This has been (and will be) debated for years, but best to keep it in
proportion.
This borrowed from the web site Henmans LLP (a law firm in the Oxford
area): "Choose a method of authentication of digital signatures that is
proportionate to the risk profile of the deal – you may accept a
simple email message generated from your website as an order for a book,
but you may want to involve VeriSign or Visa or other authentication
bodies for a booking for a holiday". This is just general advice from a
law firm, not paid-for legal advice, but it seems to fit our needs.
http://www.henmansllp.co.uk/digital_signatures
That commonsense approach seems to fit - if it's just a book request or
a request for a literature search or an article, the 'risk' is low - an
email or just citing a membership number to make the order, delivery to
a known email address or if you must then signature on collection.
Essentially enough to satisfy us that it's from a registered user. If it
was for a major contract or something that could end up in court with a
dispute along the lines of "it wasn't me that ordered it and you can't
prove it" then you might go further.
The DTI document Tricia cited talks about major business contracts etc,
where of course it matters far more than our own, admittedly vital,
work.
Reasonable, practical and proportionate, they're the key attributes.
And you always have the opportunity to reauthenticate at the point of
delivery - and of course if you're doubtful you just double-check with
the requestor before doing anything that might cost money.
Kind regards,
Mark.
---------------------------------------------------------------------------------
Mark Kerr (x76020)
Clinical Librarian, EKHUFT
Kent & Canterbury Hospital
East Kent Hospitals University NHS Foundation Trust
Ethelbert Road, Canterbury
Kent, CT1 3NG
01227 864354 (Library)
01227 864156 (Direct Line)
01227 864154 (FAX)
----------------------------------------------------
>>> Rey Patricia <[log in to unmask]> 02/10/2012 15:24 >>>
From the copyright workshops arranged by SHALL I understood that to be
legally valid an esignature has to be transmitted across a secure,
encrypted network (ie be a digital signature) and that the nhs network
does not meet the required specifications.
There's some interesting info here regarding esignatures and digital
signatures. http://www.arx.com/digital-signatures-faq
The DTI's factsheet is here http://www.bis.gov.uk/files/file34339.pdf
Tricia Rey
Library Services Manager
Queen Victoria Hospital NHS Foundation Trust
East Grinstead
Tel: 01342 414266
Mailto:[log in to unmask]
________________________________
From: UK medical/ health care library community / information workers
[mailto:[log in to unmask]] On Behalf Of Library
Sent: 02 October 2012 15:13
To: [log in to unmask]
Subject: e-signatures
Can anybody advise about electronic signatures? I understand that
according to CILIP e-signatures are legally permissible in the UK but
I'm also aware that there are some caveats involved, one in particular
being authentication. I have read that typing a name into a document ,
such as an email, is accepted as a signature and, if I understand
correctly, I think that using an online request from that can only be
accessed once you have logged on to a system is also proof of
authentication. This would mean that a request form that is only
accessible on the intranet and also require the addition of a member's
unique library barcode number should be acceptable too.
Do any of you rely e-signatures and is this as complicated as some
would have us belief. Also is this something that we would need
discuss
with our legal department?
Kind Regards
Jo Hooper
Library Assistant
Library
Level 5
Education Centre
Upper Maudlin Street
Bristol
BS2 8AE
Tel: 0117 3420105
Fax: 0117 9170161
____________________
INFORMATION NOTICE
Please check for viruses before accessing this email and any
attachments.
This email and any attachments may contain confidential information and
is intended only to be seen and used by the named addressee(s).
However, even if confidential, the information contained within it may
be subject to public disclosure under the Freedom of Information Act
(2000),
unless it is legally exempt from disclosure. If you are not a named
addressee, any use, disclosure, copying, alteration or forwarding of
this email
and any attachments is prohibited. If you have received this email in
error please notify the sender immediately by email or by telephoning
01342 414000 and permanently delete this email and any attachments from
your system.
The views expressed within this email and any attachments are those of
the writer and are not necessarily the views or policies of
Queen Victoria Hospital NHS Foundation Trust. Except as required by
law, the Trust shall not be responsible for any damage,
loss or liability of any kind suffered in connection with this email
and any attachments, or which may result from reliance on the contents
of
this email and any attachments.
If you wish to make a request for information under the Freedom of
Information Act (2000), please send your request to [log in to unmask]
Queen Victoria Hospital NHS Foundation Trust
Website: www.qvh.nhs.uk
E-Mail: [log in to unmask]
Switchboard: 01342 414000
IT Support: 01342 414411
______________________
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of East Kent Hospitals University NHS
Foundation Trust. If you are not the intended recipient, be advised
that you have received this email in error and that any use,
dissemination, forwarding, printing or copying of this email is strictly
prohibited.
If you have received this email in error please notify the system
manager at the following email address: [log in to unmask]
www.kentandmedway.nhs.uk
This footnote also confirms that although this email message has been
swept for the presence of computer viruses, it is strongly recommended
that you carry out your own virus scan of this message and any
attachments.
**********************************************************************
|