECTRONIC RECORD IS CONSIDERED
22 TO BE RECEIVED UNDER SUBSECTION (D).
23 (D) PLACE OF SENDING AND OF RECEIPT.--UNLESS OTHERWISE
24 EXPRESSLY PROVIDED IN THE ELECTRONIC RECORD OR AGREED BETWEEN
25 THE SENDER AND THE RECIPIENT, AN ELECTRONIC RECORD IS DEEMED TO
26 BE SENT FROM THE SENDER'S PLACE OF BUSINESS AND IS DEEMED TO BE
27 RECEIVED AT THE RECIPIENT'S PLACE OF BUSINESS. FOR THE PURPOSES
28 OF THIS SUBSECTION, THE FOLLOWING RULES APPLY:
29 (1) IF THE SENDER OR RECIPIENT HAS MORE THAN ONE PLACE
30 OF BUSINESS, THE PLACE OF BUSINESS OF THAT PERSON IS THAT
19990S0555B1182 - 36 -
1 WHICH HAS THE CLOSEST RELATIONSHIP TO THE UNDERLYING
2 TRANSACTION.
3 (2) IF THE SENDER OR THE RECIPIENT DOES NOT HAVE A PLACE
4 OF BUSINESS, THE PLACE OF BUSINESS IS THE SENDER'S OR
5 RECIPIENT'S RESIDENCE, AS THE CASE MAY BE.
6 (E) RECORD EFFECTIVE ON RECEIPT.--AN ELECTRONIC RECORD IS
7 EFFECTIVE WHEN RECEIVED EVEN IF NO INDIVIDUAL IS AWARE OF ITS
8 RECEIPT.
9 (F) ACKNOWLEDGMENT.--RECEIPT OF AN ELECTRONIC ACKNOWLEDGMENT
10 ESTABLISHES THAT A RECORD WAS RECEIVED BUT, IN ITSELF, DOES NOT
11 ESTABLISH THAT THE CONTENT SENT CORRESPONDS TO THE CONTENT
12 RECEIVED.
13 SECTION 115. TRANSFERABLE RECORDS.
14 (A) CONTROL OF RECORD.--A PERSON HAS CONTROL OF A
15 TRANSFERABLE RECORD IF THE RECORD OR RECORDS COMPRISING THE
16 TRANSFERABLE RECORD ARE CREATED, STORED AND ASSIGNED IN SUCH A
17 MANNER THAT:
18 (1) A SINGLE AUTHORITATIVE COPY OF THE RECORD OR RECORDS
19 EXISTS WHICH IS UNIQUE, IDENTIFIABLE AND, EXCEPT AS OTHERWISE
20 PROVIDED IN PARAGRAPHS (4), (5), AND (6), UNALTERABLE;
21 (2) THE AUTHORITATIVE COPY IDENTIFIES THE PERSON
22 ASSERTING CONTROL AS THE ASSIGNEE OF THE RECORD OR RECORDS;
23 (3) THE AUTHORITATIVE COPY IS COMMUNICATED TO AND
24 MAINTAINED BY THE PERSON ASSERTING CONTROL OR ITS DESIGNATED
25 CUSTODIAN;
26 (4) COPIES OR REVISIONS THAT ADD OR CHANGE AN IDENTIFIED
27 ASSIGNEE OF THE AUTHORITATIVE COPY CAN BE MADE ONLY WITH THE
28 CONSENT OF THE PERSON ASSERTING CONTROL;
29 (5) EACH COPY OF THE AUTHORITATIVE COPY AND ANY COPY OF
30 A COPY IS READILY IDENTIFIABLE AS A COPY THAT IS NOT THE
19990S0555B1182 - 37 -
1 AUTHORITATIVE COPY; AND
2 (6) ANY REVISION OF THE AUTHORITATIVE COPY IS READILY
3 IDENTIFIABLE AS AN AUTHORIZED OR UNAUTHORIZED REVISION.
4 (B) RIGHTS OF PERSON IN CONTROL OF RECORD.--EXCEPT AS
5 OTHERWISE PROVIDED IN SUBSECTION (D), THE FOLLOWING RULES APPLY
6 IN DETERMINING THE RIGHTS OF A PERSON IN CONTROL OF A
7 TRANSFERABLE RECORD:
8 (1) IF A PERSON ACQUIRES CONTROL OF A TRANSFERABLE
9 RECORD THE PERSON HAS THE RIGHTS WITH RESPECT TO THE RECORD
10 THAT A HOLDER OF A NOTE WOULD HAVE IF THE RECORD WERE A NOTE.
11 (2) IF THE PERSON ACQUIRES CONTROL IN A MANNER
12 CONSISTENT WITH SECTION 3302(A) OF THE UNIFORM COMMERCIAL
13 CODE (13 PA.C.S. § 101 ET SEQ.), THE PERSON HAS THE RIGHTS
14 WITH RESPECT TO THE RECORD THAT A HOLDER IN DUE COURSE OF A
