The URL can be used to link to this page

Home My WebLink AboutE-08 Staff Report - Administrative Electronic Signature Use PolicyCONSENT ITEM E-8 TO: HONORABLE MAYOR, MEMBERS OF THE CITY COUNCIL VIA: TROY L. BUTZLAFF, ICMA-CM, CITY MANAGER FROM: ADRIAN GARCIA, CMC, CHIEF DEPUTY CITY CLERK DATE: JUNE 19, 2017 SUBJECT: ADOPT RESOLUTION APPROVING AN ADMINISTRATIVE REGULATION RELATED TO ELECTRONIC SIGNATURE USE POLICY REGULATING THE ACCEPTANCE OF ELECTRONIC SIGNATURES AND ELECTRONIC OR ELECTRONICALLY SIGNED RECORDS SUMMARY: The City seeks to implement an administrative regulation for the use and acceptance of electronic signatures, as well as for the authentication, maintenance, and preservation of electronically signed records, electronic records, and other electronic information submitted to and accepted by the City from the public. Use of electronic signatures will move the City another step closer to instantaneous communication with the public by further improving the manner and speed with which the City communicates and conducts business. While the use of electronic information will continue to evolve, the City has identified acceptable forms of secure electronic signatures and electronically signed records and has developed this Policy to encourage their use and acceptance. The proposed action adopts Resolution No. 2017-XX, approving an Administrative Regulation Regarding Electronic Signatures and Electronic Records. RECOMMENDATION: Staff recommends that the City Council take the following action: 1) Adopt Resolution No. 2017-C47, approving an Administrative Regulation related to Electronic Signature Use regulating the Acceptance of Electronic Signatures and Electronic or Electronically Signed Records. BACKGROUND: The general legal framework for the use of electronic signatures on electronic records has been in place for over a decade. In 1999, California adopted a version of the Uniform Electronic Transactions Act (UETA), guaranteeing that electronic signatures would have the same legal effect as a “wet” or manual signature. (Civ. Code §§ 1633.1-1633.17.) In 2000, Congress passed APPROVED CITY COUNCIL 6/19/2017 Administrative Electronic Signature Use Policy June 19, 2017 Page 2 the Electronic Signatures in Global and National Commerce Act (E -SIGN Act), mandated the same treatment of electronic signatures in interstate or foreign commerce (15 U.S.C. 7001.). At a fundamental level, an electronic signature is any electronic symbol that represents an individual’s acceptance or adoption of a statement or transaction. Thus, an electronic signature may be as simple as typing a name or checking a box. The benefits of electronic signatures are simple and numerous: they cut down on the paper, time, and cost associated with transmitting and approving physical documents, and they can offer an easily accessible audit trail of when documents were modified and when they were signed. Staff has drafted an administrative regulation regarding the use of electronic signatures on City documents. Specifically, this regulation will: (1) establish that electronic signatures shall be effective on City documents so long as certain guidelines regarding the security and integrity of electronic signatures are met; (2) authorize the City Manager or designate to determine the particular technologies or vendors that presumptively satisfy these guidelines; and (3) authorize the City Manager or designate to determine the level of security required for various types of documents. Staff believes that this administrative regulation strikes a balance between flexibility and the need for signature security and integrity. FISCAL IMPACT: There is no fiscal impact associated with the recommended actions. Prepared by: Reviewed and Approved: Adrian Garcia, CMC Louie F. Lacasella Chief Deputy City Clerk Management Analyst Reviewed and Approved: Troy L. Butzlaff, ICMA-CM City Manager Attachments: 1) Resolution No. 2017-C47 2) Administrative Regulation related to Electronic Signature Use regulating the Acceptance of Electronic Signatures and Electronic or Electronically Signed Records RESOLUTION NO. 2017-C47 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF AZUSA, ADOPTING A POLICY REGARDING ELECTRONIC SIGNATURES AND ELECTRONIC RECORDS WHEREAS, the City of Azusa, California (the “City”) is a municipal corporation, duly organized under the constitution and laws of the State of California; and WHEREAS, pursuant to Chapter 2 of the Azusa Municipal Code, the City regulates the administration of the business of the City through and on behalf of the City Council of the City of Azusa (the “City Council”); and WHEREAS, in 1999, California adopted a version of the Uniform Electronic Transactions Act (UETA) in Civil Code sections 1633.1-1633.17, giving electronic signatures the same legal effect as manual or “wet” signatures ; and WHEREAS, in 2000, the United States Congress passed the Electronic Signatures in Global and National Commerce Act (E-SIGN Act), mandating the same treatment of electronic signatures and manual signatures in interstate or foreign commerce (15 U.S.C. 7001); and WHEREAS, in 1995, before