130th Ohio General Assembly
The online versions of legislation provided on this website are not official. Enrolled bills are the final version passed by the Ohio General Assembly and presented to the Governor for signature. The official version of acts signed by the Governor are available from the Secretary of State's Office in the Continental Plaza, 180 East Broad St., Columbus.

As Introduced

123rd General Assembly
Regular Session
1999-2000
H. B. No. 488

REPRESENTATIVES TERWILLEGER-AMSTUTZ-HOUSEHOLDER-HARRIS- GARDNER-TIBERI-CAREY-MOTTLEY-CORBIN-METZGER-HOLLISTER- VAN VYVEN-WILLAMOWSKI-OLMAN-DePIERO-LUEBBERS-THOMAS- TRAKAS-GOODMAN-HOOPS-AUSTRIA-DAMSCHRODER-HARTNETT-SYKES- MAIER-BRADING-PETERSON-MEAD-SCHULER-METELSKY-TAYLOR-JOLIVETTE- BUEHRER-FLANNERY


A BILL
To amend section 2913.31 and to enact sections 1306.01 to 1306.13, 1306.15, 1306.17 to 1306.26, 1306.28, 1306.29, 1306.32, 1306.35 to 1306.38, and 1306.99 of the Revised Code to enact the Electronic Records and Signatures Act by providing for regulation of electronic signatures, including digital signatures, and electronic records; creating the Electronic Commerce Commission to regulate security and enforcement relative to electronic records and electronic signatures; providing for state agency use of electronic records and signatures; and providing civil remedies and criminal penalties for violations, and to terminate the Electronic Commerce Commission four years after the effective date of this act by repealing section 1306.32 of the Revised Code on that date.

BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF OHIO:


Section 1. That section 2913.31 be amended and sections 1306.01, 1306.02, 1306.03, 1306.04, 1306.05, 1306.06, 1306.07, 1306.08, 1306.09, 1306.10, 1306.11, 1306.12, 1306.13, 1306.15, 1306.17, 1306.18, 1306.19, 1306.20, 1306.21, 1306.22, 1306.23, 1306.24, 1306.25, 1306.26, 1306.28, 1306.29, 1306.32, 1306.35, 1306.36, 1306.37, 1306.38, and 1306.99 of the Revised Code be enacted to read as follows:

Sec. 1306.01. AS USED IN SECTIONS 1306.01 TO 1306.38 of the Revised Code:

(A) "ASYMMETRIC CRYPTOSYSTEM" MEANS A COMPUTER-BASED SYSTEM CAPABLE OF GENERATING AND USING A KEY PAIR CONSISTING OF A PRIVATE KEY FOR CREATING A DIGITAL SIGNATURE AND A PUBLIC KEY TO VERIFY THE DIGITAL SIGNATURE.

(B) "CERTIFICATE" MEANS A RECORD THAT AT A MINIMUM DOES ALL OF THE FOLLOWING:

(1) IT IDENTIFIES THE CERTIFICATION AUTHORITY ISSUING IT.

(2) IT NAMES OR OTHERWISE IDENTIFIES ITS SUBSCRIBER OR A DEVICE OR ELECTRONIC AGENT UNDER THE CONTROL OF THE SUBSCRIBER.

(3) IT CONTAINS A PUBLIC KEY THAT CORRESPONDS TO A PRIVATE KEY UNDER THE CONTROL OF THE SUBSCRIBER.

(4) IT SPECIFIES ITS OPERATIONAL PERIOD.

(5) IT IS DIGITALLY SIGNED BY THE CERTIFICATION AUTHORITY ISSUING IT.

(C) "CERTIFICATION AUTHORITY" MEANS A PERSON THAT AUTHORIZES AND CAUSES THE ISSUANCE OF A CERTIFICATE.

(D) "CERTIFICATION PRACTICE STATEMENT" IS A STATEMENT PUBLISHED BY A CERTIFICATION AUTHORITY THAT SPECIFIES THE POLICIES OR PRACTICES THAT THE CERTIFICATION AUTHORITY EMPLOYS IN ISSUING, MANAGING, SUSPENDING, AND REVOKING CERTIFICATES AND PROVIDING ACCESS TO THEM.

(E) "CORRESPOND," WITH REFERENCE TO KEYS, MEANS TO BELONG TO THE SAME KEY PAIR.

(F) "DIGITAL SIGNATURE" MEANS A SECURITY PROCEDURE AND A TYPE OF ELECTRONIC SIGNATURE CREATED BY TRANSFORMING AN ELECTRONIC RECORD USING A MESSAGE DIGEST FUNCTION AND ENCRYPTING THE RESULTING TRANSFORMATION WITH AN ASYMMETRIC CRYPTOSYSTEM USING THE SIGNER'S PRIVATE KEY SUCH THAT ANY PERSON HAVING THE INITIAL UNTRANSFORMED ELECTRONIC RECORD, THE ENCRYPTED TRANSFORMATION, AND THE SIGNER'S CORRESPONDING PUBLIC KEY CAN ACCURATELY DETERMINE WHETHER THE TRANSFORMATION WAS CREATED USING THE PRIVATE KEY THAT CORRESPONDS TO THE SIGNER'S PUBLIC KEY AND WHETHER THE INITIAL ELECTRONIC RECORD HAS BEEN ALTERED SINCE THE TRANSFORMATION WAS MADE.

