The Uniform Electronic Transactions Act is a law that was established in 1999 by the National Conference of Commissioners on Uniform State Laws (NCCUSL). The Uniform Electronic Transactions Act provides guidelines on the use of electronic records, contracts and signatures in personal, business and governmental transactions. As the world has shifted from physical to digital means of correspondence laws and regulations were inherently needed to provide standards of conduct for electronic transactions. The Uniform Electronic Transactions Act provides a legal precedent for digital transactions applying the same weight as physical signatures and records. (Connecticut General Assembly, 2000).
The Uniform Electronic Transactions Act and Data Security
The Uniform Electronic Transactions Act has a different relationship with data security than the others in this list in that it may in fact be a negative influence. The use of electronic contracts, records and signatures exposes individuals and services providers to additional threats in the cyber domain. Through the use of electronic transactions individuals and organizations then need to implement cybersecurity controls to protect the data being stored and transferred.
However, a case could also be made for enhanced security since electronic records may use encryption methods to store and transfer documents making them harder to access. Before electronic records and signatures were officially recognized it was necessary to email or fax signed documents between various parties. This is likely done in an unencrypted form which could be intercepted by cyber criminals. If this took place the documents and their sensitive information found therein would be clearly visible. (Adobe).
DocuSign Data Breach
In May of 2017 the online document signing software company DocuSign was hacked through business email compromise. The attacker was able to access DocuSign’s private database containing volumes of private customer data. The attacker gained access through an email phishing scheme in which an unsuspecting employee clicked and subsequently gave the attacker access to the database. After this the attacker injected malicious software into DocuSign’s servers and extracted the private data. (Burns, 2017).
Forensics investigators from DocuSign were able to determine that the attacker was able to extract a large amount of emails from the database. This data extraction thankfully did not also include other sensitive data that was stored such as social security numbers, addresses and account passwords. Although the attack was generally benign it is still a recent example that shows the vulnerabilities that exist with modern technologies. This attack could have been much worse considering the type of personal data stored by DocuSign. (Lifars, 2017).