the UETA or the E-SIGN Act, California passed Government Code section 16.5, authorizing public entities to accept “digital signatures” if they complied with stringent verification procedures that involve advanced technologies and likely would be overly burdensome for many individuals and groups that have only occasional interaction with the City. The Secretary of State adopted digital signature regulations in 1998, but these regulations have not been updated in almost 20 years (2 C.C.R. 22000 et seq.); and WHEREAS, while Government Code section 16.5 and the Secretary of State’s regulations set requirements for the use of digital signatures, they do not govern or limit the City’s ability to use or accept electronic signatures as a municipal affair; and WHEREAS, the use of electronic signatures on legally binding documents has become increasingly prevalent in the private sector but has not yet become widespread among public agencies; and WHEREAS, the benefits of electronic signatures include, but are not limited to, reductions in the paper, time and costs associated with transmitting, approving and executing physical documents; and WHEREAS, an electronic signature is an electronic symbol affixed to a document that represents an individual’s acceptance or adoption of a statement or transaction ; and WHEREAS, electronic signature technologies have developed to address concerns with verifying the identity of the person aff ixing his or her electronic signature; and WHEREAS, the proposed Resolution would provide assurance that electronic signatures meeting certain security criteria would be effective on documents created or accepted by the City, notwithstanding the fact that they do not involve the advanced technologies required in the Secretary of State’s digital signature regulations; and WHEREAS, the proposed Resolution would enable the City to use electronic signatures on electronic records provided the electronic signature is in accordance with the UETA; and WHEREAS, the proposed Resolution would codify the City’s policy on electronic signatures and delegation of electronic signature authority, while enabling the City Manager to adopt additional administrative policies and procedures to operationalize the use of electronic signatures; and WHEREAS, the City Council finds that the use of electronic signatures will allow the City to collect and preserve signatures on documents quickly and secur ely, will improve efficiency while saving costs of transmitting documents, and will provide for better management of City records; and WHEREAS, the City Council finds that the use of electronic signatures will reduce paper document creation will support the City’s goal of sustainability; and WHEREAS, the City Council determines that the City should embrace the benefits of electronic signatures by codifying a City policy on electronic signatures and further defining the City’s use of electronic signatures in an Administrative Policy and accompanying Procedure; and WHEREAS, all other legal prerequisites to the adoption of this Resolution have occurred. NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF AZUSA, CALIFORNIA DOES HEREBY RESOLVE AS FOLLOWS: SECTION 1. Incorporation of Recitals. The above recitals are true and correct and are incorporated herein by this reference. SECTION 2. The City Council adopts the following policy which shall read as: “ELECTRONIC SIGNATURES AND RECORDS. (1) The following definitions apply to this Policy: (a) “Electronic record” has the same meaning as in Section 1633.2 of the California Civil Code. (b) “Electronic signature” has the same meaning as in Section 1633.2 of the California Civil Code. (c) “Digital signature” has the same meaning as in Secti on 16.5 of the California Government Code. (d) “UETA” means the Uniform Electronic Transactions Act, commencing at Section 1633.1 of the California Civil Code. (2) In any transaction or communication with the City for which the parties have agreed to conduct the transaction or communication by electronic means, the following provisions apply: (a) When a record is required to be in writing, an electronic record satisfies that requirement, if it is in accordance with the UETA. (b) When a signature is required, the parties may agree that either: i. An electronic signature satisfies that requirement, if it is in accordance with the UETA; or ii. A digital signature satisfies that requirement, if it is in accordance with Section 16.5 of the California Government Code. (3) This Policy is intended to enable the City to use electronic records, electronic signatures, and digital signatures to the fullest extent allowed by law, and does not limit the City’s ability to use electronic records, electronic signatures, or digital signatures in any way. All use of electronic records, electronic signatures, and digital signatures by the City shall be in accordance with City administrative policies and procedures, as may be designated and amended from time to time by the City Manager or his or her designee. (4) Any use of electronic records, electronic signatures, and digital signatures by the City that is not