[Ord. No. 2891 §§1 —
3, 4-5-2016]
The purpose of this policy is to establish requirements for
using electronic records and electronic signatures in the transaction
of official City business.
[Ord. No. 2891 §§1 —
3, 4-5-2016]
This policy applies to all City employees and governs use of
electronic records, signatures and seals used to conduct official
City business. Such business shall include, but not be limited to:
electronic communications, transactions and other official purposes.
[Ord. No. 2891 §§1 —
3, 4-5-2016]
A.
The following Federal and State laws give electronic records and
signatures the same legal status as paper records and signatures:
1.
Uniform Electronic Transactions Act (UETA) in Missouri (Sections
432.200 to 432.295, RSMo.) in 2003.
2.
Electronic Signatures and Global National Commerce Act (E-SIGN)
of 2000.
3.
The State and Local Records Law (Sections 109.200 to 109.310
RSMo.).
5.
Missouri Code of State Regulations, Title 20 — Department
of Insurance, Financial Institutions, and Professional Registration
(20 CSR 2030-3.060. Licensee's Seal).
[Ord. No. 2891 §§1 —
3, 4-5-2016]
A.
It is the City of St. Robert's policy to:
1.
Use electronic records and electronic signatures as allowed
by law, except where written records or signatures are expressly required;
exceptions include:
a.
Contracts involving the City;
b.
Court notices and court orders;
c.
Official court documents, including briefs, pleadings and other
writings requiring execution and connection with court proceedings;
d.
Termination or cancellation of utility services;
e.
Termination or cancellation of health insurance or life insurance
benefits;
f.
Documents dealing with default, acceleration, repossession,
foreclosure, or eviction;
g.
Negotiable instruments and secured transactions;
h.
Wills, codicils, and testamentary trusts;
i.
Product recalls or material product failures that risk endangering
health or safety; and
j.
Documents required by law to accompany transportation or handling
of hazardous materials, pesticides, or other toxic or dangerous materials.
2.
Use electronic seals as allowed by law, as long as they provide
the ability to authenticate the document, originator and to verify
that it is unaltered.
3.
Provide reasonable assurance that electronic records, electronic
signatures and associated metadata will remain accessible for the
full retention.
4.
Recognize that there is no agreement and no contract in a contractual
setting unless all parties agree that an electronic format is acceptable.
5.
Insurer an electronic transaction occurs in the manner specified
by law and contains any specified elements required by law.
[Ord. No. 2891 §§1 —
3, 4-5-2016]
The automatic identification of a person based on their physical
characteristics, such as a thumbprint or retina scan.
The comparison of physical signature characteristics, typically
speed and pressure of the signature, to a previously provided and
stored sample.
An electronic document attached to a public key by a trusted
certificate authority, which provides proof that the public key belongs
to a legitimate subscriber and has not been compromised.
An entity that issues digital certificates to certify the
ownership of a public key by the named subject of the certificate.
Any signature method that does not use a specific technology
to increase the security, authenticity, or evidentiary value of a
signature.
A digital certificate, also known as a public key certificate,
can be used to verify that a public key belongs to an individual.
It is an electronic document that uses a digital signature to bind
together a public key with an identity-information such as the name
of a person or an organization, their address, etc.
A specific type of electronic signature that employs signer
verification and encryption technology to make it unreadable to anyone
except those possessing special knowledge, usually referred to as
a key.
Relates to technology having electrical, digital, magnetic,
wireless, optical, electromagnetic or similar capabilities.
Any information that is recorded in a form that only a computer
can process and that satisfies the operative definition of "record."
Any electronic method of signing a computer-processible record.
A physical likeness of an individual signature applied electronically
and bound to the content via cryptographic technology.
The integrity of a record refers to its being complete and
unaltered.
Data about the data; the description of the data resources,
its characteristics, location, usage, etc. Metadata is used to identify,
describe and define user data.
PKI supports the application of digital signature technology.
It is a set of hardware, software, people, policies and procedures
needed to create, manage, distribute, use, store and revoke digital
certificates.
Any document, book, paper, photograph, map, sound recording
or other material, regardless of physical form or characteristics,
made or received pursuant to law or in connection with the transaction
of official business (Section 109.210.5 RSMo.).
A listing and description of the record series maintained
by all or part of an organization, prescribing the period of time
that each series is to be maintained after no longer needed for current
business.
The length of time a record series is to be kept after no
longer needed for current business.
An action or set of actions occurring between two (2) or
more persons relating to the conduct of business, commercial or governmental
affairs.
[Ord. No. 2891 §§1 —
3, 4-5-2016]
A.
Any person or entity using electronic records and signatures to conduct
official City business shall:
1.
Only use electronic signatures for appropriate business purposes;
2.
Adhere to requirements set forth by the City of St. Robert;
3.
Protect and not disclose or make available their digital signature,
private key or password to other persons;
4.
Comply with requirements of professional governing boards with
regards to electronic signatures, electronic seals and electronic
notarizations; and
5.
Report any suspected or fraudulent use of signatures immediately.
B.
The Department of Information Technologies (IT) is responsible for
establishing and managing a Public Key Infrastructure (PKI) and corresponding
procedures.
A.
B.
How to choose an electronic signature:
1.
Be familiar with the City's policy and procedures for using
electronic signatures, including the Electronic Records and Signature
Policy.
2.
Understand when electronic signatures cannot be used (see Section 155.040(A)(1) for a complete list of exceptions).
3.
Do a cost-benefit analysis to evaluate current business processes
to determine if electronic signature technology is required.
4.
Do a risk assessment to help decide whether electronic signatures
are feasible and, if so, what type of electronic signature is needed.
5.
Consult with the IT Department for technical questions and for
assistance in choosing the right PKI digital signature technology,
if needed.
6.
Always protect and do not disclose or make available a digital
signature private key or password to others.
7.
Notify the IT Department when individual or entities are no
longer authorized to conduct electronic business so that IT can maintain
accurate revocation information.
8.
Document electronic signature processes and coordinate them
with Records and Information Management (RIM) and IT Department policies
and procedures.
C.
Retain electronically signed records and associated metadata according
to approved records retention schedules.
1.
Electronically signed records must contain the following minimum
information so the entire record and associated metadata can be reproduced
in an arrangement that permits the person viewing or printing it to
verify:
[Ord. No. 2891 §§1 —
3, 4-5-2016]
A.
Missouri Records Retention Policy.
B.
Uniform Electronic Transactions Act (UETA) in Missouri (Sections
432.200 to 432.295 RSMo.) in 2003.
C.
Electronic Signatures and Global National Commerce Act (E-SIGN) of
2000.
D.
The State and Local Records Law (Sections 109.200 to 109.310 RSMo.).
F.
Missouri Code of State Regulations, Title 20 - Department Of Insurance,
Financial Institutions, and Professional Registration (20 CSR 2030-3.060.
Licensee's Seal).