15 NOTE WOULD HAVE IF THE RECORD WERE A NOTE.
16 (3) IF THE PERSON ACQUIRES CONTROL IN A MANNER
17 CONSISTENT WITH SECTION 9308 OF THE UNIFORM COMMERCIAL CODE
18 (13 PA.C.S. § 101 ET SEQ.), THE PERSON HAS THE RIGHTS WITH
19 RESPECT TO THE RECORD THAT A PURCHASER IN POSSESSION OF A
20 NOTE WOULD HAVE IF THE RECORD WERE A NOTE.
21 (4) NOTHING IN PARAGRAPH (1), (2) OR (3) REQUIRES A
22 PERSON TO RECEIVE DELIVERY, POSSESSION OR ENDORSEMENT OF AN
23 ELECTRONIC RECORD IN ORDER TO OBTAIN THE RIGHTS AVAILABLE
24 UNDER THOSE PARAGRAPHS.
25 (C) RIGHTS AND DEFENSES OF OBLIGOR.--THE FOLLOWING RULES
26 APPLY IN DETERMINING THE RIGHTS AND DEFENSES OF A PERSON WHO IS
27 AN OBLIGOR UNDER A TRANSFERABLE RECORD:
28 (1) THE OBLIGOR HAS THE RIGHTS AND DEFENSES WITH RESPECT
29 TO THE RECORD THAT A MAKER OF A NOTE WOULD HAVE IF THE RECORD
30 WERE A NOTE.
19990S0555B1182 - 38 -
1 (2) THE PERSON OBTAINING PAYMENT UNDER THE TRANSFERABLE
2 RECORD AND A PRIOR TRANSFEROR OF THE TRANSFERABLE RECORD
3 WARRANT TO THE OBLIGOR MAKING PAYMENT IN GOOD FAITH, THAT THE
4 WARRANTOR IS OR WAS, AT THE TIME THE WARRANTOR TRANSFERRED
5 THE RECORD, THE PERSON ENTITLED TO PAYMENT OF THE RECORD OR
6 AUTHORIZED TO RECEIVE PAYMENT ON BEHALF OF A PERSON ENTITLED
7 TO PAYMENT OF THE RECORD.
8 (D) DISCHARGE OF OBLIGATION.--DISCHARGE OF THE OBLIGATION IS
9 EFFECTIVE AGAINST ANY PERSON IN CONTROL OF THE TRANSFERABLE
10 RECORD IF:
11 (1) THE DISCHARGE IS MADE BY OR ON BEHALF OF THE PERSON
12 IN CONTROL OF THE TRANSFERABLE RECORD AT THE TIME OF THE
13 DISCHARGE; OR
14 (2) THE OBLIGATION WOULD OTHERWISE BE DISCHARGED UNDER
15 THE SUBSTANTIVE LAW APPLICABLE TO THE TRANSACTION.
16 (E) REASONABLE PROOF OF CONTROL.--IF REQUESTED BY THE
17 OBLIGOR UNDER A TRANSFERABLE RECORD, THE PERSON SEEKING TO
18 ENFORCE THE TRANSFERABLE RECORD MUST PROVIDE REASONABLE PROOF
19 THAT THE PERSON IS IN CONTROL OF THE TRANSFERABLE RECORD. PRIOR
20 TO PAYMENT OR PERFORMANCE OF THE OBLIGATION, THE OBLIGOR IS
21 ENTITLED TO ACCESS TO THE AUTHORITATIVE COPY OF THE TRANSFERABLE
22 RECORD AND RELATED BUSINESS RECORDS SUFFICIENT TO REVIEW THE
23 TERMS OF THE TRANSFERABLE RECORD AND ESTABLISH THE IDENTITY OF
24 THE PERSON IN CONTROL OF THE TRANSFERABLE RECORD.
25 CHAPTER 2
26 SECURE ELECTRONIC RECORDS AND SIGNATURES
27 SECTION 201. SECURE ELECTRONIC RECORDS.
28 IF, THROUGH THE APPLICATION OF A SECURITY PROCEDURE, IT CAN
29 BE DEMONSTRATED THAT AN ELECTRONIC RECORD HAS REMAINED UNALTERED
30 SINCE A SPECIFIED TIME, THE RECORD IS A SECURE ELECTRONIC RECORD
19990S0555B1182 - 39 -
1 FROM THAT TIME FORWARD.
2 SECTION 202. SECURE ELECTRONIC SIGNATURES.
3 A SIGNATURE IS A SECURE ELECTRONIC SIGNATURE IF, THROUGH THE
4 APPLICATION OF A SECURITY PROCEDURE, IT CAN BE DEMONSTRATED THAT
5 THE ELECTRONIC SIGNATURE WAS, AT THE TIME IT WAS MADE:
6 (1) UNIQUE TO THE PERSON USING IT;
7 (2) CAPABLE OF VERIFICATION;