in accordance with this Policy and City administrative policies and procedures, or any u nauthorized signing of any contract, record, or other document, shall render such contract, record, or other document invalid as not fully and properly executed by the City. (5) Authority to sign or execute contracts, records, or other documents via electronic signatures or digital signatures may be delegated by the City Manager or other City department heads to designated City staff members. The act of delegation of electronic signature authority by the City Manager or other City department head must be memorialized in writing, including, but not limited to, memorandum, City form, e-mail, or delegation process recorded within electronic signature software.” SECTION 3. CEQA. This Resolution is not a project within the meaning of Section 15378 of the State of California Environmental Quality Act (“CEQA”) Guidelines, because it has no potential for resulting in physical change in the environment, directly or indirectly. The City Council further finds, under Title 14 of the California Code of Regulations, Section 15061(b)(3), that this Resolution is nonetheless exempt from the requirements of CEQA in that the activity is covered by the general rule that CEQA applies only to projects which have the potential for causing a significant effect on the environment. Where it can be seen with certainty that there is no possibility that the activity in question may have a significant effect on the environment, the activity is not subject to CEQA. The City Council, therefore, directs that a Notice of E xemption be filed with the County Clerk of the County of Los Angeles in accordance with CEQA Guidelines. SECTION 4. Custodian of Records. The documents and materials that constitute the record of proceedings on which this Resolution is based are located at the City Clerk’s office located at 213 E. Foothill Blvd., Azusa, CA 917025. The custodian of these records is the City Clerk. SECTION 5. Effective Date. This Resolution shall become effective immediately following its adoption. PASSED, APPROVED AND ADOPTED by the City Council of the City of Azusa, California, at a regular meeting of the City Council held on the ____ day of ___________________, 20___, by the following vote: AYES: NOES: ABSENT: ABSTAIN: City of Azusa ________________________________ Joseph R. Rocha, Mayor ATTEST: ________________________________ Jeffrey Cornejo, City Clerk APPROVED AS TO FORM: BEST BEST & KRIEGER LLP _______________________________ Marco Martinez, City Attorney CERTIFICATION I, Jeffrey Cornejo, City Clerk of the City of Azusa, do hereby certify that the foregoing Resolution No. ____ was duly passed and adopted on the ____ day of _____________, 20___ by the following vote to wit: AYES: NOES: ABSENT: ABSTAIN: ______________________________ Jeffrey Cornejo, City Clerk 45635.01000\29385478.1 -1- City of Azusa Administrative Regulation ELECTRONIC SIGNATURE USE POLICY REGULATING THE ACCEPTANCE OF ELECTRONIC SIGNATURES AND ELECTRONIC OR ELECTRONICALLY SIGNED RECORDS I. Introduction The City of Azusa (“City”) seeks to implement guidelines for the use and acceptance of electronic signatures as well as for the authentication, maintenance, and preservation of electronically signed records, electronic records, and other electronic information submitted to and accepted by the City from the public. Use of electronic signatures will move the City another step closer to instantaneous communication with the public by further improving the manner and speed with which the City communicates and conducts business. While the use of electronic information will continue to evolve, the City has identified acceptable forms of secure electronic signatures and electronically signed records and has developed this Policy to encourage the ir use and acceptance. II. Legal Background Electronic signatures have been incorporated into federal law by the “Electronic Signatures in Global and National Commerce Act” (E-SIGN). California has adopted statutes regarding electronic signatures in the “Uniform Electronic Transactions Act” (UETA) at Section 1633.1 et seq. of the California Civil Code, as well as in the California Public Records Act, at Section 6250 et seq. of the California Government Code. Under California law, the use of electronic signatures is at the option of the parties, including public agencies, involved in the transaction. III. Findings and Declarations A. Electronic signature technology will allow the City to collect and preserve signatures on documents quickly, securely, and efficiently. B. The conditions under which the City will accept electronic signatures on City records or documents are a municipal affair for the City to determine and for which the City may set policy. C. The City has a vital interest in reducing th e waste of paper, increasing the efficient use of public resources, and ensuring the 45635.01000\29385478.1 -2- security and authenticity of electronic records, including electronic signatures. This Policy seeks to mitigate the risks associated with conducting transactions, transmitting information, and