Secure Electronic Records & Electronic Signatures

Section 14. Secure electronic record.

• When an electronic record is protected using a prescribed or recognised security procedure then:

• The law assumes that the record has not been altered and can be relied upon as authentic.

• The Security procedure could be encryption, digital signature, hash verification, or other approved methods as prescribed.

• The protection must be applied at a clearly identifiable point in time.

• From that exact moment, the electronic record is treated as a secure electronic record.

• Theis means that the electronic record’s integrity, authenticity, and reliability are legally recognised.

• This status continues during the entire period until the record is examined, checked, or verified by the concerned authority or system.

Section 15. Secure electronic signature.

• An electronic signature shall be deemed to be a secure electronic signature if:

• (i).

  1. The signature creation data has been used at the time of signing.

  2. At that moment, the data must be under the exclusive control of the signatory and no other person.

• (ii).

  1. Signature creation data is involved must be securely stored.

  2. The storage must ensure exclusive control of the signatory.

  3. No other person should be able to access or use this data.

  4. The signature must be affixed using this data in the same exclusive manner.

  5. The method of storage and affixing must follow the procedure prescribed by law or rules.

Explanation:

• With respect to Digital signatures.

  1. Signature creation data is specifically defined.

  2. This signature data refers to the private key.

  3. This private key belongs to the subscriber.

  4. This private key is used to create the digital signature.

Section 16. Security procedures and practices.

• The Central Government has the power to make rules.

• This power is exercised for the purposes of sections 14 and 15.

• The Government may prescribe security procedures and practices.

• These procedures define how electronic records and signature data must be secured.

• The standards are issued through rules, not directly in the Act.

• While the Government is making rule it has to make sure that:

  1. Security procedures must consider commercial circumstances.

  2. The nature of transactions (simple, complex, high-value, low-risk, etc.) must be taken into account.

  3. The Government may also consider other relevant factors it finds appropriate.