Beyond ESIGN: Evidentiary Issues – Record Retention

Compliance with the e-signature laws is a very basic step in defining an electronic transaction system. Like paper documents, electronically signed documents can become the subject of a dispute. The facts surrounding the signature process must provide enough proof to uphold the transaction in the event of repudiation of an electronically executed contract. Compliance with ESIGN is necessary, but not sufficient. Proper record retention is important in the event of a electronically executed contract dispute.

Record Retention

While UETA and ESIGN impose some requirements regarding the retention of electronic records, evidentiary rules and risk mitigation policies require that storage and management of electronic records be given strong consideration. 

For electronic records to be enforceable, comply with legal “writing” requirements, satisfy record retention requirements and potentially constitute admissible evidence, the system used to retain the electronic records must protect the stored records’ accuracy and accessibility in a commercially reasonable manner. 

The storage system should provide appropriate controls for the physical (e.g. data storage facility) and logical (e.g. computer system) storage environment. Appropriate steps include:

• Training personnel,
• Creating a data security plan or policy for segregation of employee duties, access controls, etc.,
• Implementing physical controls (such as data center security and backup power),
• Documenting and testing disaster recovery plans,
• Planning for system upgrades, and
• Implementing network controls such as audit logs and anti-intrusion software and software integrity checking. 

The technical environment should provide network controls, hardware controls and software controls with sufficient protection for the stored records.

The type of controls that are required will vary depending on the types and value of transactions evidenced by the stored records, the value or importance of the information contained in the records, whether laws or regulations protect the confidentiality of the information stored in the records, and the impact of the loss, destruction or theft of these records.

Additionally, some records may be stored on behalf of the record owner by third parties. These arrangements may provide benefits, such as economies of scale, the ability to avoid capital investments in storage systems, and the availability of a disinterested third party to independently produce true copies of the records and authenticate them as such. Outsourcing record retention functions to third parties may require that the record owner conduct due diligence to identify and select an appropriate third party provider, create a clear contract that outlines the record manager’s responsibilities (which may include storing records in a manner that satisfied legal or regulatory requirements) and continual oversight to protect the integrity of the records stored in the vendor’s facilities.

By providing electronic signature and online contract execution as a service (SaaS), DocuSign scales with its customers so they don’t have to make the capital investments for data storage. As a disinterested third party, DocuSign can provide verifiable “true” copies of records, authenticating them for use as evidence while helping users satisfy their legal requirements.