PRIOR PRINTER'S NO. 741 PRINTER'S NO 1182
No. 555 Session of 1999
INTRODUCED BY HART, JUBELIRER, MELLOW, BRIGHTBILL, CONTI, DENT, THOMPSON, GERLACH, WOZNIAK, EARLL, SLOCUM, KUKOVICH, MUSTO, WAGNER, BOSCOLA, WAUGH, CORMAN, KASUNIC, ROBBINS AND MURPHY, MARCH 24, 1999
SENATOR TOMLINSON, COMMUNICATIONS AND HIGH TECHNOLOGY, AS AMENDED, JUNE 8, 1999
AN ACT 1 Regulating electronic records and electronic signatures; <-- 2 providing for their security and for their use by 3 governmental entities; imposing duties on the Secretary of 4 the Commonwealth; providing for enforcement; and establishing 5 civil remedies. 6 TABLE OF CONTENTS 7 Chapter 1. Preliminary Provisions 8 Section 101. Short title. 9 Section 102. Purposes and construction. 10 Section 103. Application. 11 Section 104. Definitions. 12 Section 105. Public access to information. 13 Chapter 3. Electronic Records and Electronic Signatures 14 Section 301. Legal recognition. 15 Section 302. Electronic records. 16 Section 303. Electronic signatures. 17 Section 304. Originals forms. 18 Section 305. Admissibility into evidence.
1 Section 306. Retention of electronic records. 2 Section 307. Electronic use not required. 3 Section 308. Applicability of other statutes or rules. 4 Chapter 5. Secure Electronic Records and Secure Electronic 5 Signatures 6 Section 501. Secure electronic records. 7 Section 502. Secure electronic signatures. 8 Section 503. Commercially reasonableness and reliance. 9 Section 504. Rebuttable presumptions. 10 Section 505. Creation and control of signature devices. 11 Section 506. Attribution of signature. 12 Section 507. Notarization and acknowledgment. 13 Section 508. Secretary's authority to certify security 14 procedures. 15 Section 509. Unauthorized use of signature devices. 16 Chapter 7. Use of Electronic Records And Signatures 17 by Governmental Entities 18 Section 701. Use of electronic records by governmental 19 entities. 20 Section 702. Adoption of standards for use by governmental 21 entities. 22 Section 703. Interoperability. 23 Chapter 9. Administration 24 Section 901. Departmental regulations. 25 Section 902. Enforcement. 26 Chapter 11. Miscellaneous Provisions 27 Section 1101. Severability. 28 Section 1102. Effective date. 29 PROVIDING FOR USE OF ELECTRONIC RECORDS AND SIGNATURES, FOR <-- 30 APPLICATION AND CONSTRUCTION, FOR LEGAL RECOGNITION OF 31 ELECTRONIC RECORDS, FOR PROVISION OF INFORMATION IN WRITING, 19990S0555B1182 - 2 -
1 FOR ATTRIBUTION AND EFFECT OF ELECTRONIC RECORD AND 2 SIGNATURE, FOR EFFECT OF CHANGES AND ERRORS, FOR NOTARIZATION 3 AND ACKNOWLEDGMENT, FOR RETENTION OF ELECTRONIC RECORDS AND 4 ORIGINALS, FOR ADMISSIBILITY IN EVIDENCE, FOR FORMATION OF 5 CONTRACT, FOR OPERATIONS OF ELECTRONIC AGENTS, FOR TIME AND 6 PLACE OF SENDING AND RECEIPT, FOR TRANSFERABLE RECORDS, FOR 7 SECURE ELECTRONIC RECORDS AND SIGNATURES, FOR PRESUMPTIONS 8 AND FOR GOVERNMENTAL ELECTRONIC RECORDS AND SIGNATURES. 9 TABLE OF CONTENTS 10 CHAPTER 1. GENERAL PROVISIONS 11 SECTION 101. SHORT TITLE. 12 SECTION 102. DEFINITIONS. 13 SECTION 103. SCOPE. 14 SECTION 104. USE OF ELECTRONIC RECORDS AND SIGNATURES; 15 VARIATION BY AGREEMENT. 16 SECTION 105. APPLICATION AND CONSTRUCTION. 17 SECTION 106. LEGAL RECOGNITION OF ELECTRONIC RECORDS, 18 SIGNATURES AND CONTRACTS. 19 SECTION 107. PROVISION OF INFORMATION IN WRITING. 20 SECTION 108. ATTRIBUTION AND EFFECT OF ELECTRONIC RECORD AND 21 SIGNATURE. 22 SECTION 109. EFFECT OF CHANGES AND ERRORS. 23 SECTION 110. NOTARIZATION AND ACKNOWLEDGMENT. 24 SECTION 111. RETENTION OF ELECTRONIC RECORDS AND ORIGINALS. 25 SECTION 112. ADMISSIBILITY IN EVIDENCE. 26 SECTION 113. FORMATION OF CONTRACT. 27 SECTION 114. TIME AND PLACE OF SENDING AND RECEIPT. 28 SECTION 115. TRANSFERABLE RECORDS. 29 CHAPTER 2. SECURE ELECTRONIC RECORDS AND SIGNATURES 30 SECTION 201. SECURE ELECTRONIC RECORDS. 31 SECTION 202. SECURE ELECTRONIC SIGNATURES. 32 SECTION 203. PRESUMPTIONS. 33 CHAPTER 3. GOVERNMENTAL ELECTRONIC RECORDS 19990S0555B1182 - 3 -
1 SECTION 301. CREATION AND RETENTION OF ELECTRONIC RECORDS; 2 CONVERSION OF WRITTEN RECORDS. 3 SECTION 302. SENDING AND ACCEPTING ELECTRONIC RECORDS. 4 SECTION 303. INTEROPERABILITY. 5 CHAPTER 4. MISCELLANEOUS PROVISIONS 6 SECTION 401. SEVERABILITY. 7 SECTION 402. EFFECTIVE DATE. 8 The General Assembly of the Commonwealth of Pennsylvania 9 hereby enacts as follows: 10 CHAPTER 1 <-- 11 PRELIMINARY PROVISIONS 12 Section 101. Short title. 13 This act shall be known and may be cited as the Electronic 14 Transactions Act. 15 Section 102. Purposes and construction. 16 This act shall be construed consistently with what is 17 commercially reasonable under the circumstances and to 18 effectuate the following purposes: 19 (1) To facilitate electronic communications by means of 20 reliable electronic records. 21 (2) To facilitate and promote electronic commerce, by 22 eliminating barriers resulting from uncertainties over 23 writing and signature requirements and by promoting the 24 development of the legal and business infrastructure 25 necessary to implement secure electronic commerce. 26 (3) To facilitate electronic filing of documents with 27 State and local government agencies and to promote efficient 28 delivery of government services by means of reliable 29 electronic records. 30 (4) To minimize the incidence of forged electronic 19990S0555B1182 - 4 -
1 records, intentional and unintentional alteration of records 2 and fraud in electronic commerce. 3 (5) To help to establish uniformity of rules and 4 standards regarding the authentication and integrity of 5 electronic records. 6 (6) To promote public confidence in the integrity and 7 reliability of electronic records and electronic commerce. 8 Section 103. Application. 9 (a) General rule.--This act applies to all parties involved 10 in generating, sending, receiving, storing or otherwise 11 processing electronic records and, except for section 509, may 12 be varied by an agreement of the parties. 13 (b) Application to executive agencies.-- 14 (1) Unless specifically provided by law to the contrary, 15 this act shall apply to all executive agencies. The 16 Governor's Office of Administration may adopt standards 17 setting forth the minimum security requirements for the use 18 of electronic records and electronic signatures by executive 19 agencies. The Governor's Office of Administration shall 20 specify appropriate minimum security requirements to be 21 implemented and followed by executive agencies. 22 (2) Notwithstanding the provisions of subsection (a), an 23 executive agency may not vary this act by any agreement that 24 is inconsistent with the standards published by the 25 Governor's Office of Administration without the written 26 approval of the Governor's Office of Administration. 27 (c) Application to independent agencies and State-affiliated 28 entities.--Independent agencies and State-affiliated entities 29 may adopt standards setting forth the minimum security 30 requirements for their use of electronic records and electronic 19990S0555B1182 - 5 -
1 signatures. 2 (d) Application to General Assembly and unified judicial 3 system.--The General Assembly and its agencies and the unified 4 judicial system and its agencies may adopt rules setting forth 5 the minimum security requirements for their use of electronic 6 records and electronic signatures. 7 (e) Application to political subdivisions.--Political 8 subdivisions may adopt a resolution or take other official 9 action setting forth the minimum security requirements for their 10 use of electronic records and electronic signatures. 11 Section 104. Definitions. 12 The following words and phrases when used in this act shall 13 have the meanings given to them in this section unless the 14 context clearly indicates otherwise: 15 "Department." The Department of State of the Commonwealth. 16 "Electronic." An electrical, digital, magnetic, optical, 17 electromagnetic or any other form of technology that entails 18 capabilities similar to these technologies. 19 "Electronic record." A record generated, communicated, 20 received or stored by electronic means for use in an information 21 system or for transmission from one information system to 22 another. 23 "Electronic signature." A signature in electronic form 24 attached to or logically associated with an electronic record. 25 "Executive agency." A department, board, commission, 26 authority or officer or agency of the executive branch of the 27 Commonwealth subject to the policy, supervision and control of 28 the Governor. 29 "Governmental entity." An executive agency, independent 30 agency, State-affiliated entity or other instrumentality of the 19990S0555B1182 - 6 -