(G) "ELECTRONIC" INCLUDES ELECTRICAL, DIGITAL, MAGNETIC, OPTICAL, ELECTROMAGNETIC, OR ANY OTHER FORM OF TECHNOLOGY THAT ENTAILS CAPABILITIES SIMILAR TO THESE TECHNOLOGIES.

(H) "ELECTRONIC RECORD" MEANS A RECORD GENERATED, COMMUNICATED, RECEIVED, OR STORED BY ELECTRONIC MEANS FOR USE IN AN INFORMATION SYSTEM OR FOR TRANSMISSION FROM ONE INFORMATION SYSTEM TO ANOTHER.

(I) "ELECTRONIC SIGNATURE" MEANS A SIGNATURE IN ELECTRONIC FORM ATTACHED TO OR LOGICALLY ASSOCIATED WITH AN ELECTRONIC RECORD.

(J) "INFORMATION" INCLUDES DATA, TEXT, IMAGES, SOUND, CODE, COMPUTER PROGRAMS, SOFTWARE, DATABASES, AND THE LIKE.

(K) "KEY PAIR" MEANS, IN AN ASYMMETRIC CRYPTOSYSTEM, TWO MATHEMATICALLY RELATED KEYS, REFERRED TO AS A PRIVATE KEY AND A PUBLIC KEY, TO WHICH BOTH OF THE FOLLOWING APPLY:

(1) THE PRIVATE KEY CAN ENCRYPT A MESSAGE THAT ONLY THE PUBLIC KEY CAN DECRYPT.

(2) EVEN KNOWING THE PUBLIC KEY, IT IS COMPUTATIONALLY UNFEASIBLE TO DISCOVER THE PRIVATE KEY.

(L) "MESSAGE DIGEST FUNCTION" MEANS AN ALGORITHM THAT MAPS OR TRANSLATES THE SEQUENCE OF BITS COMPRISING AN ELECTRONIC RECORD INTO A MESSAGE DIGEST, WHICH IS GENERALLY A SMALLER SET OF BITS, WITHOUT REQUIRING THE USE OF ANY SECRET INFORMATION, SUCH THAT AN ELECTRONIC RECORD YIELDS THE SAME MESSAGE DIGEST EVERY TIME THE ALGORITHM IS EXECUTED USING SUCH RECORD AS INPUT, AND IT IS COMPUTATIONALLY UNFEASIBLE THAT ANY TWO ELECTRONIC RECORDS CAN BE FOUND OR DELIBERATELY GENERATED THAT WOULD PRODUCE THE SAME MESSAGE DIGEST USING THE ALGORITHM UNLESS THE TWO RECORDS ARE PRECISELY IDENTICAL.

(M) "OPERATIONAL PERIOD OF A CERTIFICATE" BEGINS ON THE DATE AND TIME THE CERTIFICATE IS ISSUED BY A CERTIFICATION AUTHORITY OR ON A LATER DATE AND TIME CERTAIN IF STATED IN THE CERTIFICATE AND ENDS ON THE DATE AND TIME IT EXPIRES AS NOTED IN THE CERTIFICATE OR IS EARLIER REVOKED BUT DOES NOT INCLUDE ANY PERIOD DURING WHICH A CERTIFICATE IS SUSPENDED.

(N) "PERSON" MEANS AN INDIVIDUAL, CORPORATION, BUSINESS TRUST, ESTATE, TRUST, PARTNERSHIP, LIMITED PARTNERSHIP, LIMITED LIABILITY PARTNERSHIP, LIMITED LIABILITY COMPANY, ASSOCIATION, JOINT VENTURE, GOVERNMENT, GOVERNMENTAL SUBDIVISION, AGENCY, OR INSTRUMENTALITY, OR ANY OTHER LEGAL OR COMMERCIAL ENTITY.

(O) "PRIVATE KEY" MEANS THE KEY OF A KEY PAIR USED TO CREATE A DIGITAL SIGNATURE.

(P) "PUBLIC KEY" MEANS THE KEY OF A KEY PAIR USED TO VERIFY A DIGITAL SIGNATURE.

(Q) "RECORD" MEANS INFORMATION THAT IS INSCRIBED, STORED, OR OTHERWISE FIXED ON A TANGIBLE MEDIUM OR THAT IS STORED IN AN ELECTRONIC OR OTHER MEDIUM AND IS RETRIEVABLE IN PERCEIVABLE FORM.

(R) "REPOSITORY" MEANS A SYSTEM FOR STORING AND RETRIEVING CERTIFICATES OR OTHER INFORMATION RELEVANT TO CERTIFICATES, INCLUDING INFORMATION RELATING TO THE STATUS OF A CERTIFICATE.

(S) "REVOKE A CERTIFICATE" MEANS TO PERMANENTLY END THE OPERATIONAL PERIOD OF A CERTIFICATE FROM A SPECIFIED TIME FORWARD.

