Section 5 of the Information Technology Act, 2000 recognizes the validity of digital signature and recognizes its validity akin to that of the handwritten signatures. The authentication of the signatures has to be affixed in a manner prescribed by the Central government. Furthermore, Section 65A of the Indian Evidence Act says that electronic records can be proved before the court by way of complying with the provisions of Section 65B of the Indian Evidence Act. Agreements and contracts entered into on an electronic platform with a digital signature attached to it is therefore an admissible evidence under the Indian Evidence Act, 1872.
Digital signature can be used to sign a wide range of documents including contracts and agreements of varied nature-employment contracts, sale agreements, lease agreements, NDAs, MOU, real estate documents, among others.
However, the IT act, 2020 does not validate certain transactions and documents executed on an e-signature platform, which includes:
Section 15 of the IT Act, 2020 categorically stipulates that an electronic signature shall be deemed to be secure wherein if, (i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and (ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed.Furthermore, 66C of the Act also renders punishment and penalty for identity theft, which includes electronic signatures. As the stewards of data, PracticeLeague ensures to handle personal data of voluntarily disclosed by the users of our e-Signature platform with utmost care and diligence and well in line with the international standards of data collection, and data retention policies. We also maintain an Audit Trail for the processing of personal data that is in accordance with the General Data Protection Regulation (GDPR).
An Audit trail is electronic document containing the logs of all the activities that take place during the signing activity in a transaction on the document. Details in an audit trail include the details of the public IP of the users of the eSignature platform, location, and the timestamp of the overall transaction. We continually improve our audit trails and use best industry practices to improve overall visibility, and maintain the trust of our clients.
As a technology company, we are often asked what is the procedure we follow regarding data administration.
Rule 5(4) of the Data protection rules mandates sensitive personal data or information to be retained for no longer than required. Section 7 of the Information Technology Act allows retention of electronic documents for the purpose akin to the paper-based records, in order to fulfil legal requirements. By virtue of Section 7(1) of the act, where the law provides that documents, records and information shall be retained for a specific period, it is deemed that such information may be retained in electronic format also subject to audit.
-we anticipate continuity in service
-to comply with legal duties and requirements, either statutory or regulatory.
-if we anticipate any disagreement between the end-user and the platform regarding the service/solution provided by RazorSign.
All information pertaining to existing and potential clients are collected and stored following practices such as instance isolation, symmetric and asymmetric encryption techniques, one-way hashing algorithms. Data is also saved on FIPS-140-2 Level 2 compliant hardware security modules, where different security and protection methods are adopted to store information with disk-to-disk-to-tape, method.
The eSignature platform follows the ISO/IEC 27001 Information Security Management System Standard to handle all data and information. In our efforts to comply with the same, we appoint a third-party information security auditor appointed by the CERT-IN, MEITY, Government of India. We follow strict internal access control policy within the contours of ISO 27001 that is compliant with Information security policies.