1 Commonwealth. The term includes the General Assembly and its 2 agencies, the unified judicial system and its agencies as well 3 as all State-related institutions, authorities and political 4 subdivisions. 5 "Independent agency." A board, commission or other agency or 6 officer of the Commonwealth which is not subject to the policy 7 supervision and control of the Governor. This term does not 8 include any State-affiliated entity, any court or other officer 9 or agency of the unified judicial system, the General Assembly 10 and its officers and agencies, any State-related institution, 11 political subdivision or any local, regional or metropolitan 12 transportation authority. 13 "Information." Data, text, images, sound, codes, computer 14 programs, software, data bases and the like. 15 "Person." An individual, corporation, business trust, 16 estate, trust, partnership, limited partnership, limited 17 liability partnership, limited liability company, association, 18 joint venture, government, governmental entity, agency, or 19 instrumentality, or any other legal or commercial entity. 20 "Qualified security procedure." A methodology or procedure 21 approved by the Secretary of the Commonwealth or agreed upon by 22 the parties and used for the purpose of: 23 (1) verifying that an electronic record is that of a 24 specific person; or 25 (2) detecting error or alteration in the communication, 26 content or storage of an electronic record since a specific 27 point in time and that may use algorithms or codes, 28 identifying words or numbers, encryption, answer back or 29 acknowledgment procedures or similar security devices. 30 "Record." Information that is inscribed, stored or otherwise 19990S0555B1182 - 7 -
1 fixed on a tangible medium or that is stored in an electronic or 2 other medium and is retrievable in perceivable form. 3 "Secretary." The Secretary of the Commonwealth. 4 "Signature device." Unique information, including, but not 5 limited to, codes, algorithms, letters, numbers, personal 6 identification numbers (PINs) or a uniquely configured physical 7 device, that is required, alone or in conjunction with other 8 information or devices, in order to create an electronic 9 signature attributable to a specific person. 10 "Signed" or "signature." A symbol executed or adopted or a 11 security procedure employed or adopted, using electronic means 12 or otherwise, by or on behalf of a person with intent to 13 authenticate a record. 14 "State-affiliated entity." A Commonwealth authority or a 15 Commonwealth entity. The term includes the Pennsylvania Turnpike 16 Commission, the Pennsylvania Housing Finance Agency, the 17 Pennsylvania Municipal Retirement Board, the Pennsylvania 18 Infrastructure Investment Authority, the State Public School 19 Building Authority, the Pennsylvania Higher Education Facilities 20 Authority and the State System of Higher Education. The term 21 does not include a court or an officer or agency of the unified 22 judicial system, the General Assembly and its officers and 23 agencies, any State-related institution, political subdivision 24 or a local, regional or metropolitan transportation authority. 25 "Trustworthy manner." Through the use of computer hardware, 26 software and procedures that in the context in which they are 27 used: 28 (1) Can be shown to be reasonably resistant to 29 penetration, compromise and misuse. 30 (2) Provide a reasonable level of reliability and 19990S0555B1182 - 8 -
1 correct operation. 2 (3) Are reasonably suited to performing their intended 3 functions or serving their intended purposes. 4 (4) Comply with applicable agreements between the 5 parties, if any. 6 (5) Adhere to generally accepted security procedures. 7 Section 105. Public access to information. 8 Information or records created by or provided to a 9 governmental entity shall be subject to inspection and copying 10 only to the extent already required under the act of June 21, 11 1957 (P.L.390, No.212), referred to as the Right-to-Know Law. 12 CHAPTER 3 13 ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES 14 Section 301. Legal recognition. 15 Information, records, agreements and signatures may not be 16 denied legal effect, validity or enforceability solely on the 17 grounds that they are in electronic form. 18 Section 302. Electronic records. 19 (a) General rule.--Where a law requires information to be in 20 writing or provides for certain consequences if it is not, an 21 electronic record satisfies that law or regulation. 22 (b) Inapplicability.--This section shall not apply: 23 (1) when its application would involve construction of a 24 law or regulation that is clearly inconsistent with the 25 manifest intent of the lawmaking body or repugnant to the 26 context of the same law or regulation, provided that the mere 27 requirement that information be in writing or printed shall 28 not by itself be sufficient to establish the intent; 29 (2) to any law or regulation governing the creation or 30 execution of a will or trust, living will or health care 19990S0555B1182 - 9 -
1 power of attorney; or 2 (3) to any record that serves as a unique and 3 transferable instrument of rights and obligations, including, 4 without limitation, negotiable instruments and other 5 instruments of title wherein possession of the instrument is 6 deemed to confer title unless an electronic version of the 7 record is created, stored and transferred in a manner: 8 (i) that allows for the existence of only one 9 unique, identifiable and unalterable original with the 10 functional attributes of an equivalent physical 11 instrument; 12 (ii) that can be possessed by only one person; and 13 (iii) that cannot be copied except in a form that is 14 readily identifiable as a copy. 15 Section 303. Electronic signatures. 16 (a) General rule.--Where a law or regulation requires a 17 signature or provides for certain consequences if a document is 18 not signed, an electronic signature shall be deemed to satisfy 19 that law or regulation. 20 (b) Proof.--An electronic signature may be proved in any 21 manner, including, but not limited to, by showing that a 22 procedure existed by which a party must, of necessity, have 23 executed a symbol or security procedure for the purpose of 24 verifying that an electronic record is that of the party in 25 order to proceed further with a transaction. 26 (c) Inapplicability.--This section shall not apply: 27 (1) when its application would involve a construction of 28 a law or regulation that is clearly inconsistent with the 29 manifest intent of the lawmaking body or repugnant to the 30 context of the same law or regulation, provided that the mere 19990S0555B1182 - 10 -
1 requirement of a signature shall not by itself be sufficient 2 to establish the intent; 3 (2) to any law or regulation governing the creation or 4 execution of a will or trust, living will or health care 5 power of attorney; or 6 (3) to any record that serves as a unique and 7 transferable instrument of rights and obligations, including, 8 without limitation, a negotiable instrument and any other 9 instrument of title wherein possession of the instrument is 10 deemed to confer title unless an electronic version of that 11 record is created, stored and transferred in a manner: 12 (i) that allows for the existence of only one 13 unique, identifiable and unalterable original with the 14 functional attributes of an equivalent physical 15 instrument; 16 (ii) that can be possessed by only one person; and 17 (iii) that cannot be copied except in a form that is 18 readily identifiable as a copy. 19 Section 304. Original forms. 20 (a) General rule.--Where a law or regulation requires 21 information to be presented or retained in its original form or 22 provides consequences if the information is not presented or 23 retained in its original form, that law or regulation shall be 24 deemed satisfied by an electronic record if there exists 25 reliable assurance as to the integrity of the information from 26 the time when it was first generated in its final form as an 27 electronic record or otherwise. 28 (b) Assessment of integrity and standard of reliability.-- 29 (1) The criteria for assessing integrity 30 shall be whether the information has remained complete and 19990S0555B1182 - 11 -