(T) "SECURITY PROCEDURE" MEANS A METHODOLOGY OR PROCEDURE USED FOR THE PURPOSE OF VERIFYING THAT AN ELECTRONIC RECORD IS THAT OF A SPECIFIC PERSON OR DETECTING ERROR OR ALTERATION IN THE COMMUNICATION, CONTENT, OR STORAGE OF AN ELECTRONIC RECORD SINCE A SPECIFIC POINT IN TIME. A SECURITY PROCEDURE MAY REQUIRE THE USE OF ALGORITHMS OR CODES, IDENTIFYING WORDS OR NUMBERS, ENCRYPTION, ANSWER BACK OR ACKNOWLEDGMENT PROCEDURES, OR SIMILAR SECURITY DEVICES.

(U) "SIGNATURE DEVICE" MEANS UNIQUE INFORMATION, SUCH AS CODES, ALGORITHMS, LETTERS, NUMBERS, PRIVATE KEYS, OR PERSONAL IDENTIFICATION NUMBERS, OR A UNIQUELY CONFIGURED PHYSICAL DEVICE, THAT IS REQUIRED, ALONE OR IN CONJUNCTION WITH OTHER INFORMATION OR DEVICES, IN ORDER TO CREATE AN ELECTRONIC SIGNATURE ATTRIBUTABLE TO A SPECIFIC PERSON.

(V) "SIGNED" OR "SIGNATURE" INCLUDES ANY SYMBOL EXECUTED OR ADOPTED, OR ANY SECURITY PROCEDURE EMPLOYED OR ADOPTED, USING ELECTRONIC MEANS OR OTHERWISE, BY OR ON BEHALF OF A PERSON WITH INTENT TO AUTHENTICATE A RECORD.

(W) "STATE AGENCY" MEANS EVERY ORGANIZED BODY, OFFICE, OR AGENCY ESTABLISHED BY THE LAWS OF THE STATE FOR THE EXERCISE OF ANY FUNCTION OF STATE GOVERNMENT.

(X) "SUBSCRIBER" MEANS A PERSON MEETING ALL OF THE FOLLOWING:

(1) THE PERSON IS THE SUBJECT NAMED OR OTHERWISE IDENTIFIED IN A CERTIFICATE.

(2) THE PERSON CONTROLS A PRIVATE KEY THAT CORRESPONDS TO THE PUBLIC KEY LISTED IN THAT CERTIFICATE.

(3) THE PERSON IS THE PERSON TO WHOM DIGITALLY SIGNED MESSAGES VERIFIED BY REFERENCE TO SUCH CERTIFICATE ARE TO BE ATTRIBUTED.

(Y) "SUSPEND A CERTIFICATE" MEANS TO TEMPORARILY SUSPEND THE OPERATIONAL PERIOD OF A CERTIFICATE FOR A SPECIFIED TIME PERIOD OR FROM A SPECIFIED TIME FORWARD.

(Z) "TRUSTWORTHY MANNER" MEANS THE USE OF COMPUTER HARDWARE, SOFTWARE, AND PROCEDURES THAT, IN THE CONTEXT IN WHICH THEY ARE USED, MEET ALL OF THE FOLLOWING:

(1) THEY CAN BE SHOWN TO BE REASONABLY RESISTANT TO PENETRATION, COMPROMISE, AND MISUSE.

(2) THEY PROVIDE A REASONABLE LEVEL OF RELIABILITY AND CORRECT OPERATION.

(3) THEY ARE REASONABLY SUITED TO PERFORMING THEIR INTENDED FUNCTIONS OR SERVING THEIR INTENDED PURPOSES.

(4) THEY COMPLY WITH APPLICABLE AGREEMENTS BETWEEN THE PARTIES, IF ANY.

(5) THEY ADHERE TO GENERALLY ACCEPTED SECURITY PROCEDURES.

(AA) "VALID CERTIFICATE" MEANS A CERTIFICATE THAT A CERTIFICATION AUTHORITY HAS ISSUED AND THAT THE SUBSCRIBER LISTED IN THE CERTIFICATE HAS ACCEPTED.

(BB) "VERIFY A DIGITAL SIGNATURE" MEANS TO USE THE PUBLIC KEY LISTED IN A VALID CERTIFICATE, ALONG WITH THE APPROPRIATE MESSAGE DIGEST FUNCTION AND ASYMMETRIC CRYPTOSYSTEM, TO EVALUATE A DIGITALLY SIGNED ELECTRONIC RECORD, SUCH THAT THE RESULT OF THE PROCESS CONCLUDES THAT THE DIGITAL SIGNATURE WAS CREATED USING THE PRIVATE KEY CORRESPONDING TO THE PUBLIC KEY LISTED IN THE CERTIFICATE AND THAT THE ELECTRONIC RECORD HAS NOT BEEN ALTERED SINCE ITS DIGITAL SIGNATURE WAS CREATED.

Sec. 1306.02. (A) SECTIONS 1306.01 TO 1306.38 OF THE REVISED CODE MAY BE CITED AS THE "ELECTRONIC RECORDS AND SIGNATURES ACT."