maintaining public records that use electronic signatures. IV. Policy Objective The City wishes to provide its residents, businesses, and vendors the opportunity to submit information or transact business with a City agency electronically, when practicable, and to maintain electronically signed records, to the greatest extent practicable. Electronic records and their related electronic signatures that comport with this Policy shall not to be denied legal effect, validity, or enforceability merely because they are in electronic form. This Policy is designed to supplement the City’s current record s management and retention policies. Potential uses of electronic signatures include signing contracts, applications for business permits, internal and external (public facing) forms, and transmitting government records, to name only a few. However, many I nternet applications, including e-mail and common web browsers contain insufficient security protocols that have prevented the City from properly authenticating, recording, maintaining, and preserving information that is transmitted electronically. In the effort to provide the enhanced reliability, confidentiality, and flexibility required to protect high-value commercial transactions, the City has begun developing a set of guidelines for those who wish to submit records or documents and data electronically to the City. The City, whenever possible, shall adopt a non-repudiation approach to protect the reliability, authenticity, integrity, usability, confidentiality, and legitimate use of electronically signed records or documents. This Policy applies to all City agencies and governs all uses of electronic signatures and electronically signed records or documents related to the conduct of the City’s official business. V. Electronic Signature Use Policy A. Policy Statement. This Policy authorizes the use of electronic signatures on City documents while allowing the City to strike a balance between the flexibility desired in transactions and the need for signature security and integrity. Specifically, this Policy establishes that electronic signatures shall be valid and effective on City records and documents so long as certain guidelines regarding the security and integrity of electronic signatures are met; authorizes the City Manager to determine the particular technologies or vendors that presumptively satisfy the guidelines; 45635.01000\29385478.1 -3- and authorizes the City Manager to determine the level of security required for various types of electronic records or documents. B. Policy Goals. The City seeks to achieve the following objectives: 1. To create and maintain documentation of the systems used to create electronically signed records and the electronic signatures they contain; 2. To ensure that records that include electronic signatures are created and maintained in a secure environment that protects the records from unauthorized alteration or destruction; 3. To ensure that electronic signature authentication follows the city’s identity management protocols (i.e. secure network login/password procedures) so that unless an employee is active and in good standing they may not sign an electronic document; 4. To implement standard operating procedures for the creation, use, and management of electronic signatures and electronically signed records, and to maintain adequate written documentation of those procedures; 5. To create and maintain electronic signatures and electronically signed records according to the documented standard operating procedures; and 6. To train public agency staff in the standard operating procedures for electronic signatures and electronically signed records. C. Definitions. 1. An “electronic record” is defined by the UETA as “a record created, generated, sent, communicated, received, o r stored by electronic means.” An electronic record generally contains information or a data file that was created and stored in digitized form through the use of computers, machines, and software applications. The format of an electronic record does not change the fact that it is a record subject to applicable public records laws, but its electronic 45635.01000\29385478.1 -4- form and its dependence on machines for creation and reference do change the way these records must be stored and managed. 2. An “electronic signature” is fundamentally a legal concept. As defined by both the E-SIGN and the UETA, an electronic signature is "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” It is the electronic equivalent of a handwritten, wet, or manual signature on paper, and therefore must have certain characteristics for evidentiary purposes. 3. An “electronically signed record” is a record, file, or document that has been electronically signed by means of an electronic signature and that is related to the conduct of the City’s official business. D. General Rules for Electronic Signatures. 1. Compliance with Policy. City staff will only accept electronic signatures that comply with the requirements of this Electronic Signature Use Policy. 