8 (3) UNDER THE SOLE CONTROL OF THE PERSON USING IT; AND
9 (4) LINKED TO THE ELECTRONIC RECORD TO WHICH IT RELATES
10 IN A MANNER SUCH THAT IF THE RECORD WAS CHANGED THE
11 ELECTRONIC SIGNATURE WOULD BE INVALIDATED.
12 SECTION 203. PRESUMPTIONS.
13 (A) SECURE ELECTRONIC RECORD.--WITH RESPECT TO A SECURE
14 ELECTRONIC RECORD, THERE IS A REBUTTABLE PRESUMPTION THAT THE
15 ELECTRONIC RECORD HAS NOT BEEN ALTERED SINCE THE SPECIFIC TIME
16 TO WHICH THE SECURE STATUS RELATES.
17 (B) SECURE ELECTRONIC SIGNATURE.--WITH RESPECT TO A SECURE
18 ELECTRONIC SIGNATURE THERE IS A REBUTTABLE PRESUMPTION THAT THE
19 SECURE ELECTRONIC SIGNATURE IS THE ELECTRONIC SIGNATURE OF THE
20 PARTY TO WHOM IT RELATES.
21 (C) NONSECURE RECORDS AND SIGNATURES.--IN THE ABSENCE OF A
22 SECURE ELECTRONIC RECORD OR A SECURE ELECTRONIC SIGNATURE, THIS
23 ACT DOES NOT CREATE ANY PRESUMPTION REGARDING THE AUTHENTICITY
24 AND INTEGRITY OF AN ELECTRONIC RECORD OR AN ELECTRONIC
25 SIGNATURE.
26 (D) NO PRESUMPTION IF CONSUMER IS A PARTY.--NO PRESUMPTION
27 IS CREATED UNDER THIS CHAPTER IF A CONSUMER IS A PARTY TO THE
28 TRANSACTION.
29 CHAPTER 3
30 GOVERNMENTAL ELECTRONIC RECORDS
19990S0555B1182 - 40 -
1 SECTION 301. CREATION AND RETENTION OF ELECTRONIC RECORDS;
2 CONVERSION OF WRITTEN RECORDS.
3 EACH COMMONWEALTH AGENCY SHALL DETERMINE IF, AND THE EXTENT
4 TO WHICH, IT WILL CREATE AND RETAIN ELECTRONIC RECORDS AND
5 CONVERT WRITTEN RECORDS TO ELECTRONIC RECORDS. EXECUTIVE
6 AGENCIES MUST ALSO COMPLY WITH STANDARDS PUBLISHED BY THE OFFICE
7 OF ADMINISTRATION.
8 SECTION 302. SENDING AND ACCEPTING ELECTRONIC RECORDS.
9 (A) GENERAL RULES.--
10 (1) EXCEPT AS OTHERWISE PROVIDED IN SECTION 111(E), EACH
11 GOVERNMENTAL AGENCY SHALL DETERMINE WHETHER, AND THE EXTENT
12 TO WHICH, IT WILL SEND AND ACCEPT ELECTRONIC RECORDS AND
13 ELECTRONIC SIGNATURES TO AND FROM OTHER PERSONS, AND
14 OTHERWISE CREATE, USE, STORE AND RELY UPON ELECTRONIC RECORDS
15 AND ELECTRONIC SIGNATURES.
16 (2) EXECUTIVE AGENCIES MUST ALSO COMPLY WITH ANY
17 STANDARDS PUBLISHED BY THE GOVERNOR'S OFFICE OF
18 ADMINISTRATION.