1 unaltered, apart from the addition of any endorsement or 2 other information that arises in the normal course of 3 communication, storage and display. 4 (2) The standard of reliability required to ensure that 5 information has remained complete and unaltered shall be 6 assessed in the light of the purpose for which the 7 information was generated and in the light of all the 8 relevant circumstances. 9 (c) Inapplicability.--This section shall not apply to any 10 record that serves as a unique and transferable instrument of 11 rights and obligations, including, without limitation, a 12 negotiable instrument and any other instrument of title wherein 13 possession of the instrument is deemed to confer title unless an 14 electronic version of the record is created, stored and 15 transferred in a manner: 16 (1) that allows for the existence of only one unique, 17 identifiable and unalterable original with the functional 18 attributes of an equivalent physical instrument; 19 (2) that can be possessed by only one person; and 20 (3) that cannot be copied except in a form that is 21 readily identifiable as a copy. 22 Section 305. Admissibility into evidence. 23 (a) General rule.--In any legal proceeding, the 24 admissibility of an electronic record or electronic signature 25 into evidence may not be denied: 26 (1) on the sole ground that it is an electronic record 27 signature; or 28 (2) on the grounds that it is not in its original form 29 or is not an original. 30 (b) Weight of evidence.--Information in the form of an 19990S0555B1182 - 12 -
1 electronic record shall be given due evidentiary weight by the 2 trier of fact. In assessing the evidentiary weight of an 3 electronic record or electronic signature where its authenticity 4 is at issue, the trier of fact may consider: 5 (1) The manner in which it was generated, stored or 6 communicated. 7 (2) The reliability of the manner in which its integrity 8 was maintained. 9 (3) The manner in which its originator was identified or 10 the electronic record was signed. 11 (4) Any other relevant information or circumstances. 12 Section 306. Retention of electronic records. 13 (a) General rule.--Where a law or regulation requires that 14 certain documents, records or information be retained, that 15 requirement is met by retaining electronic records of the 16 information in a trustworthy manner provided that the following 17 conditions are satisfied: 18 (1) The electronic record and the information contained 19 therein are accessible so as to be usable for subsequent 20 reference at all times when the information must be retained. 21 (2) The information is retained in the format in which 22 it was originally generated, sent or received or in a format 23 that can be demonstrated to represent accurately the 24 information originally generated, sent or received. 25 (3) Such data as enables the identification of the 26 origin and destination of the information, the authenticity 27 and integrity of the information and retention of the date 28 and time when it was sent or received. 29 (b) Qualification.--An obligation to retain documents, 30 records or information in accordance with subsection (a) does 19990S0555B1182 - 13 -
1 not extend to any data, the sole purpose of which is to enable 2 the record to be sent or received. 3 (c) Construction.--Nothing in this section shall be 4 construed to prohibit a governmental entity from specifying 5 additional requirements for the retention and use of records 6 that are subject to the jurisdiction of the entity. 7 Section 307. Electronic use not required. 8 Nothing in this act shall be construed to: 9 (1) require any person to create, store, transmit, 10 accept or otherwise use or communicate information, records 11 or signatures by electronic means or in electronic form; or 12 (2) prohibit any person engaged in an electronic 13 transaction from establishing reasonable requirements 14 regarding the medium on which it will accept records or the 15 method and type of symbol or security procedure it will 16 accept as a signature. 17 Section 308. Applicability of other statutes. 18 (a) Laws.--Notwithstanding any other provision of this act, 19 if any other law requires approval by a governmental entity 20 prior to the use or retention of electronic records or the use 21 of electronic signatures, the provisions of that other law shall 22 also apply. 23 (b) Discretion to governmental entities.--Nothing in this 24 act shall prohibit a governmental entity from requiring persons 25 who are authorized to do business in this Commonwealth to use 26 nonelectronic records or signatures. 27 CHAPTER 5 28 SECURE ELECTRONIC RECORDS AND SECURE ELECTRONIC SIGNATURES 29 Section 501. Secure electronic records. 30 (a) General rule.--If through the use of a qualified 19990S0555B1182 - 14 -
1 security procedure it can be verified that an electronic record 2 has not been altered since a specified point in time, then the 3 electronic record shall be considered to be a secure electronic 4 record from the specified point in time to the time of 5 verification if the relying party establishes that the qualified 6 security procedure was: 7 (1) Commercially reasonable under the circumstances. 8 (2) Applied by the relying party in a trustworthy 9 manner. 10 (3) Reasonably and in good faith relied upon by the 11 relying party. 12 (b) Qualified security procedures.--A qualified security 13 procedure for purposes of this section is a security procedure 14 to detect changes in the content of an electronic record that 15 is: 16 (1) previously agreed to by the parties; or 17 (2) certified by the secretary in accordance with 18 section 901 as being capable of providing reliable evidence 19 that an electronic record has not been altered. 20 Section 502. Secure electronic signatures. 21 (a) General rule.--If through the use of a qualified 22 security procedure it can be verified that an electronic 23 signature is the signature of a specific person, then the 24 electronic signature shall be considered to be a secure 25 electronic signature at the time of verification if the relying 26 party establishes that the qualified security procedure was: 27 (1) Commercially reasonable under the circumstances. 28 (2) Applied by the relying party in a trustworthy 29 manner. 30 (3) Reasonably and in good faith relied upon by the 19990S0555B1182 - 15 -
1 relying party. 2 (b) Qualified security procedure.--A qualified security 3 procedure for purposes of this section is a security procedure 4 for identifying a person that is: 5 (1) previously agreed to by the parties; or 6 (2) certified by the secretary in accordance with 7 section 901 as being capable of creating in a trustworthy 8 manner an electronic signature that: 9 (i) is unique to the signer within the context in 10 which it is used; 11 (ii) can be used to objectively identify the person 12 signing the electronic record; 13 (iii) was reliably created by the identified person, 14 insofar as some aspect of the procedure involves the use 15 of a signature device or other means or method that is 16 under the sole control of this person, and that it cannot 17 be readily duplicated or compromised; and 18 (iv) is created and is linked to the electronic 19 record to which it relates in a manner such that if the 20 record or the signature is intentionally or 21 unintentionally changed after signing, the electronic 22 signature is invalidated. 23 Section 503. Commercially reasonableness and reliance. 24 (a) Considerations for determining commercial 25 reasonableness.--The commercial reasonableness of a security 26 procedure is a question of law to be determined in light of the 27 purposes of the procedure and the commercial circumstances at 28 the time the procedure was used, including: 29 (1) The nature of the transaction. 30 (2) Sophistication of the parties. 19990S0555B1182 - 16 -
