This has been (and will be) debated for years, but best to keep it in
proportion.

This borrowed from the web site Henmans LLP (a law firm in the Oxford
area): "Choose a method of authentication of digital signatures that is
proportionate to the risk profile of the deal – you may accept a
simple email message generated from your website as an order for a book,
but you may want to involve VeriSign or Visa or other authentication
bodies for a booking for a holiday". This is just general advice from a 
law firm, not paid-for legal advice, but it seems to fit our needs.
http://www.henmansllp.co.uk/digital_signatures 

That commonsense approach seems to fit - if it's just a book request or
a request for a literature search or an article, the 'risk' is low -  an
email or just citing a membership number to make the order, delivery to
a known email address or if you must then signature on collection.
Essentially enough to satisfy us that it's from a registered user. If it
was for a major contract or something that could end up in court with a
dispute along the lines of "it wasn't me that ordered it and you can't
prove it" then you might go further. 

The DTI document Tricia cited talks about major business contracts etc,
where of course it matters far more than our own, admittedly vital,
work.

Reasonable, practical and proportionate, they're the key attributes.
And you always have the opportunity to reauthenticate at the point of
delivery - and of course if you're doubtful you just double-check with
the requestor before doing anything that might cost money.

Kind regards,
Mark.

---------------------------------------------------------------------------------
Mark Kerr                           (x76020)
Clinical Librarian, EKHUFT
Kent & Canterbury Hospital
East Kent Hospitals University NHS Foundation Trust
Ethelbert Road, Canterbury
Kent, CT1 3NG

01227 864354 (Library)
01227 864156 (Direct Line)
01227 864154 (FAX)
----------------------------------------------------

>>> Rey Patricia <[log in to unmask]> 02/10/2012 15:24 >>>
From the copyright workshops arranged by SHALL I understood that to be
legally valid an esignature has to be transmitted across a secure,
encrypted network (ie be a digital signature) and that the nhs network
does not meet the required specifications.

 

There's some interesting info here regarding esignatures and digital
signatures. http://www.arx.com/digital-signatures-faq 

 

The DTI's factsheet is here http://www.bis.gov.uk/files/file34339.pdf 

 

Tricia Rey 
Library Services Manager 
Queen Victoria Hospital NHS Foundation Trust 
East Grinstead 
Tel: 01342 414266 
Mailto:[log in to unmask] 

________________________________

From: UK medical/ health care library community / information workers
[mailto:[log in to unmask]] On Behalf Of Library
Sent: 02 October 2012 15:13
To: [log in to unmask] 
Subject: e-signatures

 

Can anybody advise about electronic signatures? I understand that
according to CILIP e-signatures are legally permissible in the UK but
I'm also aware that there are some caveats involved, one in particular
being authentication. I have read that typing a name into a document ,
such as an email, is accepted as a signature and, if I understand
correctly, I think that using an online request from that can only be
accessed once you have logged on to a system is also proof of
authentication. This would mean that a request form that is only
accessible on the intranet and also require the addition of a member's
unique library barcode  number should be acceptable too.

 

Do any of you rely  e-signatures and is this as complicated as some
would have us belief. Also is this something that we would need
discuss
with our legal department?

 

 

Kind Regards

Jo Hooper

Library Assistant

Library

Level 5

Education Centre

Upper Maudlin Street

Bristol

BS2 8AE

Tel: 0117 3420105

Fax: 0117 9170161

 

 

 


____________________

INFORMATION NOTICE 

Please check for viruses before accessing this email and any
attachments. 

This email and any attachments may contain confidential information and
is intended only to be seen and used by the named addressee(s). 
However, even if confidential, the information contained within it may
be subject to public disclosure under the Freedom of Information Act
(2000), 
unless it is legally exempt from disclosure. If you are not a named
addressee, any use, disclosure, copying, alteration or forwarding of
this email 
and any attachments is prohibited. If you have received this email in
error please notify the sender immediately by email or by telephoning 
01342 414000 and permanently delete this email and any attachments from
your system. 

The views expressed within this email and any attachments are those of
the writer and are not necessarily the views or policies of 
Queen Victoria Hospital NHS Foundation Trust. Except as required by
law, the Trust shall not be responsible for any damage, 
loss or liability of any kind suffered in connection with this email
and any attachments, or which may result from reliance on the contents
of 
this email and any attachments.

If you wish to make a request for information under the Freedom of
Information Act (2000), please send your request to [log in to unmask]

Queen Victoria Hospital NHS Foundation Trust
Website: www.qvh.nhs.uk 
E-Mail: [log in to unmask] 
Switchboard: 01342 414000
IT Support: 01342 414411
______________________


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of East Kent Hospitals University NHS
Foundation Trust.  If you are not the intended recipient, be advised
that you have received this email in error and that any use,
dissemination, forwarding, printing or copying of this email is strictly
prohibited.

If you have received this email in error please notify the system
manager at the following email address: [log in to unmask]

www.kentandmedway.nhs.uk

This footnote also confirms that although this email message has been
swept  for the presence of computer viruses, it is strongly recommended
that you carry out your own virus scan of this message and any
attachments.

**********************************************************************