19 (B) ADDITIONAL REQUIREMENTS.--IN A CASE GOVERNED BY
20 SUBSECTION (A), THE GOVERNMENTAL AGENCY, GIVING DUE
21 CONSIDERATION TO SECURITY, SHALL SPECIFY THE FOLLOWING:
22 (1) THE MANNER AND FORMAT IN WHICH THE ELECTRONIC
23 RECORDS MUST BE CREATED, SENT, RECEIVED AND STORED.
24 (2) IF ELECTRONIC RECORDS MUST BE ELECTRONICALLY SIGNED,
25 THE TYPE OF ELECTRONIC SIGNATURE REQUIRED, THE MANNER AND
26 FORMAT IN WHICH THE ELECTRONIC SIGNATURE MUST BE AFFIXED TO
27 THE ELECTRONIC RECORD, AND THE IDENTITY OF, OR CRITERIA THAT
28 MUST BE MET BY, ANY THIRD PARTY USED BY A PERSON FILING A
29 DOCUMENT TO FACILITATE THE PROCESS.
30 (3) CONTROL PROCESSES AND PROCEDURES APPROPRIATE TO
19990S0555B1182 - 41 -
1 ENSURE ADEQUATE PRESERVATION, DISPOSITION, INTEGRITY,
2 SECURITY, CONFIDENTIALITY AND AUDITABILITY OF ELECTRONIC
3 RECORDS.
4 (4) ANY OTHER REQUIRED ATTRIBUTES FOR ELECTRONIC RECORDS
5 WHICH ARE CURRENTLY SPECIFIED FOR CORRESPONDING NONELECTRONIC
6 RECORDS, OR REASONABLY NECESSARY UNDER THE CIRCUMSTANCES.
7 (C) LIMITATION.--EXCEPT AS OTHERWISE PROVIDED IN SECTION
8 111(E), THIS ACT DOES NOT REQUIRE ANY GOVERNMENTAL AGENCY OF THE
9 COMMONWEALTH TO USE OR PERMIT THE USE OF ELECTRONIC RECORDS OR
10 ELECTRONIC SIGNATURES.
11 SECTION 303. INTEROPERABILITY.
12 STANDARDS ADOPTED BY A GOVERNMENTAL AGENCY UNDER SECTION 302
13 SHOULD ENCOURAGE AND PROMOTE CONSISTENCY AND INTEROPERABILITY
14 WITH SIMILAR REQUIREMENTS ADOPTED BY OTHER GOVERNMENTAL AGENCIES
15 OF THIS AND OTHER STATES AND THE FEDERAL GOVERNMENT, AND
16 NONGOVERNMENTAL PERSONS INTERACTING WITH GOVERNMENTAL AGENCIES
17 OF THE COMMONWEALTH.
18 CHAPTER 4
19 MISCELLANEOUS PROVISIONS
20 SECTION 401. SEVERABILITY.
21 THE PROVISIONS OF THIS ACT ARE SEVERABLE. IF ANY PROVISION OF
22 THIS ACT OR ITS APPLICATION TO ANY PERSON OR CIRCUMSTANCE IS
23 HELD INVALID, THE INVALIDITY SHALL NOT AFFECT OTHER PROVISIONS
24 OR APPLICATIONS OF THIS ACT WHICH CAN BE GIVEN EFFECT WITHOUT
25 THE INVALID PROVISION OR APPLICATION.
26 SECTION 402. EFFECTIVE DATE.
27 THIS ACT SHALL TAKE EFFECT IN 30 DAYS.
B18L12DMS/19990S0555B1182 - 42 -