The Canadian Perspective: Legal Best Practices for e-Signatures in Insurance part II
Daniel Fabiano presented a webinar* "Insurance Documentation: E-Signature & E-Delivery" with OneSpan. Mr. Fabiano is a partner at Fasken Martineau DuMoulin LLP. In this capacity, he advises technology providers, developers and users in a number of capacities including Internet, e-commerce platforms, social media, licensing and privacy matters. He recently authored the advisory report on electronic signature and delivery commissioned by the Center for Study of Insurance Operations.
The Legal Considerations of Electronic Signatures for Insurance
E-commerce laws do not oblige anyone to use electronic means to conduct business. Customers and insurers cannot be compelled to participate in the electronic execution or delivery of insurance documents. Consent is required. Consent can be express or implied depending on the context. If implied consent is to be relied upon, you need to be satisfied that there are reasonable grounds to believe the consent is genuine and applies to the relevant information or documents. While implied consent is possible, a better practice is to obtain express consent. When using electronic means to enter into contracts and deliver documents, consent language should be clearly stated in the documents.
The consent should be obtained at the outset, and should apply to entering into a contract electronically and to the ongoing delivery of information by electronic means (e.g., email). Aside from the general issue of consent is the issue of what constitutes a valid electronic signature. Canadian electronic commerce laws generally define an electronic signature as "electronic information that a person creates or adopts in order to sign a document and that is in, attached to or associated with the document." This is a broad definition and can encompass different types of electronic signature.
Whether an electronic signature will meet a legal requirement for a signature on a particular document will depend on circumstances specific to that document. At the sophisticated end are encrypted digital signatures, and at the less sophisticated end are mere digitized representations of a signature (e.g., a graphic image or an email signature line or a typed name). It is important to look at context of how the signature will be used to determine which type is appropriate in different instances such as electronic signatures for insurance. The insurance laws of some jurisdictions impose an evidentiary requirement for electronic signatures that are used in insurance documents – and to meet this evidentiary requirement the technology or process used to create an electronic signature must be able to prove that:
1) The signature created is unique to the person that signed the document;
2) The signature is actually incorporated, attached to or associated into the specific document; and
3) The signature can identify the person who used the technology to sign the document.
The onus to prove those elements is on the person seeking the signature – generally, the broker or insurance organization. Proving these elements is important in addressing the risk of repudiation. Even though a document contains the insured’s signature, that person could allege that he/she never signed the document or that the document was changed after it was signed. These are the risks that need to be addressed through whatever e-signature process is adopted. Of course, the risk of repudiation is not unique to e-commerce. It is always a concern for any type of transaction, whether electronic or paper.
There’s Three "I"s In the E-signature for Insurance Process
Some say that the risk of repudiation is exacerbated in an online environment because you don't necessarily know who is at the other and of the Internet connection. Even so, there are some risk mitigation measures that can be employed. An electronic signature process should be designed with the three I’s in mind:
- Identity: Does the process address the identity of the person signing the document? Is the electronic signature that person’s signature?
- Intention: Did the person apply his or her signature with the intent to sign this document?
- Integrity: Is the electronic signature bound to the document so that any changes to the document (after it is signed) can be detected and flagged?
In effect, this requires some sort of audit trail and some form of tamper proofing measures, to ensure that any changes to the document are tracked, can be explained and validated. Any unauthorized changes can be blocked or flagged so they don’t alter the document. In many ways electronic documents can offer greater security and tamper proofing than paper documents because of the ability to maintain electronic surveillance about the document – tracking information about changes and attempted changes to the document.
*This blog is for general information only. It is neither intended as, nor should be construed as, legal advice or opinion. Insurance and e-commerce laws in Canada vary by province. For legal advice that is specific to your jurisdiction and situation, please consult a lawyer.