1 (3) Volume of similar transactions engaged in by either 2 or both of the parties. 3 (4) Availability of alternatives offered to but rejected 4 by either of the parties. 5 (5) Cost of alternative procedures. 6 (6) Procedures in general use for similar types of 7 transactions. 8 (b) Considerations for determining reliance.--Whether 9 reliance on a security procedure was reasonable and in good 10 faith is to be determined in light of all the circumstances 11 known to the relying party at the time of the reliance, giving 12 due regard to the: 13 (1) information that the relying party knew or should 14 have known at the time of reliance that would suggest that 15 reliance was or was not reasonable; 16 (2) the value or importance of the electronic record, if 17 known; 18 (3) the course of dealing between the relying party and 19 the purported sender, if any, and the available indicia of 20 reliability or unreliability apart from the security 21 procedure; 22 (4) the usage of trade, particularly if the trade is 23 conducted by trustworthy systems or other computer-based 24 means, if any; and 25 (5) whether the verification was performed with the 26 assistance of an independent third party. 27 Section 504. Rebuttable presumptions. 28 (a) Secure electronic records.--In resolving a civil dispute 29 involving a secure electronic record, it shall be rebuttably 30 presumed that the electronic record has not been altered since 19990S0555B1182 - 17 -
1 the specific point in time to which the secure status relates. 2 (b) Secure electronic signatures.--In resolving a civil 3 dispute involving a secure electronic signature, it shall be 4 rebuttably presumed that the secure electronic signature is the 5 signature of the person to whom it correlates. 6 (c) Effect of presumptions.--The effect of the presumptions 7 set forth in this section is to place on the party challenging 8 the integrity of a secure electronic record or challenging the 9 genuineness of a secure electronic signature with both the 10 burden of going forward with evidence to rebut the presumption 11 and the burden of persuading the trier of fact that the 12 nonexistence of the presumed fact is more probable than its 13 existence. 14 (d) Existing law and rules.--In the absence of a secure 15 electronic record or a secure electronic signature, nothing in 16 this act shall change existing law or evidentiary rules 17 regarding the burden of proving the authenticity and integrity 18 of an electronic record or an electronic signature. 19 Section 505. Creation and control of signature devices. 20 Except as otherwise provided by another applicable rule of 21 law, whenever the creation, validity or reliability of an 22 electronic signature created by a qualified security procedure 23 under section 501 or 502 is dependent upon the secrecy or 24 control of a signature device of the signer: 25 (1) The person generating or creating the signature 26 device must do so in a trustworthy manner. 27 (2) The signer and all other persons that rightfully 28 have access to the device must exercise reasonable care to 29 retain control and maintain the secrecy of the device and to 30 protect it from any unauthorized access, disclosure or use 19990S0555B1182 - 18 -
1 during the period when reliance on a signature created by the 2 device is reasonable. 3 (3) In the event that the signer or any other person 4 that rightfully has access to the device knows or has reason 5 to know that the secrecy or control of the device has been 6 compromised, that person must make a reasonable effort: 7 (i) to promptly notify all persons who might 8 foreseeably be damaged as a result of the compromise; or 9 (ii) where an appropriate publication mechanism is 10 available, to publish notice of the compromise and a 11 disavowal of any signatures created thereafter. For 12 executive agencies, independent agencies and State- 13 affiliated entities, notice may include publication in 14 the Pennsylvania Bulletin. 15 Section 506. Attribution of signature. 16 Except as provided by another applicable law or regulation, a 17 secure electronic signature is attributable to the person to 18 whom it correlates, whether or not authorized, if: 19 (1) The electronic signature resulted from acts of a 20 person that obtained the signature device or other 21 information necessary to create the signature from a source 22 under the control of the alleged signer, creating the 23 appearance that it came from that party. 24 (2) The access or use occurred under circumstances 25 constituting a failure to exercise reasonable care by the 26 alleged signer. 27 (3) The relying party relied reasonably and in good 28 faith to his detriment on the apparent source of the 29 electronic record. 30 Section 507. Notarization and acknowledgment. 19990S0555B1182 - 19 -
1 If a law or regulation requires that a signature be notarized 2 or acknowledged or provides consequences in the absence of a 3 notarization or acknowledgment, the requirement is satisfied 4 with respect to an electronic record if a security procedure was 5 applied to the electronic signature which establishes by clear 6 and convincing evidence the identity of the person signing the 7 electronic record. 8 Section 508. Secretary's authority to certify security 9 procedures. 10 (a) Investigation and review.--A security procedure may be 11 certified by the secretary as a qualified security procedure for 12 purposes of sections 501 and 502 following an appropriate 13 investigation or review if: 14 (1) The security procedure, including any technology and 15 algorithms it employs, is completely open and fully disclosed 16 to the public and has been so for a sufficient length of time 17 so as to facilitate a comprehensive review and evaluation of 18 its suitability for the intended purpose by the applicable 19 information security or scientific community. 20 (2) The security procedure, including any technology and 21 algorithms it employs, has been generally accepted in the 22 applicable information security or scientific community as 23 being capable of satisfying the requirements of section 501 24 or 502 as applicable in a trustworthy manner. 25 (b) Opinion of independent experts.--In making a 26 determination regarding whether the security procedure, 27 including any technology and algorithms it employs, has been 28 generally accepted in the applicable information security or 29 scientific community, the secretary shall consider the opinion 30 of independent experts in the applicable field and the published 19990S0555B1182 - 20 -
1 findings of the community, including applicable standards 2 organizations such as the American National Standards Institute 3 (ANSI), International Standards Organization (ISO), 4 International Telecommunications Union (ITU) and the National 5 Institute of Standards and Technology (NIST). 6 (c) Regulation.--Certification under this section shall be 7 performed through the adoption of regulations in accordance with 8 the act of June 25, 1982 (P.L.633, No.181), known as the 9 Regulatory Review Act, and shall specify a full and complete 10 identification of the security procedure, including requirements 11 as to how it is to be implemented, if appropriate. 12 (d) Decertification.--If subsequent developments establish 13 that the security procedure is no longer sufficiently 14 trustworthy or reliable for its intended purpose or for any 15 other reason no longer meets the requirements for certification, 16 the secretary may, following an appropriate investigation and 17 review, decertify a security procedure as a qualified security 18 procedure for purposes of section 501 or 502 by publishing 19 notice of the decertification in the Pennsylvania Bulletin. 20 (e) Exclusive authority.--The secretary shall have exclusive 21 authority to certify and decertify security procedures under 22 this section. 23 § 509. Unauthorized use of signature device. 24 (a) Offense defined.--A person commits an offense if he: 25 (1) knowingly or intentionally accesses, copies or 26 otherwise obtains possession of or recreates the signature 27 device of another person without authorization for the 28 purpose of creating, allowing or causing another person to 29 create an unauthorized electronic signature using such 30 signature device; or 19990S0555B1182 - 21 -