(B) SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL BE CONSTRUED CONSISTENTLY WITH WHAT IS COMMERCIALLY REASONABLE UNDER THE CIRCUMSTANCES AND TO EFFECTUATE THE FOLLOWING PURPOSES:

(1) TO FACILITATE ELECTRONIC COMMUNICATIONS BY MEANS OF RELIABLE ELECTRONIC RECORDS;

(2) TO FACILITATE AND PROMOTE ELECTRONIC COMMERCE, BY ELIMINATING BARRIERS RESULTING FROM UNCERTAINTIES OVER WRITING AND SIGNATURE REQUIREMENTS, AND PROMOTING THE DEVELOPMENT OF THE LEGAL AND BUSINESS INFRASTRUCTURE NECESSARY TO IMPLEMENT SECURE ELECTRONIC COMMERCE;

(3) TO FACILITATE ELECTRONIC FILING OF DOCUMENTS WITH STATE AGENCIES AND LOCAL GOVERNMENTS, AND TO PROMOTE EFFICIENT DELIVERY OF GOVERNMENT SERVICES BY MEANS OF RELIABLE ELECTRONIC RECORDS;

(4) TO MINIMIZE THE INCIDENCE OF FORGED ELECTRONIC RECORDS, INTENTIONAL AND UNINTENTIONAL ALTERATION OF RECORDS, AND FRAUD IN ELECTRONIC COMMERCE;

(5) TO HELP TO ESTABLISH UNIFORMITY OF RULES AND STANDARDS REGARDING THE AUTHENTICATION AND INTEGRITY OF ELECTRONIC RECORDS;

(6) TO PROMOTE PUBLIC CONFIDENCE IN THE INTEGRITY AND RELIABILITY OF ELECTRONIC RECORDS AND ELECTRONIC COMMERCE.

Sec. 1306.03. (A) INFORMATION, RECORDS, AND SIGNATURES SHALL NOT BE DENIED LEGAL EFFECT, VALIDITY, OR ENFORCEABILITY SOLELY ON THE GROUNDS THAT THEY ARE IN ELECTRONIC FORM.

(B) WHERE A RULE OF LAW REQUIRES INFORMATION TO BE "WRITTEN" OR "IN WRITING," OR PROVIDES FOR CERTAIN CONSEQUENCES IF IT IS NOT, AN ELECTRONIC RECORD SATISFIES THAT RULE OF LAW.

(C)(1) WHERE A RULE OF LAW REQUIRES A SIGNATURE, OR PROVIDES FOR CERTAIN CONSEQUENCES IF A DOCUMENT IS NOT SIGNED, AN ELECTRONIC SIGNATURE SATISFIES THAT RULE OF LAW.

(2) AN ELECTRONIC SIGNATURE MAY BE PROVED IN ANY MANNER, INCLUDING BY SHOWING THAT A PROCEDURE EXISTED BY WHICH A PARTY MUST OF NECESSITY HAVE EXECUTED A SYMBOL OR SECURITY PROCEDURE FOR THE PURPOSE OF VERIFYING THAT AN ELECTRONIC RECORD IS THAT OF SUCH PARTY IN ORDER TO PROCEED FURTHER WITH A TRANSACTION.

(D) DIVISIONS (B) AND (C) OF THIS SECTION DO NOT APPLY:

(1) WHEN THEIR APPLICATION WOULD INVOLVE A CONSTRUCTION OF A RULE OF LAW THAT IS CLEARLY INCONSISTENT WITH THE LAW OR REPUGNANT TO THE CONTEXT OF THE SAME RULE OF LAW, PROVIDED THAT THE REQUIREMENT THAT INFORMATION BE "IN WRITING," "WRITTEN," OR "PRINTED," OR THAT THERE BE A "SIGNATURE" OR THAT THE RECORD BE "SIGNED," SHALL NOT BY ITSELF BE SUFFICIENT TO ESTABLISH THIS INTENT;

(2) TO ANY RULE OF LAW GOVERNING THE CREATION OR EXECUTION OF A WILL OR TRUST, LIVING WILL, OR HEALTH CARE POWER OF ATTORNEY;

(3) TO ANY RECORD THAT SERVES AS A UNIQUE AND TRANSFERABLE INSTRUMENT OF RIGHTS AND OBLIGATIONS, INCLUDING, WITHOUT LIMITATION, NEGOTIABLE INSTRUMENTS AND OTHER INSTRUMENTS OF TITLE WHEREIN POSSESSION OF THE INSTRUMENT IS DEEMED TO CONFER TITLE, UNLESS AN ELECTRONIC VERSION OF THE RECORD IS CREATED, STORED, AND TRANSFERRED IN A MANNER THAT ALLOWS FOR THE EXISTENCE OF ONLY ONE UNIQUE, IDENTIFIABLE, AND UNALTERABLE ORIGINAL WITH THE FUNCTIONAL ATTRIBUTES OF AN EQUIVALENT PHYSICAL INSTRUMENT, THAT CAN BE POSSESSED BY ONLY ONE PERSON, AND THAT CANNOT BE COPIED EXCEPT IN A FORM THAT IS READILY IDENTIFIABLE AS A COPY.

Sec. 1306.04. (A) WHERE A RULE OF LAW REQUIRES INFORMATION TO BE PRESENTED OR RETAINED IN ITS ORIGINAL FORM, OR PROVIDES CONSEQUENCES FOR THE INFORMATION NOT BEING PRESENTED OR RETAINED IN ITS ORIGINAL FORM, THAT RULE OF LAW IS SATISFIED BY AN ELECTRONIC RECORD IF THERE EXISTS RELIABLE ASSURANCE AS TO THE INTEGRITY AND RELIABILITY OF THE INFORMATION, DETERMINED IN ACCORDANCE WITH DIVISION (B) OF THIS SECTION, FROM THE TIME WHEN IT WAS FIRST GENERATED IN ITS FINAL FORM, AS AN ELECTRONIC RECORD OR OTHERWISE.