2. General Authorization. In any document accepted by the City in which a signature is required or used, the City Manager may authorize the use of an electronic signature, so long as it complies with the requirements of this Policy. 3. Use Optional. Pursuant to California law, the use of electronic signatures by individuals or entities that wish to conduct business with the City remains optional. This Policy neither limits the right or option to conduct the transaction on paper or in non-electronic form, nor the right to have documents provided or made available on paper. 4. Consent Required. All parties that wish to use electronic signatures shall agree to follow this Policy, shall provide written or electronic consent as to the use of electronic signatures, and shall agree to indemnify the City against any liability associated with transmitting an electronic signature or an electronically signed record by electronic transmission. Consents may be kept on file with the City prior to the sending party transmitting any records or signatures 45635.01000\29385478.1 -5- electronically or may be included in the electronic document as evidence that the signer has accepted this Policy. 5. Characteristics of a Valid Electronic Signature. The use of an electronic signature shall be valid and shall have the same force and effect as the use of a handwritten, wet, or manual signature if: a. The signature is capable of verification (through the electronic document’s metadata); b. The signature is under the sole control of the person using it; and c. The signature is linked to the data contained in the electronically signed record in such a manner that it is readily ascertainable if the data is changed after the signature is applied. 6. Signature Required by City Policy; State or Federal Law. a. Where a City policy requires that any electronic document, photo, record, or other related item have the signature of a responsible person, that requirement is met when the item has associated with it an electronic signature meeting the requirements of this Policy. b. Where California or federal law requires that any electronic document, photo, record, or other related item have the signature of a responsible person, that requirement is met when the item has associated with it an electronic signature meeting the requirements of this Policy and using a signature method which complies with California law or federal law. 7. Acceptable Technologies. The City Manager, with the recommendation of the City Attorney and Information Technology Director, shall determine acceptable electronic signature technologies and vendors under this Policy, and consistent with industry best practices, to ensure that security and integrity of electronic records, electronic data, and electronic signatures. The City Manager, with the recommendation of the City Attorney and Information Technology Director, shall further determine the records or 45635.01000\29385478.1 -6- documents for which the City will accept electronic signatures. 8. Notaries. This Policy shall comport with California Civil Code section 1633.11(a) which states, “If a law requires that a signature be notarized, the requirement is satisfied with respect to an electronic signature if an electronic record includes, in addition to the electronic signature to be notarized, the electronic signature of a notary public together with all other information required to be included in a notarization by other applicable law.” 9. Penalty of Perjury. This Policy shall comport with California Civil Code section 1633.11(b) which states, “In a transaction, if a law requires that a statement be signed under penalty of perjury, the requirement is satisfied with respect to an electronic signature, if an electronic record includes, in addition to the electronic signature, all of the information as to which the declaration pertains together with a declaration under penalty of perjury by the person who submits the electronic signature that the information is true and correct.” 10. Further Acts. Nothing in this Policy shall prevent the City from adopting additional guidelines or taking further actions to implement this Policy or to add other permissible forms of electronic signatures to this Policy. 11. Revocation of Technology. In the event that is determined that an approved electronic signature method or technology is no longer trustworthy or secure, the City Manager shall revoke the approval of such electronic signature method. If there is continued significance for electronic signatures that employed the revoked method, the City Manager will take steps to ensure that any valid records signed with the revoked method are signed again either with a handwritten, wet signature or with an approved electronic signature method. E. Intake Process; Validation Process. 1. Initial Evaluation. City staff shall determine which section(s) of this Policy apply to any electronic signature or electronically signed record. 2. Obtain Consent. City staff shall require all sending parties to provide a written consent agreeing to the City’s Electronic 45635.01000\29385478.1 -7- Signature Use Policy. This consent may be kept on file with the City prior to the sending party transmitting any records or signatures electronically or may be included in the electronic document as evidence that the signer has accepted this Policy. 