1 (2) knowingly alters, discloses or uses the signature 2 device of another person without authorization, or in excess 3 of lawful authorization, for the purpose of creating, or 4 allowing or causing another person to create, an unauthorized 5 electronic signature using such signature device. 6 (b) Grading.--An offense under subsection (a)(1) is a 7 misdemeanor of the first degree. An offense under subsection 8 (a)(2) is a felony of the third degree, except that an offense 9 under subsection (a)(2) in furtherance of any scheme or artifice 10 to defraud in excess of $50,000 is a felony of the second 11 degree. 12 CHAPTER 7 13 USE OF ELECTRONIC RECORDS AND SIGNATURES 14 BY GOVERNMENTAL ENTITIES 15 Section 701. Use of electronic records by governmental 16 entities. 17 (a) Executive agencies.--In accordance with the standards 18 published by the Governor's Office of Administration, each 19 executive agency shall determine if and the extent to which it 20 will send and receive electronic records and electronic 21 signatures to and from other persons and otherwise create, use, 22 store and rely upon electronic records and electronic 23 signatures. 24 (b) Governmental entities.-- 25 (1) All other governmental entities shall determine if 26 and the extent to which they will send and receive electronic 27 signatures to and from other persons and otherwise create, 28 use, store and rely upon electronic records and electronic 29 signatures. 30 (2) In any case where a governmental entity decides to 19990S0555B1182 - 22 -
1 send or receive electronic records or to accept document 2 filings by electronic records, the governmental entity may, 3 giving due consideration to security, specify: 4 (i) The manner and format in which the electronic 5 records must be created, sent, received and stored. 6 (ii) If the electronic records must be signed, the 7 type of electronic signature required, the manner and 8 format in which the signature must be affixed to the 9 electronic record and the identity of or criteria that 10 must be met by any third party used by the person filing 11 the document to facilitate the process. 12 (iii) Control processes and procedures as 13 appropriate to ensure adequate integrity, security, 14 confidentiality and to audit the electronic records. 15 (iv) Any other required attributes for the 16 electronic records that are currently specified for 17 corresponding paper documents, or reasonably necessary 18 under the circumstances. 19 (c) Minimum standards.--Standards adopted by an executive 20 agency shall include the relevant minimum security requirements 21 established by the Governor's Office of Administration, if any. 22 (d) Effect of certain electronic record filings.--Whenever 23 any law or regulation requires or authorizes the filing of any 24 information, notice, lien or other document or record with any 25 governmental entity, a filing made by an electronic record shall 26 have the same force and effect as a filing made on paper in all 27 cases where the governmental agency has authorized or agreed to 28 the electronic filing and the filing is made in accordance with 29 the applicable rules or agreement. 30 (e) Construction.--Nothing in this act shall be construed to 19990S0555B1182 - 23 -
1 require a governmental entity to use or to permit the use of 2 electronic records or electronic signatures. 3 Section 702. Adoption of standards for use by governmental 4 entities. 5 (a) Governor's Office of Administration.--The Governor's 6 Office of Administration may establish standards setting forth 7 minimum security requirements for the use of electronic records 8 and electronic signatures by executive agencies. The Governor's 9 Office of Administration shall specify appropriate minimum 10 security requirements to be implemented and followed by 11 executive agencies. 12 (b) Minimum security requirement standards.--Governmental 13 entities may establish standards setting forth minimum security 14 requirements for the use of electronic records and electronic 15 signatures. 16 Section 703. Interoperability. 17 To the extent reasonable under the circumstances, the 18 standards adopted by the Governor's Office of Administration or 19 any other governmental entity relating to the use of electronic 20 records or electronic signatures shall be drafted in a manner 21 designed to encourage and promote consistency and 22 interoperability with similar requirements adopted by government 23 agencies of the Federal Government and other states. 24 CHAPTER 9 25 ADMINISTRATION 26 Section 901. Departmental regulations. 27 (a) Interim regulation.-- 28 (1) Within 90 days of the effective date of this act, 29 the department shall promulgate interim regulations 30 applicable to both governmental entities and the private 19990S0555B1182 - 24 -
1 sector in order to implement this act. The regulations may 2 establish fees to be charged by the department to recover all 3 or a portion of its costs. 4 (2) In developing the interim regulations, the 5 department shall provide maximum flexibility to the 6 implementation and incorporation of technology and, to the 7 extent reasonably possible, maximize the opportunities for 8 uniformity with the laws of other jurisdictions, both within 9 the United States and internationally. 10 (3) The interim regulations shall not be subject to 11 review under any of the following: 12 (i) Section 205 of the act of July 31, 1968 13 (P.L.769, No.240), referred to as the Commonwealth 14 Documents Law. 15 (ii) Section 204(b) of the act of October 15, 1980 16 (P.L.950, No.164), known as the Commonwealth Attorneys 17 Act. 18 (iii) Act of June 25, 1982 (P.L.633, No.181), known 19 as the Regulatory Review Act. 20 (b) Other regulations.--The interim regulations under 21 subsection (a) shall expire July 1, 2001 and shall be replaced 22 with regulations that are promulgated as provided by law. 23 Section 902. Enforcement. 24 The secretary may investigate complaints or other information 25 indicating violations of rules adopted by the secretary under 26 this act. The secretary shall refer to the Attorney General for 27 such action as the Attorney General may deem appropriate all 28 information the secretary obtains that discloses a violation of 29 any provision of this act or the regulations adopted under this 30 act. 19990S0555B1182 - 25 -
1 CHAPTER 11 2 MISCELLANEOUS PROVISIONS 3 Section 1101. Severability. 4 The provisions of this act are severable. If any provision of 5 this act or its application to any person or circumstance is 6 held invalid, the invalidity shall not affect other provisions 7 or applications of this act which can be given effect without 8 the invalid provision or application. 9 Section 1102. Effective date. 10 This act shall take effect in 30 days. 11 CHAPTER 1 <-- 12 GENERAL PROVISIONS 13 SECTION 101. SHORT TITLE. 14 THIS ACT SHALL BE KNOWN AND MAY BE CITED AS THE ELECTRONIC 15 TRANSACTIONS ACT. 16 SECTION 102. DEFINITIONS. 17 THE FOLLOWING WORDS AND PHRASES WHEN USED IN THIS ACT SHALL 18 HAVE THE MEANINGS GIVEN TO THEM IN THIS SECTION UNLESS THE 19 CONTEXT CLEARLY INDICATES OTHERWISE: 20 "AGREEMENT." THE BARGAIN OF THE PARTIES IN FACT AS FOUND IN 21 THEIR LANGUAGE OR INFERRED FROM OTHER CIRCUMSTANCES, AND RULES, 22 REGULATIONS AND PROCEDURES GIVEN THE EFFECT OF AGREEMENTS UNDER 23 LAWS OTHERWISE APPLICABLE TO A PARTICULAR TRANSACTION. 24 "AUTOMATED TRANSACTION." A TRANSACTION CONDUCTED OR 25 PERFORMED, IN WHOLE OR IN PART, BY ELECTRONIC MEANS OR 26 ELECTRONIC RECORDS IN WHICH THE ACTS OR RECORDS OF ONE OR BOTH 27 PARTIES ARE NOT REVIEWED BY AN INDIVIDUAL IN THE ORDINARY COURSE 28 IN FORMING A CONTRACT, PERFORMING UNDER AN EXISTING CONTRACT OR 29 FULFILLING ANY OBLIGATION REQUIRED BY THE TRANSACTION. 30 "COMPUTER PROGRAM." A SET OF STATEMENTS OR INSTRUCTIONS TO 19990S0555B1182 - 26 -
1 BE USED DIRECTLY OR INDIRECTLY IN AN INFORMATION PROCESSING 2 SYSTEM IN ORDER TO BRING ABOUT A CERTAIN RESULT. THE TERM DOES 3 NOT INCLUDE INFORMATIONAL CONTENT. 4 "CONSUMER." AN INDIVIDUAL INVOLVED IN A TRANSACTION 5 PRIMARILY FOR PERSONAL, FAMILY OR HOUSEHOLD PURPOSES. 6 "CONTRACT." THE TOTAL LEGAL OBLIGATION RESULTING FROM THE 7 PARTIES' AGREEMENT AS AFFECTED BY THIS ACT AND OTHER APPLICABLE 8 LAW. 9 "ELECTRONIC." OF OR RELATING TO TECHNOLOGY HAVING 10 ELECTRICAL, DIGITAL, MAGNETIC, WIRELESS, OPTICAL, 11 ELECTROMAGNETIC OR SIMILAR CAPABILITIES. 12 "ELECTRONIC AGENT." A COMPUTER PROGRAM OR ELECTRONIC OR 13 OTHER AUTOMATED MEANS USED TO INITIATE OR RESPOND TO ELECTRONIC 14 RECORDS OR PERFORMANCES IN WHOLE OR IN PART, WITHOUT REVIEW BY 15 AN INDIVIDUAL IN THE ORDINARY COURSE OF A TRANSACTION. 16 "ELECTRONIC RECORD." A RECORD CREATED, STORED, GENERATED, 17 RECEIVED OR COMMUNICATED BY ELECTRONIC MEANS. 18 "ELECTRONIC SIGNATURE." AN ELECTRONIC IDENTIFYING SOUND, 19 SYMBOL OR PROCESS ATTACHED TO OR LOGICALLY CONNECTED WITH AN 20 ELECTRONIC RECORD AND EXECUTED OR ADOPTED BY A PERSON WITH THE 21 INTENT TO ASSOCIATE THE PERSON WITH THE ELECTRONIC RECORD. 22 "EXECUTIVE AGENCY." A DEPARTMENT, BOARD, COMMISSION, 23 AUTHORITY OR OFFICER OR AGENCY OF THE EXECUTIVE BRANCH OF THE 24 COMMONWEALTH SUBJECT TO THE POLICY, SUPERVISION AND CONTROL OF 25 THE GOVERNOR. 26 "GOVERNMENTAL AGENCY." AN EXECUTIVE AGENCY, INDEPENDENT 27 AGENCY, STATE-AFFILIATED ENTITY OR OTHER INSTRUMENTALITY OF THE 28 COMMONWEALTH. THE TERM INCLUDES STATE-RELATED INSTITUTIONS, 29 AUTHORITIES AND POLITICAL SUBDIVISIONS. 30 "INFORMATION." DATA, TEXT, IMAGES, SOUNDS, CODES, COMPUTER 19990S0555B1182 - 27 -