(B)(1) THE CRITERION FOR ASSESSING INTEGRITY IS WHETHER THE INFORMATION HAS REMAINED COMPLETE AND UNALTERED, APART FROM THE ADDITION OF ANY ENDORSEMENT OR OTHER INFORMATION THAT ARISES IN THE NORMAL COURSE OF COMMUNICATION, STORAGE, AND DISPLAY.

(2) THE STANDARD OF RELIABILITY REQUIRED TO ENSURE THAT INFORMATION HAS REMAINED COMPLETE AND UNALTERED IS TO BE ASSESSED IN THE LIGHT OF THE PURPOSE FOR WHICH THE INFORMATION WAS GENERATED AND IN THE LIGHT OF ALL THE RELEVANT CIRCUMSTANCES.

(C) THIS SECTION DOES NOT APPLY TO ANY RECORD THAT SERVES AS A UNIQUE AND TRANSFERABLE INSTRUMENT OF RIGHTS AND OBLIGATIONS, INCLUDING, WITHOUT LIMITATION, NEGOTIABLE INSTRUMENTS AND OTHER INSTRUMENTS OF TITLE WHEREIN POSSESSION OF THE INSTRUMENT IS DEEMED TO CONFER TITLE, UNLESS AN ELECTRONIC VERSION OF THE RECORD IS CREATED, STORED, AND TRANSFERRED IN A MANNER THAT ALLOWS FOR THE EXISTENCE OF ONLY ONE UNIQUE, IDENTIFIABLE, AND UNALTERABLE ORIGINAL WITH THE FUNCTIONAL ATTRIBUTES OF AN EQUIVALENT PHYSICAL INSTRUMENT, THAT CAN BE POSSESSED BY ONLY ONE PERSON, AND THAT CANNOT BE COPIED EXCEPT IN A FORM THAT IS READILY IDENTIFIABLE AS A COPY.

Sec. 1306.05. (A) WHERE A RULE OF LAW REQUIRES THAT CERTAIN DOCUMENTS, RECORDS, OR INFORMATION BE RETAINED, THAT REQUIREMENT IS MET BY RETAINING ELECTRONIC RECORDS OF SUCH INFORMATION IN A TRUSTWORTHY MANNER, PROVIDED THE FOLLOWING CONDITIONS ARE SATISFIED:

(1) THE ELECTRONIC RECORD AND THE INFORMATION CONTAINED THEREIN ARE ACCESSIBLE SO AS TO BE USABLE FOR SUBSEQUENT REFERENCE AT ALL TIMES WHEN SUCH INFORMATION MUST BE RETAINED.

(2) THE INFORMATION IS RETAINED IN THE FORMAT IN WHICH IT WAS ORIGINALLY GENERATED, SENT, OR RECEIVED OR IN A FORMAT THAT CAN BE DEMONSTRATED TO REPRESENT ACCURATELY THE INFORMATION ORIGINALLY GENERATED, SENT, OR RECEIVED.

(3) SUCH DATA, IF ANY, IS RETAINED AS ENABLES THE IDENTIFICATION OF THE ORIGIN AND DESTINATION OF THE INFORMATION, THE AUTHENTICITY AND INTEGRITY OF THE INFORMATION, AND THE DATE AND TIME WHEN IT WAS SENT OR RECEIVED.

(B) AN OBLIGATION TO RETAIN DOCUMENTS, RECORDS, OR INFORMATION IN ACCORDANCE WITH DIVISION (A) OF THIS SECTION DOES NOT EXTEND TO ANY DATA THE SOLE PURPOSE OF WHICH IS TO ENABLE THE RECORD TO BE SENT OR RECEIVED.

(C) NOTHING IN THIS SECTION PRECLUDES ANY STATE AGENCY, IN ACCORDANCE WITH SECTION 1306.35 of the Revised Code, FROM SPECIFYING ADDITIONAL REQUIREMENTS FOR THE RETENTION OF RECORDS THAT ARE SUBJECT TO THE JURISDICTION OF THAT AGENCY.

Sec. 1306.06. AS BETWEEN PARTIES INVOLVED IN GENERATING, SENDING, RECEIVING, STORING, OR OTHERWISE PROCESSING ELECTRONIC RECORDS, THE APPLICABILITY OF SECTIONS 1306.01 TO 1306.38 of the Revised Code MAY BE WAIVED BY AGREEMENT OF THE PARTIES, EXCEPT FOR THE PROHIBITIONS SET FORTH IN SECTION 1306.24 of the Revised Code OR UNLESS THE AGREEMENT INVOLVES THE ATTRIBUTION OF AN ELECTRONIC SIGNATURE IN A CONSUMER TRANSACTION DESCRIBED IN DIVISION (B) OF SECTION 1306.12 of the Revised Code.

