The use of electronic signatures has become prevalent in human resources, particularly when obtaining hard copy signatures is impractical. Although using electronic signatures allows businesses to execute and store documents more efficiently, employers who do not implement proper safeguards to authenticate their employees’ signatures risk having them invalidated.
Whether an electronic signature is sufficient to execute an agreement is a matter of state law.[1] Most states have adopted the Uniform Electronic Transactions Act (“UETA”), which includes provisions regarding the authentication of electronic signatures, and defines an electronic signature as “an electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.”[2] When a dispute arises regarding whether an employee’s electronic signature is authentic, such as when an employee simply denies that he or she signed the document, the burden is on the employer to properly authenticate the signature.[3] When it comes to authenticating electronic signatures, an employer must implement computer and intranet security measures to ensure that the signature is authentic and genuine.
The law regarding the authenticity of electronic signatures is relatively new, and will likely continue to evolve with technological advances. Accordingly, the safeguards required to authenticate electronic signatures may change as technology provides more effective security measures. To date, courts interpreting the UETA have required that employers use safeguards that:
- Maintain the security of the employees’ passwords;
- Restrict access to the screen permitting electronic execution;
- Determine that electronic signatures are genuine;
- Identify persons who opened employee emails; and
- Ensure that the employee read the emails and/or documents.[4]
Thus, employers who want to make sure that their electronic onboarding agreements are enforceable should maintain the security measures in their intranet that include the following requirements:
- Each employee should select a unique password and maintain the confidentiality of that password. In addition, employees should be told not to share the password with supervisors or other employees.
- Each employee should use password verification to open any email, and the identity of the user opening the email should be stored.
- Each employee should use password verification to open any screen permitting electronic signature and the identity of the user opening the screen should be stored.
- Each employee should use a unique signature, known only to the employee. This should be created by the employee, and should not be an employee number or name. Like the password, the employee should be told to keep this signature confidential and not to share it with supervisors or other employees. Using employee numbers, user names created by the employer, or similar devices that are easily identifiable by supervisors or other employees, rather than a unique signature known only to the employee, makes authentication of the employee’s signature difficult.
- Each employee should verify that he or she has read the entire agreement, and understands its contents, before electronically signing the document. This can be accomplished by electronically checking a box before allowing the signature.
In addition, employers should periodically review their security measures to ensure they comply with current technological and legal standards to ensure the validity of their employees’ electronic signatures.
[1] See, e.g., Hooters of America, Inc. v. Phillips, 39 F. Supp. 2d 582, 610 (D.S.C. 1998) (“In determining whether a valid arbitration agreement arose between the parties, a federal court should look to the state law that ordinarily governs the formation of contracts.”).
[2] See, e.g. S.C. Code § 26-6-20(8).
[3] See, e.g. U.S. v. Hassan, 742 F.3d 104, 133 (4th Cir. 2014) (“A party offering evidence must authenticate the evidence by ‘offering a satisfactory foundation from which the jury could reasonably find that the evidence is authentic.’”).
[4] See, e.g., Kerr v. Dillard Store Svcs., Inc., 2009 US Dist. LEXIS 11792 (D. Kan. February 17, 2009) (denying motion to compel arbitration after trial after employee denied making electronic signature where employer “did not have adequate procedures to maintain the security of intranet passwords, to restrict authorized access to the screen which permitted electronic execution of the arbitration agreement, to determine whether electronic signatures were genuine or to determine who opened individual emails.”); Campbell v. General Dynamics Gov’t Systems, 321 F. Supp. 2d 142 (D. Mass. 2004) (refusing to compel arbitration where employer failed to show that employee was aware of the contents of the email notifying him of the terms of the arbitration agreement).