1 PROGRAMS, SOFTWARE, DATA BASES OR THE LIKE. 2 "INFORMATION PROCESSING SYSTEM." AN ELECTRONIC SYSTEM FOR 3 CREATING, GENERATING, SENDING, RECEIVING, STORING, DISPLAYING OR 4 PROCESSING INFORMATION. 5 "INFORMATIONAL CONTENT." INFORMATION THAT IS INTENDED TO BE 6 COMMUNICATED TO OR PERCEIVED BY AN INDIVIDUAL IN THE ORDINARY 7 USE OF THE INFORMATION. 8 "PERSON." AN INDIVIDUAL, CORPORATION, BUSINESS TRUST, 9 ESTATE, TRUST, PARTNERSHIP, LIMITED LIABILITY COMPANY, 10 ASSOCIATION, JOINT VENTURE, GOVERNMENTAL AGENCY OR PUBLIC 11 CORPORATION, OR ANY OTHER LEGAL OR COMMERCIAL ENTITY. 12 "RECORD." INFORMATION THAT IS INSCRIBED ON A TANGIBLE MEDIUM 13 OR THAT IS STORED IN AN ELECTRONIC OR OTHER MEDIUM AND IS 14 RETRIEVABLE IN PERCEIVABLE FORM. 15 "SECURITY PROCEDURE." A PROCEDURE EMPLOYED FOR THE PURPOSE 16 OF VERIFYING THAT AN ELECTRONIC SIGNATURE, RECORD OR PERFORMANCE 17 IS THAT OF A SPECIFIC PERSON OR FOR DETECTING CHANGES OR ERRORS 18 IN THE INFORMATIONAL CONTENT OF AN ELECTRONIC RECORD. THE TERM 19 INCLUDES A PROCEDURE THAT REQUIRES THE USE OF ALGORITHMS OR 20 OTHER CODES, IDENTIFYING WORDS OR NUMBERS, ENCRYPTION, CALLBACK 21 OR OTHER ACKNOWLEDGMENT PROCEDURES. 22 "TRANSACTION." AN ACTION OR SET OF ACTIONS RELATING TO THE 23 CONDUCT OF BUSINESS OR GOVERNMENTAL AFFAIRS AND OCCURRING 24 BETWEEN TWO OR MORE PERSONS. 25 "TRANSFERABLE RECORD." AN ELECTRONIC RECORD THAT: 26 (1) IF THE ELECTRONIC RECORD WERE IN WRITING, WOULD BE A 27 NOTE UNDER DIVISION 3 OF THE UNIFORM COMMERCIAL CODE (13 28 PA.C.S. § 101 ET SEQ.); AND 29 (2) THE OBLIGOR HAS AGREED EXPRESSLY IS SUBJECT TO THE 30 PROVISIONS OF THIS ACT. 19990S0555B1182 - 28 -
1 "WRITING." PRINTING, TYPEWRITING AND ANY OTHER INTENTIONAL 2 REDUCTION OF A RECORD TO TANGIBLE FORM. THE TERM HAS A 3 CORRESPONDING MEANING. 4 SECTION 103. SCOPE. 5 (A) APPLICATION OF ACT.--EXCEPT AS OTHERWISE PROVIDED IN 6 SUBSECTION (B), THIS ACT APPLIES TO ELECTRONIC RECORDS AND 7 ELECTRONIC SIGNATURES THAT RELATE TO ANY TRANSACTION. 8 (B) EXCEPTIONS.--THIS ACT DOES NOT APPLY TO ELECTRONIC 9 RECORDS AND ELECTRONIC SIGNATURES WHEN USED FOR PURPOSES OF 10 TRANSACTIONS GOVERNED BY ANY OF THE FOLLOWING: 11 (1) A LAW GOVERNING THE CREATION AND EXECUTION OF WILLS, 12 CODICILS AND TESTAMENTARY TRUSTS. 13 (2) DIVISIONS 3, 4, 4A, 5, 7 AND 8 OF THE UNIFORM 14 COMMERCIAL CODE (13 PA.C.S. § 101 ET SEQ.). 15 (3) REVISED DIVISIONS 2, 2A AND 9 OF THE UNIFORM 16 COMMERCIAL CODE (13 PA.C.S. § 101 ET SEQ.). 17 (4) OTHER LAWS, IF ANY, IDENTIFIED BY THE COMMONWEALTH. 18 (5) LAWS SPECIFICALLY EXCLUDED BY ANY GOVERNMENTAL 19 AGENCY OF THIS COMMONWEALTH UNDER CHAPTER 2. 20 (C) ELECTRONIC RECORDS AND SIGNATURES.--THIS ACT APPLIES TO 21 ELECTRONIC RECORDS AND SIGNATURES OTHERWISE SUBJECT TO 22 SUBSECTION (B) WHEN USED FOR PURPOSES OF TRANSACTIONS GOVERNED 23 BY LAWS OTHER THAN THOSE SPECIFIED IN SUBSECTION (B). 24 (D) EXCEPTION.--THIS ACT DOES NOT AFFECT A REQUIREMENT IN A 25 LAW RELATING TO A SPECIFIC MEANS OF DELIVERY OR DISPLAY OF 26 INFORMATION. 27 (E) OTHER SUBSTANTIVE LAW.--A TRANSACTION SUBJECT TO THIS 28 ACT IS ALSO SUBJECT TO OTHER APPLICABLE SUBSTANTIVE LAW. THESE 29 LAWS MUST BE CONSTRUED, WHENEVER REASONABLE, AS CONSISTENT WITH 30 THIS ACT. 19990S0555B1182 - 29 -
1 SECTION 104. USE OF ELECTRONIC RECORDS AND SIGNATURES; 2 VARIATION BY AGREEMENT. 3 (A) ELECTRONIC MEANS OR FORM NOT REQUIRED.--THIS ACT DOES 4 NOT REQUIRE THAT RECORDS OR SIGNATURES BE GENERATED, STORED, 5 SENT, RECEIVED OR OTHERWISE PROCESSED OR USED BY ELECTRONIC 6 MEANS OR IN ELECTRONIC FORM. 7 (B) REASONABLE USE.--THE USE OF AN ELECTRONIC RECORD OR 8 ELECTRONIC SIGNATURE IN A TRANSACTION MUST BE REASONABLE. 9 WHETHER THE USE OF AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE 10 IN A TRANSACTION IS REASONABLE MUST BE DETERMINED FROM THE 11 CIRCUMSTANCES AND CONTEXT IN WHICH IT IS USED, INCLUDING THE 12 PARTIES' STATEMENTS AND AGREEMENT, IF ANY, AND OTHER APPLICABLE 13 LAW. THE OBLIGATION OF REASONABLENESS PRESCRIBED IN THIS 14 SUBSECTION MAY NOT BE DISCLAIMED BY AGREEMENT. 15 (C) VARIATION BY AGREEMENT.--EXCEPT AS OTHERWISE PROVIDED IN 16 THIS ACT, THE EFFECT OF ANY PROVISION OF THIS ACT MAY BE VARIED 17 BY AGREEMENT BETWEEN PARTIES INVOLVED IN GENERATING, STORING, 18 SENDING, RECEIVING OR OTHERWISE PROCESSING OR USING ELECTRONIC 19 RECORDS OR ELECTRONIC SIGNATURES. THE PRESENCE IN CERTAIN 20 PROVISIONS OF THIS ACT OF THE WORDS "UNLESS OTHERWISE AGREED," 21 OR WORDS OF SIMILAR IMPORT, DOES NOT IMPLY THAT THE EFFECT OF 22 OTHER PROVISIONS MAY NOT BE VARIED BY AGREEMENT. 23 (D) LEGAL CONSEQUENCES OF AGREEMENT.--WHETHER AN AGREEMENT 24 HAS LEGAL CONSEQUENCES IS DETERMINED BY THIS ACT, IF APPLICABLE; 25 OTHERWISE, IT IS DETERMINED BY OTHER APPLICABLE RULES OF LAW. 26 SECTION 105. APPLICATION AND CONSTRUCTION. 27 THIS ACT MUST BE CONSTRUED AND APPLIED, CONSISTENTLY WITH 28 REASONABLE PRACTICES UNDER THE CIRCUMSTANCES, TO FACILITATE 29 ELECTRONIC TRANSACTIONS AND TO EFFECTUATE ITS GENERAL PURPOSE TO 30 MAKE UNIFORM THE LAW WITH RESPECT TO THE SUBJECT OF THIS ACT 19990S0555B1182 - 30 -
1 AMONG STATES ENACTING IT. 2 SECTION 106. LEGAL RECOGNITION OF ELECTRONIC RECORDS, 3 SIGNATURES AND CONTRACTS. 4 (A) ELECTRONIC FORM.--A RECORD OR SIGNATURE MAY NOT BE 5 DENIED LEGAL EFFECT OR ENFORCEABILITY SOLELY BECAUSE IT IS IN 6 ELECTRONIC FORM. 7 (B) USE OF ELECTRONIC RECORD.--A CONTRACT MAY NOT BE DENIED 8 LEGAL EFFECT OR ENFORCEABILITY SOLELY BECAUSE AN ELECTRONIC 9 RECORD WAS USED IN ITS FORMATION. 10 (C) ELECTRONIC RECORD.--IF A LAW REQUIRES A RECORD TO BE IN 11 WRITING OR PROVIDES CONSEQUENCES IF IT IS NOT, AN ELECTRONIC 12 RECORD SATISFIES THE LAW. 13 (D) ELECTRONIC SIGNATURE.--IF A LAW REQUIRES A SIGNATURE OR 14 PROVIDES CONSEQUENCES IN THE ABSENCE OF A SIGNATURE, THE LAW IS 15 SATISFIED WITH RESPECT TO AN ELECTRONIC RECORD IF THE ELECTRONIC 16 RECORD INCLUDES AN ELECTRONIC SIGNATURE. 17 (E) REASONABLE REQUIREMENTS.--AS PART OF A TRANSACTION, 18 NOTHING IN THIS ACT PRECLUDES A PERSON FROM ESTABLISHING 19 REASONABLE REQUIREMENTS REGARDING THE TYPE OF RECORDS OR 20 SIGNATURES ACCEPTABLE TO IT. 21 SECTION 107. PROVISION OF INFORMATION IN WRITING. 22 (A) ELECTRONIC RECORD.--IF A LAW REQUIRES A PERSON TO 23 PROVIDE INFORMATION IN WRITING TO ANOTHER PERSON, THAT 24 REQUIREMENT IS SATISFIED IF THE INFORMATION IS PROVIDED TO THE 25 PERSON IN AN ELECTRONIC RECORD THAT THE PERSON IS CAPABLE OF 26 ACCESSING AND RETAINING FOR SUBSEQUENT REFERENCE. 27 (B) SECTION NOT VARIED BY AGREEMENT.--THE EFFECT OF THIS 28 SECTION MAY NOT BE VARIED BY AGREEMENT. 29 SECTION 108. ATTRIBUTION AND EFFECT OF ELECTRONIC RECORD AND 30 SIGNATURE. 19990S0555B1182 - 31 -
1 (A) GENERAL RULE.--AN ELECTRONIC RECORD OR ELECTRONIC 2 SIGNATURE IS ATTRIBUTABLE TO A PERSON IF IT WAS IN FACT THE ACT 3 OF THE PERSON OR ITS ELECTRONIC AGENT. ATTRIBUTION MAY BE PROVED 4 IN ANY MANNER, INCLUDING A SHOWING OF THE EFFICACY OF ANY 5 SECURITY PROCEDURE APPLIED TO DETERMINE THE PERSON TO WHICH THE 6 ELECTRONIC RECORD OR ELECTRONIC SIGNATURE WAS ATTRIBUTABLE. 7 (B) DETERMINATION OF EFFECT.--THE EFFECT OF AN ELECTRONIC 8 RECORD OR ELECTRONIC SIGNATURE ATTRIBUTED TO A PERSON UNDER 9 SUBSECTION (A) MUST BE DETERMINED FROM THE CONTEXT AND 10 SURROUNDING CIRCUMSTANCES AT THE TIME OF ITS CREATION, EXECUTION 11 OR ADOPTION, INCLUDING THE PARTIES' AGREEMENT, IF ANY, AND AS 12 OTHERWISE PROVIDED BY LAW. 13 SECTION 109. EFFECT OF CHANGES AND ERRORS. 14 UNLESS OTHERWISE AGREED, IF A CHANGE OR ERROR IN AN 15 ELECTRONIC RECORD OCCURS IN A TRANSMISSION BETWEEN PARTIES TO A 16 TRANSACTION, THE FOLLOWING RULES APPLY: 17 (1) IF THE PARTIES HAVE AGREED TO USE A SECURITY 18 PROCEDURE TO DETECT CHANGES OR ERRORS AND ONE PARTY HAS 19 CONFORMED TO THE PROCEDURE, BUT THE OTHER PARTY HAS NOT, AND 20 THE NONCONFORMING PARTY WOULD HAVE DETECTED THE CHANGE OR 21 ERROR HAD THAT PARTY ALSO CONFORMED, THE EFFECT OF THE 22 CHANGED OR ERRONEOUS ELECTRONIC RECORD IS AVOIDABLE BY THE 23 CONFORMING PARTY. 24 (2) IN AN AUTOMATED TRANSACTION INVOLVING AN INDIVIDUAL, 25 THE INDIVIDUAL MAY AVOID THE EFFECT OF AN ELECTRONIC RECORD 26 THAT RESULTED FROM AN ERROR BY THE INDIVIDUAL MADE IN DEALING 27 WITH THE ELECTRONIC AGENT OF ANOTHER PERSON ONLY IF THE 28 ELECTRONIC AGENT DID NOT PROVIDE AN OPPORTUNITY FOR THE 29 PREVENTION OR CORRECTION OF THE ERROR AND, AT THE TIME THE 30 INDIVIDUAL LEARNS OF THE ERROR, THE INDIVIDUAL: 19990S0555B1182 - 32 -