3. Identify the Sending Party. City staff shall develop rules and standard operating procedures to identify the sending party’s identity, address, and contact information to accompany an electronic signature, record, document, or transmission. 4. Multiple Parties. City staff shall determine whether multiple signatures are required, and if so, each signature shall independently comply with the requirements of this Policy. 5. Notary Requirements. City staff shall determine if any submitted document requires a notary signature. If a notary signature is required, the notary’s signature, if sent electronically, must all comply with the City’s Electronic Signature Use Policy. F. Electronically Transmitted Documents; Confirmation Process. 1. Initial Evaluation. City staff shall determine whether a particular document needs to be authenticated for recording purposes and whether confirmation of that document needs to be provided. 2. Characteristics of Trustworthiness. Reliability, authenticity, integrity, and usability are characteristics of trustworthy records from a records management perspective. Transactions that are critical to the City’s business may require greater assurances that they are reliable, authentic, maintain integrity, and are usable than other transactions of less critical importance. a. Reliability. A reliable record contains content that can be trusted as a full and accurate representation of the transactions, activities, or facts to which it attests, and can be depended upon in the course of subsequent transactions or activities. b. Authenticity. An authentic record is one that is proven to be what it purports to be, and which has 45635.01000\29385478.1 -8- been created or sent by the person who purports to have created or sent it. c. Integrity. The integrity of a record refers to the record’s completeness and total lack of unauthorized alterations. d. Usability. A usable record is one which can be located, retrieved, presented, interpreted, and utilized for its intended purpose or objective. 3. Confirmation of Receipt. From the initial signature of a document to the completion of all required signatures (execution), the document shall be accessible to all signatories to see its status in the workflow. Upon final execution of a contract document, all parties to the contract (as designated by the Contract Administrator who initiates the signature workflow) will be notified electronically and such notification will be recorded as part of the document’s metadata. 4. Confirmation of Filing. The City must also dispatch to the sending party an electronic confirmation that the record or document has been filed and, if applicable, added to the existing record on file. 5. Filer Responsible for Verification. In the absence of the City’s confirmations of receipt and filing, there shall be no presumption that the City received and filed the electronically submitted record or document. The sending party is responsible for verifying that the City received and filed a document and for obtaining confirmations of receipt and filing. 6. Notice of Rejection of Document for Filing. If City staff do not file a record or document because it does not comply with applicable filing requirements or because the required filing fee has not been paid, the City must promptly notify the sending party of the rejection of the record or document for filing. 7. Documents Filed After Close of Business. Records or documents transmitted electronically after the close of the City’s business hours shall be deemed to have been filed on the next business day. 45635.01000\29385478.1 -9- 8. Delayed Delivery. If a technical problem with the City’s software or electronic filing system prevents the City from accepting an electronic submission during its regular filing hours on a particular City business day, and the sending party can demonstrate that he or she attempted to electronically file the document on that particular City business day, then the City shall deem the document to be filed on that day. 9. Endorsement by City. The electronic signature of the City Clerk shall be considered endorsement by the City and shall be so indicated on the signature block of a document. This endorsement shall have the same force and effect as a manually affixed endorsement stamp with the signature and initials of the City Clerk. G. Sanctions. Any individual or party that makes inappropriate, illegal, or fraudulent use of electronic signatures or electronic records in violation of the City’s Electronic Signature Use Policy is subject to sanctions up to and including dismissal, suspension, and criminal prosecution as specified in published City policies or ordinances and State law, whether or not they are directly referenced in this Policy. All inappropriate, illegal, or fraudulent uses of any electronic means of transmission shall be prosecuted to the fullest extent of the law, including the recovery of attorneys’ fees and administrative costs.