Sec. 1306.07. (A) NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL BE CONSTRUED TO DO EITHER OF THE FOLLOWING:

(1) REQUIRE ANY PERSON TO CREATE, STORE, TRANSMIT, ACCEPT, OR OTHERWISE USE OR COMMUNICATE INFORMATION, RECORDS, OR SIGNATURES BY ELECTRONIC MEANS OR IN ELECTRONIC FORM;

(2) PROHIBIT ANY PERSON ENGAGING IN AN ELECTRONIC TRANSACTION FROM ESTABLISHING REASONABLE REQUIREMENTS REGARDING THE MEDIUM ON WHICH IT WILL ACCEPT RECORDS OR THE METHOD AND TYPE OF SYMBOL OR SECURITY PROCEDURE IT WILL ACCEPT AS A SIGNATURE.

(B) NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL BE CONSTRUED TO PREVENT APPLICATION OF ANY OTHER LAW OR RULE ADOPTED PURSUANT TO SECTION 1306.35 of the Revised Code REQUIRING THE APPROVAL OF A STATE AGENCY PRIOR TO THE USE OR RETENTION OF ELECTRONIC RECORDS OR THE USE OF ELECTRONIC SIGNATURES.

Sec. 1306.08. (A) IF, THROUGH THE USE OF A QUALIFIED SECURITY PROCEDURE, IT CAN BE VERIFIED THAT AN ELECTRONIC RECORD HAS NOT BEEN ALTERED SINCE A SPECIFIED POINT IN TIME, SUCH ELECTRONIC RECORD SHALL BE CONSIDERED TO BE A SECURE ELECTRONIC RECORD FROM THAT SPECIFIED POINT IN TIME TO THE TIME OF VERIFICATION, IF THE RELYING PARTY ESTABLISHES THAT THE QUALIFIED SECURITY PROCEDURE WAS ALL OF THE FOLLOWING:

(1) COMMERCIALLY REASONABLE UNDER THE CIRCUMSTANCES IN ACCORDANCE WITH SECTION 1306.10 of the Revised Code;

(2) APPLIED BY THE RELYING PARTY IN A TRUSTWORTHY MANNER;

(3) REASONABLY AND IN GOOD FAITH RELIED UPON BY THE RELYING PARTY.

(B) FOR PURPOSES OF THIS SECTION, A QUALIFIED SECURITY PROCEDURE IS A SECURITY PROCEDURE TO DETECT CHANGES IN THE CONTENT OF AN ELECTRONIC RECORD THAT IS EITHER OF THE FOLLOWING:

(1) PREVIOUSLY AGREED TO BY THE PARTIES;

(2) CERTIFIED BY THE ELECTRONIC COMMERCE COMMISSION IN ACCORDANCE WITH SECTION 1306.13 of the Revised Code AS BEING CAPABLE OF PROVIDING RELIABLE EVIDENCE THAT AN ELECTRONIC RECORD HAS NOT BEEN ALTERED.

Sec. 1306.09. (A) IF, THROUGH THE USE OF A QUALIFIED SECURITY PROCEDURE, IT CAN BE VERIFIED THAT AN ELECTRONIC SIGNATURE IS THE SIGNATURE OF A SPECIFIC PERSON, THE ELECTRONIC SIGNATURE SHALL BE CONSIDERED TO BE A SECURE ELECTRONIC SIGNATURE AT THE TIME OF VERIFICATION, IF THE RELYING PARTY ESTABLISHES THAT THE QUALIFIED SECURITY PROCEDURE WAS ALL OF THE FOLLOWING:

(1) COMMERCIALLY REASONABLE IN ACCORDANCE WITH SECTION 1306.10 of the Revised Code;

(2) APPLIED BY THE RELYING PARTY IN A TRUSTWORTHY MANNER;

(3) REASONABLY AND IN GOOD FAITH RELIED UPON BY THE RELYING PARTY.

(B) FOR PURPOSES OF THIS SECTION, A QUALIFIED SECURITY PROCEDURE IS A SECURITY PROCEDURE FOR IDENTIFYING A PERSON, WHICH PROCEDURE IS EITHER OF THE FOLLOWING:

(1) PREVIOUSLY AGREED TO BY THE PARTIES;

(2) CERTIFIED BY THE ELECTRONIC COMMERCE COMMISSION IN ACCORDANCE WITH SECTION 1306.13 of the Revised Code AS BEING CAPABLE OF CREATING, IN A TRUSTWORTHY MANNER, AN ELECTRONIC SIGNATURE THAT IS ALL OF THE FOLLOWING:

(a) IT IS UNIQUE TO THE SIGNER WITHIN THE CONTEXT IN WHICH IT IS USED.

(b) IT CAN BE USED TO OBJECTIVELY IDENTIFY THE PERSON SIGNING THE ELECTRONIC RECORD.

(c) IT WAS RELIABLY CREATED BY THE IDENTIFIED PERSON, AND IT CANNOT BE READILY DUPLICATED OR COMPROMISED.

(d) IT IS CREATED AND IS LINKED TO THE ELECTRONIC RECORD TO WHICH IT RELATES, IN SUCH A MANNER THAT IF THE RECORD OR THE SIGNATURE IS INTENTIONALLY OR UNINTENTIONALLY CHANGED AFTER SIGNING, THE ELECTRONIC SIGNATURE IS INVALIDATED.