1 (I) PROMPTLY NOTIFIES THE OTHER PERSON OF THE ERROR 2 AND THAT THE INDIVIDUAL DID NOT INTEND TO BE BOUND BY THE 3 ELECTRONIC RECORD RECEIVED BY THE OTHER PERSON; 4 (II) TAKES REASONABLE STEPS, INCLUDING STEPS THAT 5 CONFORM TO THE OTHER PERSON'S REASONABLE INSTRUCTIONS, TO 6 RETURN TO THE OTHER PERSON OR, IF INSTRUCTED BY THE OTHER 7 PERSON, TO DESTROY THE CONSIDERATION RECEIVED, IF ANY, AS 8 A RESULT OF THE ERRONEOUS ELECTRONIC RECORD; AND 9 (III) HAS NOT USED OR RECEIVED THE BENEFIT OR VALUE 10 OF THE CONSIDERATION, IF ANY, RECEIVED FROM THE OTHER 11 PERSON. 12 (3) IF NEITHER PARAGRAPH (1) NOR (2) APPLIES, THE CHANGE 13 OR ERROR HAS THE EFFECT PROVIDED BY LAW, INCLUDING THE LAW OF 14 MISTAKE, AND THE PARTIES' CONTRACT, IF ANY. 15 SECTION 110. NOTARIZATION AND ACKNOWLEDGMENT. 16 IF A LAW REQUIRES THAT A SIGNATURE BE NOTARIZED OR 17 ACKNOWLEDGED OR PROVIDES CONSEQUENCES IN THE ABSENCE OF 18 NOTARIZATION OR ACKNOWLEDGMENT, THE LAW IS SATISFIED WITH 19 RESPECT TO AN ELECTRONIC SIGNATURE IF A SECURITY PROCEDURE WAS 20 APPLIED WHICH ESTABLISHES THE IDENTITY OF THE PERSON SIGNING THE 21 ELECTRONIC RECORD AND THAT THE ELECTRONIC RECORD HAS NOT BEEN 22 ALTERED SINCE IT WAS ELECTRONICALLY SIGNED. 23 SECTION 111. RETENTION OF ELECTRONIC RECORDS AND ORIGINALS. 24 (A) GENERAL RULE.--IF A LAW REQUIRES THAT CERTAIN RECORDS BE 25 RETAINED, THAT REQUIREMENT IS MET BY RETAINING AN ELECTRONIC 26 RECORD OF THE INFORMATION IN THE RECORD, IF THE ELECTRONIC 27 RECORD REFLECTS ACCURATELY THE INFORMATION SET FORTH IN THE 28 RECORD AFTER IT WAS FIRST GENERATED IN ITS FINAL FORM AS AN 29 ELECTRONIC RECORD OR OTHERWISE, AND THE ELECTRONIC RECORD 30 REMAINS ACCESSIBLE FOR LATER REFERENCE. 19990S0555B1182 - 33 -
1 (B) EXCEPTION.--A REQUIREMENT TO RETAIN RECORDS IN 2 ACCORDANCE WITH SUBSECTION (A) DOES NOT APPLY TO ANY INFORMATION 3 WHOSE SOLE PURPOSE IS TO ENABLE THE RECORD TO BE SENT OR 4 RECEIVED. 5 (C) SERVICES OF OTHER PERSON.--A PERSON SATISFIES SUBSECTION 6 (A) BY USING THE SERVICES OF ANY OTHER PERSON IF THE CONDITIONS 7 SET FORTH IN SUBSECTION (A) ARE MET. 8 (D) ORIGINAL FORM REQUIREMENT.--IF A LAW REQUIRES A RECORD 9 TO BE PRESENTED OR RETAINED IN ITS ORIGINAL FORM OR PROVIDES 10 CONSEQUENCES IF THE RECORD IS NOT PRESENTED OR RETAINED IN ITS 11 ORIGINAL FORM, THAT LAW IS SATISFIED BY AN ELECTRONIC RECORD 12 RETAINED IN ACCORDANCE WITH SUBSECTION (A). 13 (E) RETENTION REQUIREMENT.--A RECORD RETAINED AS AN 14 ELECTRONIC RECORD IN ACCORDANCE WITH SUBSECTION (A) SATISFIES 15 LAWS REQUIRING A PERSON TO RETAIN RECORDS FOR EVIDENTIARY, AUDIT 16 OR LIKE PURPOSES, UNLESS A LAW PROMULGATED AFTER THE EFFECTIVE 17 DATE OF THIS ACT SPECIFICALLY PROHIBITS THE USE OF AN ELECTRONIC 18 RECORD FOR A SPECIFIED PURPOSE. 19 (F) ADDITIONAL REQUIREMENTS.--THIS SECTION DOES NOT PRECLUDE 20 A GOVERNMENTAL AGENCY FROM SPECIFYING ADDITIONAL REQUIREMENTS 21 FOR THE RETENTION OF RECORDS, EITHER WRITTEN OR ELECTRONIC, 22 SUBJECT TO THE AGENCY'S JURISDICTION. 23 SECTION 112. ADMISSIBILITY IN EVIDENCE. 24 (A) GENERAL RULE.--IN A LEGAL PROCEEDING, EVIDENCE OF AN 25 ELECTRONIC RECORD OR ELECTRONIC SIGNATURE MAY NOT BE EXCLUDED 26 BECAUSE OF ANY OF THE FOLLOWING REASONS: 27 (1) IT IS AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE. 28 (2) IT IS NOT AN ORIGINAL OR IS NOT IN ITS ORIGINAL 29 FORM. 30 (B) FACTS FOR CONSIDERATION.--IN ASSESSING THE PERSUASIVE 19990S0555B1182 - 34 -
1 EFFECT OF AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE, THE 2 TRIER OF FACT SHALL CONSIDER THE MANNER IN WHICH THE ELECTRONIC 3 RECORD OR ELECTRONIC SIGNATURE WAS GENERATED, STORED, 4 COMMUNICATED OR RETRIEVED, THE RELIABILITY OF THE MANNER IN 5 WHICH THE INTEGRITY OF THE ELECTRONIC RECORD OR ELECTRONIC 6 SIGNATURE WAS MAINTAINED, THE MANNER IN WHICH ITS ORIGINATOR WAS 7 IDENTIFIED OR THE ELECTRONIC RECORD WAS SIGNED, AND ANY OTHER 8 RELEVANT CIRCUMSTANCES. 9 SECTION 113. FORMATION OF CONTRACT. 10 (A) GENERAL RULE.--IF AN OFFER IN AN ELECTRONIC RECORD 11 INITIATED BY A PERSON, OR BY ITS ELECTRONIC AGENT, EVOKES AN 12 ELECTRONIC RECORD IN RESPONSE, A CONTRACT IS FORMED IN THE SAME 13 MANNER AND WITH THE SAME EFFECT AS IF THE ELECTRONIC RECORDS 14 WERE NOT ELECTRONIC, EXCEPT THAT A CONTRACT IS FORMED, IF AT 15 ALL: 16 (1) WHEN AN ACCEPTANCE IS RECEIVED; OR 17 (2) IF THE RESPONSE CONSISTS OF ELECTRONIC PERFORMANCE 18 OF THE REQUESTED CONSIDERATION IN WHOLE OR IN PART, WHEN THE 19 REQUESTED CONSIDERATION, TO BE PERFORMED ELECTRONICALLY, IS 20 RECEIVED, UNLESS THE OFFER PROHIBITED THAT FORM OF RESPONSE. 21 (B) ADDITIONAL RULES.--IN AN AUTOMATED TRANSACTION, THE 22 FOLLOWING RULES APPLY: 23 (1) A CONTRACT MAY BE FORMED BY THE INTERACTION OF 24 ELECTRONIC AGENTS OF THE PARTIES, EVEN IF NO INDIVIDUAL WAS 25 AWARE OF OR REVIEWED THE ELECTRONIC AGENTS' ACTIONS OR THE 26 RESULTING TERMS AND AGREEMENTS. 27 (2) A CONTRACT MAY BE FORMED BY THE INTERACTION OF A 28 PERSON'S ELECTRONIC AGENT AND AN INDIVIDUAL, INCLUDING BY AN 29 INTERACTION IN WHICH THE INDIVIDUAL PERFORMS ACTIONS THAT IT 30 IS FREE TO REFUSE TO PERFORM AND THAT IT KNOWS OR HAS REASON 19990S0555B1182 - 35 -
1 TO KNOW WILL CAUSE THE ELECTRONIC AGENT TO COMPLETE THE 2 TRANSACTION OR PERFORMANCE. 3 (C) SUBSTANTIVE LAW.--THE TERMS OF A CONTRACT ARE DETERMINED 4 BY THE SUBSTANTIVE LAW APPLICABLE TO THE PARTICULAR CONTRACT. 5 SECTION 114. TIME AND PLACE OF SENDING AND RECEIPT. 6 (A) SENDING.--UNLESS OTHERWISE AGREED BETWEEN THE SENDER AND 7 THE RECIPIENT, AN ELECTRONIC RECORD IS SENT WHEN THE INFORMATION 8 IS ADDRESSED OR OTHERWISE DIRECTED PROPERLY TO THE RECIPIENT AND 9 ENTERS AN INFORMATION PROCESSING SYSTEM OUTSIDE THE CONTROL OF 10 THE SENDER OR OF A PERSON THAT SENT THE ELECTRONIC RECORD ON 11 BEHALF OF THE SENDER. 12 (B) RECEIPT.--UNLESS OTHERWISE AGREED BETWEEN THE SENDER AND 13 THE RECIPIENT, AN ELECTRONIC RECORD IS RECEIVED WHEN THE 14 ELECTRONIC RECORD ENTERS AN INFORMATION PROCESSING SYSTEM THAT 15 THE RECIPIENT HAS DESIGNATED OR USES FOR THE PURPOSE OF 16 RECEIVING ELECTRONIC RECORDS OR INFORMATION OF THE TYPE SENT, IN 17 A FORM CAPABLE OF BEING PROCESSED BY THAT SYSTEM, AND FROM WHICH 18 THE RECIPIENT IS ABLE TO RETRIEVE THE ELECTRONIC RECORD. 19 (C) APPLICATION OF SUBSECTION (B).--SUBSECTION (B) APPLIES 20 EVEN IF THE PLACE THE INFORMATION PROCESSING SYSTEM IS LOCATED 21 IS DIFFERENT FROM THE PLACE THE ELECTRONIC RECORD IS CONSIDERED 22 TO BE RECEIVED UNDER SUBSECTION (D). 23 (D) PLACE OF SENDING AND OF RECEIPT.--UNLESS OTHERWISE 24 EXPRESSLY PROVIDED IN THE ELECTRONIC RECORD OR AGREED BETWEEN 25 THE SENDER AND THE RECIPIENT, AN ELECTRONIC RECORD IS DEEMED TO 26 BE SENT FROM THE SENDER'S PLACE OF BUSINESS AND IS DEEMED TO BE 27 RECEIVED AT THE RECIPIENT'S PLACE OF BUSINESS. FOR THE PURPOSES 28 OF THIS SUBSECTION, THE FOLLOWING RULES APPLY: 29 (1) IF THE SENDER OR RECIPIENT HAS MORE THAN ONE PLACE 30 OF BUSINESS, THE PLACE OF BUSINESS OF THAT PERSON IS THAT 19990S0555B1182 - 36 -
1 WHICH HAS THE CLOSEST RELATIONSHIP TO THE UNDERLYING 2 TRANSACTION. 3 (2) IF THE SENDER OR THE RECIPIENT DOES NOT HAVE A PLACE 4 OF BUSINESS, THE PLACE OF BUSINESS IS THE SENDER'S OR 5 RECIPIENT'S RESIDENCE, AS THE CASE MAY BE. 6 (E) RECORD EFFECTIVE ON RECEIPT.--AN ELECTRONIC RECORD IS 7 EFFECTIVE WHEN RECEIVED EVEN IF NO INDIVIDUAL IS AWARE OF ITS 8 RECEIPT. 9 (F) ACKNOWLEDGMENT.--RECEIPT OF AN ELECTRONIC ACKNOWLEDGMENT 10 ESTABLISHES THAT A RECORD WAS RECEIVED BUT, IN ITSELF, DOES NOT 11 ESTABLISH THAT THE CONTENT SENT CORRESPONDS TO THE CONTENT 12 RECEIVED. 13 SECTION 115. TRANSFERABLE RECORDS. 14 (A) CONTROL OF RECORD.--A PERSON HAS CONTROL OF A 15 TRANSFERABLE RECORD IF THE RECORD OR RECORDS COMPRISING THE 16 TRANSFERABLE RECORD ARE CREATED, STORED AND ASSIGNED IN SUCH A 17 MANNER THAT: 18 (1) A SINGLE AUTHORITATIVE COPY OF THE RECORD OR RECORDS 19 EXISTS WHICH IS UNIQUE, IDENTIFIABLE AND, EXCEPT AS OTHERWISE 20 PROVIDED IN PARAGRAPHS (4), (5), AND (6), UNALTERABLE; 21 (2) THE AUTHORITATIVE COPY IDENTIFIES THE PERSON 22 ASSERTING CONTROL AS THE ASSIGNEE OF THE RECORD OR RECORDS; 23 (3) THE AUTHORITATIVE COPY IS COMMUNICATED TO AND 24 MAINTAINED BY THE PERSON ASSERTING CONTROL OR ITS DESIGNATED 25 CUSTODIAN; 26 (4) COPIES OR REVISIONS THAT ADD OR CHANGE AN IDENTIFIED 27 ASSIGNEE OF THE AUTHORITATIVE COPY CAN BE MADE ONLY WITH THE 28 CONSENT OF THE PERSON ASSERTING CONTROL; 29 (5) EACH COPY OF THE AUTHORITATIVE COPY AND ANY COPY OF 30 A COPY IS READILY IDENTIFIABLE AS A COPY THAT IS NOT THE 19990S0555B1182 - 37 -
