The Electronic Signature Regulations where made under the Electronic Communications Act of 2000.
The Electronic Communications Act was passed in June 2000 and parts of it came into force the following month. The Act deals with the legal recognition of electronic signatures and the process under which they are verified, generated or communicated, and the removal of obstacles in other legislation to the use of electronic communication and storage in place of paper.
CSPs are businesses that issue certificates in support of electronic signatures.
The certificate links signature verification data to a person and confirms the identity of that person. Under the regulations, the Secretary of State is given the duty of reviewing CSP activities and setting up a register of those CSPs that issue qualified certificates (a certificate meeting certain criteria) to the public.
The Regulations also impose liability on CSPs to the extent that they either issue or guarantee qualified certificates to the public. In such circumstances, a CSP is liable to anybody relying on the certificate for, among other things, the accuracy of the information contained within the certificate at the time of issue.
CSPs established in the UK are now bound by a data protection rule which provides that personal data may only be obtained directly from the data subject for the purpose of issuing or maintaining the certificate or, if obtained indirectly, only with the explicit consent of the data subject.
The personal data must only be processed insofar as it is absolutely necessary for the issuing and maintaining of the certificate or if the data subject has explicitly agreed other purposes than the purpose for which consent has been given.
- Court: Judges can demand warrant for phone locales (sfgate.com)
- US Top Ten Bank Moves to Error-Free Signing of Consumer and Small Business Loans with Silanis e-Signatures (prweb.com)
- Citadel Insurance Services Goes Green with DocuSign Electronic Signature Services (eon.businesswire.com)