Sec. 1306.10. (A) THE COMMERCIAL REASONABLENESS OF A SECURITY PROCEDURE IS A QUESTION OF LAW TO BE DETERMINED IN LIGHT OF THE PURPOSES OF THE PROCEDURE AND THE COMMERCIAL CIRCUMSTANCES AT THE TIME THE PROCEDURE WAS USED, INCLUDING CONSIDERATION OF ALL OF THE FOLLOWING:

(1) THE NATURE OF THE TRANSACTION;

(2) THE SOPHISTICATION OF THE PARTIES;

(3) THE VOLUME OF SIMILAR TRANSACTIONS ENGAGED IN BY EITHER OR BOTH OF THE PARTIES;

(4) THE AVAILABILITY OF ALTERNATIVES OFFERED TO BUT REJECTED BY EITHER OF THE PARTIES;

(5) THE COST OF ALTERNATIVE PROCEDURES;

(6) THE PROCEDURES USED FOR SIMILAR TYPES OF TRANSACTIONS.

(B) WHETHER RELIANCE ON A SECURITY PROCEDURE WAS REASONABLE AND IN GOOD FAITH IS TO BE DETERMINED IN LIGHT OF ALL THE CIRCUMSTANCES KNOWN TO THE RELYING PARTY AT THE TIME OF THE RELIANCE, HAVING REGARD TO ALL OF THE FOLLOWING:

(1) THE INFORMATION THAT THE RELYING PARTY KNEW OR SHOULD HAVE KNOWN OF AT THE TIME OF RELIANCE THAT WOULD SUGGEST THAT RELIANCE WAS OR WAS NOT REASONABLE;

(2) THE VALUE OR IMPORTANCE OF THE ELECTRONIC RECORD, IF KNOWN;

(3) ANY COURSE OF DEALING BETWEEN THE RELYING PARTY AND THE PURPORTED SENDER AND THE AVAILABLE INDICIA OF RELIABILITY OR UNRELIABILITY APART FROM THE SECURITY PROCEDURE;

(4) ANY USAGE OF TRADE, PARTICULARLY TRADE CONDUCTED BY TRUSTWORTHY SYSTEMS OR OTHER COMPUTER-BASED MEANS;

(5) WHETHER THE VERIFICATION WAS PERFORMED WITH THE ASSISTANCE OF AN INDEPENDENT THIRD PARTY.

Sec. 1306.11. (A) EXCEPT AS OTHERWISE PROVIDED BY ANOTHER APPLICABLE RULE OF LAW, WHENEVER THE CREATION, VALIDITY, OR RELIABILITY OF AN ELECTRONIC SIGNATURE CREATED BY A QUALIFIED SECURITY PROCEDURE UNDER SECTION 1306.08 OR 1306.09 of the Revised Code IS DEPENDENT UPON THE SECRECY OR CONTROL OF A SIGNATURE DEVICE OF THE SIGNER, ALL OF THE FOLLOWING APPLY:

(1) THE PERSON GENERATING OR CREATING THE SIGNATURE DEVICE SHALL DO SO IN A TRUSTWORTHY MANNER.

(2) THE SIGNER AND ALL OTHER PERSONS THAT RIGHTFULLY HAVE ACCESS TO THE SIGNATURE DEVICE SHALL EXERCISE REASONABLE CARE TO RETAIN CONTROL AND MAINTAIN THE SECRECY OF THE SIGNATURE DEVICE, AND TO PROTECT IT FROM ANY UNAUTHORIZED ACCESS, DISCLOSURE, OR USE, DURING THE PERIOD WHEN RELIANCE ON A SIGNATURE CREATED BY THE DEVICE IS REASONABLE.

(3) IN THE EVENT THAT THE SIGNER, OR ANY OTHER PERSON THAT RIGHTFULLY HAS ACCESS TO THE SIGNATURE DEVICE, KNOWS OR HAS REASON TO KNOW THAT THE SECRECY OR CONTROL OF THE SIGNATURE DEVICE HAS BEEN COMPROMISED, THAT PERSON SHALL MAKE A REASONABLE EFFORT TO PROMPTLY NOTIFY ALL PERSONS THAT THE PERSON KNOWS MIGHT FORESEEABLY BE DAMAGED AS A RESULT OF SUCH COMPROMISE OR, WHERE AN APPROPRIATE PUBLICATION MECHANISM IS AVAILABLE, TO PUBLISH NOTICE OF THE COMPROMISE AND A DISAVOWAL OF ANY SIGNATURES CREATED THEREAFTER.

(B) FOR PURPOSES OF DIVISION (A)(3) OF THIS SECTION, IF THE PERSON IS A STATE AGENCY, THE NOTICE DESCRIBED IN THAT DIVISION SHALL BE PUBLISHED IN A NEWSPAPER OF GENERAL CIRCULATION IN THE CITY OF COLUMBUS, OHIO, AND ALSO PUBLISHED ON THE PERSON'S INTERNET HOME PAGE FOR A MINIMUM OF THIRTY CONSECUTIVE DAYS.

Sec. 1306.12. (A) EXCEPT AS PROVIDED BY ANOTHER APPLICABLE RULE OF LAW, A SECURE ELECTRONIC SIGNATURE IS ATTRIBUTABLE TO THE PERSON TO WHOM IT CORRELATES, WHETHER OR NOT AUTHORIZED, IF ALL OF THE FOLLOWING APPLY:

(1) THE ELECTRONIC SIGNATURE RESULTED FROM ACTS OF A PERSON THAT OBTAINED THE SIGNATURE DEVICE OR OTHER INFORMATION NECESSARY TO CREATE THE SIGNATURE FROM A SOURCE UNDER THE CONTROL OF THE ALLEGED SIGNER, CREATING THE APPEARANCE THAT IT CAME FROM THAT PARTY.