1 AUTHORITATIVE COPY; AND 2 (6) ANY REVISION OF THE AUTHORITATIVE COPY IS READILY 3 IDENTIFIABLE AS AN AUTHORIZED OR UNAUTHORIZED REVISION. 4 (B) RIGHTS OF PERSON IN CONTROL OF RECORD.--EXCEPT AS 5 OTHERWISE PROVIDED IN SUBSECTION (D), THE FOLLOWING RULES APPLY 6 IN DETERMINING THE RIGHTS OF A PERSON IN CONTROL OF A 7 TRANSFERABLE RECORD: 8 (1) IF A PERSON ACQUIRES CONTROL OF A TRANSFERABLE 9 RECORD THE PERSON HAS THE RIGHTS WITH RESPECT TO THE RECORD 10 THAT A HOLDER OF A NOTE WOULD HAVE IF THE RECORD WERE A NOTE. 11 (2) IF THE PERSON ACQUIRES CONTROL IN A MANNER 12 CONSISTENT WITH SECTION 3302(A) OF THE UNIFORM COMMERCIAL 13 CODE (13 PA.C.S. § 101 ET SEQ.), THE PERSON HAS THE RIGHTS 14 WITH RESPECT TO THE RECORD THAT A HOLDER IN DUE COURSE OF A 15 NOTE WOULD HAVE IF THE RECORD WERE A NOTE. 16 (3) IF THE PERSON ACQUIRES CONTROL IN A MANNER 17 CONSISTENT WITH SECTION 9308 OF THE UNIFORM COMMERCIAL CODE 18 (13 PA.C.S. § 101 ET SEQ.), THE PERSON HAS THE RIGHTS WITH 19 RESPECT TO THE RECORD THAT A PURCHASER IN POSSESSION OF A 20 NOTE WOULD HAVE IF THE RECORD WERE A NOTE. 21 (4) NOTHING IN PARAGRAPH (1), (2) OR (3) REQUIRES A 22 PERSON TO RECEIVE DELIVERY, POSSESSION OR ENDORSEMENT OF AN 23 ELECTRONIC RECORD IN ORDER TO OBTAIN THE RIGHTS AVAILABLE 24 UNDER THOSE PARAGRAPHS. 25 (C) RIGHTS AND DEFENSES OF OBLIGOR.--THE FOLLOWING RULES 26 APPLY IN DETERMINING THE RIGHTS AND DEFENSES OF A PERSON WHO IS 27 AN OBLIGOR UNDER A TRANSFERABLE RECORD: 28 (1) THE OBLIGOR HAS THE RIGHTS AND DEFENSES WITH RESPECT 29 TO THE RECORD THAT A MAKER OF A NOTE WOULD HAVE IF THE RECORD 30 WERE A NOTE. 19990S0555B1182 - 38 -
1 (2) THE PERSON OBTAINING PAYMENT UNDER THE TRANSFERABLE 2 RECORD AND A PRIOR TRANSFEROR OF THE TRANSFERABLE RECORD 3 WARRANT TO THE OBLIGOR MAKING PAYMENT IN GOOD FAITH, THAT THE 4 WARRANTOR IS OR WAS, AT THE TIME THE WARRANTOR TRANSFERRED 5 THE RECORD, THE PERSON ENTITLED TO PAYMENT OF THE RECORD OR 6 AUTHORIZED TO RECEIVE PAYMENT ON BEHALF OF A PERSON ENTITLED 7 TO PAYMENT OF THE RECORD. 8 (D) DISCHARGE OF OBLIGATION.--DISCHARGE OF THE OBLIGATION IS 9 EFFECTIVE AGAINST ANY PERSON IN CONTROL OF THE TRANSFERABLE 10 RECORD IF: 11 (1) THE DISCHARGE IS MADE BY OR ON BEHALF OF THE PERSON 12 IN CONTROL OF THE TRANSFERABLE RECORD AT THE TIME OF THE 13 DISCHARGE; OR 14 (2) THE OBLIGATION WOULD OTHERWISE BE DISCHARGED UNDER 15 THE SUBSTANTIVE LAW APPLICABLE TO THE TRANSACTION. 16 (E) REASONABLE PROOF OF CONTROL.--IF REQUESTED BY THE 17 OBLIGOR UNDER A TRANSFERABLE RECORD, THE PERSON SEEKING TO 18 ENFORCE THE TRANSFERABLE RECORD MUST PROVIDE REASONABLE PROOF 19 THAT THE PERSON IS IN CONTROL OF THE TRANSFERABLE RECORD. PRIOR 20 TO PAYMENT OR PERFORMANCE OF THE OBLIGATION, THE OBLIGOR IS 21 ENTITLED TO ACCESS TO THE AUTHORITATIVE COPY OF THE TRANSFERABLE 22 RECORD AND RELATED BUSINESS RECORDS SUFFICIENT TO REVIEW THE 23 TERMS OF THE TRANSFERABLE RECORD AND ESTABLISH THE IDENTITY OF 24 THE PERSON IN CONTROL OF THE TRANSFERABLE RECORD. 25 CHAPTER 2 26 SECURE ELECTRONIC RECORDS AND SIGNATURES 27 SECTION 201. SECURE ELECTRONIC RECORDS. 28 IF, THROUGH THE APPLICATION OF A SECURITY PROCEDURE, IT CAN 29 BE DEMONSTRATED THAT AN ELECTRONIC RECORD HAS REMAINED UNALTERED 30 SINCE A SPECIFIED TIME, THE RECORD IS A SECURE ELECTRONIC RECORD 19990S0555B1182 - 39 -
1 FROM THAT TIME FORWARD. 2 SECTION 202. SECURE ELECTRONIC SIGNATURES. 3 A SIGNATURE IS A SECURE ELECTRONIC SIGNATURE IF, THROUGH THE 4 APPLICATION OF A SECURITY PROCEDURE, IT CAN BE DEMONSTRATED THAT 5 THE ELECTRONIC SIGNATURE WAS, AT THE TIME IT WAS MADE: 6 (1) UNIQUE TO THE PERSON USING IT; 7 (2) CAPABLE OF VERIFICATION; 8 (3) UNDER THE SOLE CONTROL OF THE PERSON USING IT; AND 9 (4) LINKED TO THE ELECTRONIC RECORD TO WHICH IT RELATES 10 IN A MANNER SUCH THAT IF THE RECORD WAS CHANGED THE 11 ELECTRONIC SIGNATURE WOULD BE INVALIDATED. 12 SECTION 203. PRESUMPTIONS. 13 (A) SECURE ELECTRONIC RECORD.--WITH RESPECT TO A SECURE 14 ELECTRONIC RECORD, THERE IS A REBUTTABLE PRESUMPTION THAT THE 15 ELECTRONIC RECORD HAS NOT BEEN ALTERED SINCE THE SPECIFIC TIME 16 TO WHICH THE SECURE STATUS RELATES. 17 (B) SECURE ELECTRONIC SIGNATURE.--WITH RESPECT TO A SECURE 18 ELECTRONIC SIGNATURE THERE IS A REBUTTABLE PRESUMPTION THAT THE 19 SECURE ELECTRONIC SIGNATURE IS THE ELECTRONIC SIGNATURE OF THE 20 PARTY TO WHOM IT RELATES. 21 (C) NONSECURE RECORDS AND SIGNATURES.--IN THE ABSENCE OF A 22 SECURE ELECTRONIC RECORD OR A SECURE ELECTRONIC SIGNATURE, THIS 23 ACT DOES NOT CREATE ANY PRESUMPTION REGARDING THE AUTHENTICITY 24 AND INTEGRITY OF AN ELECTRONIC RECORD OR AN ELECTRONIC 25 SIGNATURE. 26 (D) NO PRESUMPTION IF CONSUMER IS A PARTY.--NO PRESUMPTION 27 IS CREATED UNDER THIS CHAPTER IF A CONSUMER IS A PARTY TO THE 28 TRANSACTION. 29 CHAPTER 3 30 GOVERNMENTAL ELECTRONIC RECORDS 19990S0555B1182 - 40 -
1 SECTION 301. CREATION AND RETENTION OF ELECTRONIC RECORDS; 2 CONVERSION OF WRITTEN RECORDS. 3 EACH COMMONWEALTH AGENCY SHALL DETERMINE IF, AND THE EXTENT 4 TO WHICH, IT WILL CREATE AND RETAIN ELECTRONIC RECORDS AND 5 CONVERT WRITTEN RECORDS TO ELECTRONIC RECORDS. EXECUTIVE 6 AGENCIES MUST ALSO COMPLY WITH STANDARDS PUBLISHED BY THE OFFICE 7 OF ADMINISTRATION. 8 SECTION 302. SENDING AND ACCEPTING ELECTRONIC RECORDS. 9 (A) GENERAL RULES.-- 10 (1) EXCEPT AS OTHERWISE PROVIDED IN SECTION 111(E), EACH 11 GOVERNMENTAL AGENCY SHALL DETERMINE WHETHER, AND THE EXTENT 12 TO WHICH, IT WILL SEND AND ACCEPT ELECTRONIC RECORDS AND 13 ELECTRONIC SIGNATURES TO AND FROM OTHER PERSONS, AND 14 OTHERWISE CREATE, USE, STORE AND RELY UPON ELECTRONIC RECORDS 15 AND ELECTRONIC SIGNATURES. 16 (2) EXECUTIVE AGENCIES MUST ALSO COMPLY WITH ANY 17 STANDARDS PUBLISHED BY THE GOVERNOR'S OFFICE OF 18 ADMINISTRATION. 19 (B) ADDITIONAL REQUIREMENTS.--IN A CASE GOVERNED BY 20 SUBSECTION (A), THE GOVERNMENTAL AGENCY, GIVING DUE 21 CONSIDERATION TO SECURITY, SHALL SPECIFY THE FOLLOWING: 22 (1) THE MANNER AND FORMAT IN WHICH THE ELECTRONIC 23 RECORDS MUST BE CREATED, SENT, RECEIVED AND STORED. 24 (2) IF ELECTRONIC RECORDS MUST BE ELECTRONICALLY SIGNED, 25 THE TYPE OF ELECTRONIC SIGNATURE REQUIRED, THE MANNER AND 26 FORMAT IN WHICH THE ELECTRONIC SIGNATURE MUST BE AFFIXED TO 27 THE ELECTRONIC RECORD, AND THE IDENTITY OF, OR CRITERIA THAT 28 MUST BE MET BY, ANY THIRD PARTY USED BY A PERSON FILING A 29 DOCUMENT TO FACILITATE THE PROCESS. 30 (3) CONTROL PROCESSES AND PROCEDURES APPROPRIATE TO 19990S0555B1182 - 41 -
1 ENSURE ADEQUATE PRESERVATION, DISPOSITION, INTEGRITY, 2 SECURITY, CONFIDENTIALITY AND AUDITABILITY OF ELECTRONIC 3 RECORDS. 4 (4) ANY OTHER REQUIRED ATTRIBUTES FOR ELECTRONIC RECORDS 5 WHICH ARE CURRENTLY SPECIFIED FOR CORRESPONDING NONELECTRONIC 6 RECORDS, OR REASONABLY NECESSARY UNDER THE CIRCUMSTANCES. 7 (C) LIMITATION.--EXCEPT AS OTHERWISE PROVIDED IN SECTION 8 111(E), THIS ACT DOES NOT REQUIRE ANY GOVERNMENTAL AGENCY OF THE 9 COMMONWEALTH TO USE OR PERMIT THE USE OF ELECTRONIC RECORDS OR 10 ELECTRONIC SIGNATURES. 11 SECTION 303. INTEROPERABILITY. 12 STANDARDS ADOPTED BY A GOVERNMENTAL AGENCY UNDER SECTION 302 13 SHOULD ENCOURAGE AND PROMOTE CONSISTENCY AND INTEROPERABILITY 14 WITH SIMILAR REQUIREMENTS ADOPTED BY OTHER GOVERNMENTAL AGENCIES 15 OF THIS AND OTHER STATES AND THE FEDERAL GOVERNMENT, AND 16 NONGOVERNMENTAL PERSONS INTERACTING WITH GOVERNMENTAL AGENCIES 17 OF THE COMMONWEALTH. 18 CHAPTER 4 19 MISCELLANEOUS PROVISIONS 20 SECTION 401. SEVERABILITY. 21 THE PROVISIONS OF THIS ACT ARE SEVERABLE. IF ANY PROVISION OF 22 THIS ACT OR ITS APPLICATION TO ANY PERSON OR CIRCUMSTANCE IS 23 HELD INVALID, THE INVALIDITY SHALL NOT AFFECT OTHER PROVISIONS 24 OR APPLICATIONS OF THIS ACT WHICH CAN BE GIVEN EFFECT WITHOUT 25 THE INVALID PROVISION OR APPLICATION. 26 SECTION 402. EFFECTIVE DATE. 27 THIS ACT SHALL TAKE EFFECT IN 30 DAYS. B18L12DMS/19990S0555B1182 - 42 -