(2) THE ACCESS OR USE OCCURRED UNDER CIRCUMSTANCES CONSTITUTING A FAILURE TO EXERCISE REASONABLE CARE BY THE ALLEGED SIGNER.

(3) THE RELYING PARTY RELIED REASONABLY AND IN GOOD FAITH TO ITS DETRIMENT ON THE APPARENT SOURCE OF THE ELECTRONIC RECORD.

(B) THIS SECTION DOES NOT APPLY TO TRANSACTIONS THAT ARE INTENDED PRIMARILY FOR PERSONAL, FAMILY, OR HOUSEHOLD USE, OR THAT OTHERWISE ARE CONSUMER TRANSACTIONS.

Sec. 1306.13. (A) A SECURITY PROCEDURE MAY BE CERTIFIED IN ACCORDANCE WITH DIVISION (C) OF THIS SECTION BY THE ELECTRONIC COMMERCE COMMISSION, AS A QUALIFIED SECURITY PROCEDURE FOR PURPOSES OF SECTION 1306.08 OR 1306.09 of the Revised Code, FOLLOWING AN APPROPRIATE INVESTIGATION OR REVIEW, IF BOTH OF THE FOLLOWING APPLY:

(1) THE SECURITY PROCEDURE, INCLUDING ANY TECHNOLOGY AND ALGORITHMS IT EMPLOYS, IS COMPLETELY OPEN AND FULLY DISCLOSED TO THE PUBLIC, AND HAS BEEN SO FOR A LENGTH OF TIME SUFFICIENT TO FACILITATE A COMPREHENSIVE REVIEW AND EVALUATION OF ITS SUITABILITY FOR THE INTENDED PURPOSE BY THE APPLICABLE INFORMATION SECURITY OR SCIENTIFIC COMMUNITY.

(2) THE SECURITY PROCEDURE, INCLUDING ANY TECHNOLOGY AND ALGORITHMS IT EMPLOYS, HAS BEEN GENERALLY ACCEPTED IN THE APPLICABLE INFORMATION SECURITY OR SCIENTIFIC COMMUNITY AS BEING CAPABLE OF SATISFYING THE REQUIREMENTS OF SECTION 1306.08 OR 1306.09 of the Revised Code, AS APPLICABLE, IN A TRUSTWORTHY MANNER.

(B) IN MAKING THE DETERMINATION DESCRIBED IN DIVISION (A)(2) OF THIS SECTION, THE COMMISSION SHALL CONSIDER THE OPINION OF INDEPENDENT EXPERTS IN THE APPLICABLE FIELD AND THE PUBLISHED FINDINGS OF THE APPLICABLE INFORMATION SECURITY OR SCIENTIFIC COMMUNITY, INCLUDING APPLICABLE STANDARDS ORGANIZATIONS SUCH AS THE AMERICAN NATIONAL STANDARDS INSTITUTE, INTERNATIONAL STANDARDS ORGANIZATION, INTERNATIONAL TELECOMMUNICATIONS UNION, AND NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY.

(C) CERTIFICATION SHALL BE DONE THROUGH THE ADOPTION OF RULES IN ACCORDANCE WITH CHAPTER 119. of the Revised Code AND SHALL SPECIFY A FULL AND COMPLETE IDENTIFICATION OF THE SECURITY PROCEDURE, INCLUDING REQUIREMENTS AS TO HOW IT IS TO BE IMPLEMENTED, IF APPROPRIATE.

(D) THE COMMISSION MAY DECERTIFY A SECURITY PROCEDURE AS A QUALIFIED SECURITY PROCEDURE FOR PURPOSES OF SECTION 1306.08 OR 1309.09 of the Revised Code FOLLOWING AN APPROPRIATE INVESTIGATION OR REVIEW AND THE ADOPTION OF RULES IN ACCORDANCE WITH CHAPTER 119. of the Revised Code, IF SUBSEQUENT DEVELOPMENTS ESTABLISH THAT THE SECURITY PROCEDURE IS NO LONGER SUFFICIENTLY TRUSTWORTHY OR RELIABLE FOR ITS INTENDED PURPOSE OR FOR ANY OTHER REASON NO LONGER MEETS THE REQUIREMENTS FOR CERTIFICATION.

(E) THE COMMISSION HAS EXCLUSIVE AUTHORITY TO CERTIFY SECURITY PROCEDURES UNDER THIS SECTION.

Sec. 1306.15. (A) A DIGITAL SIGNATURE THAT IS CREATED USING AN ASYMMETRIC ALGORITHM CERTIFIED BY THE ELECTRONIC COMMERCE COMMISSION PURSUANT TO DIVISION (B)(2) OF SECTION 1306.08 of the Revised Code SHALL BE CONSIDERED TO BE A QUALIFIED SECURITY PROCEDURE FOR PURPOSES OF DETECTING CHANGES IN THE CONTENT OF AN ELECTRONIC RECORD UNDER THAT SECTION, IF THE DIGITAL SIGNATURE WAS CREATED DURING THE OPERATIONAL PERIOD OF A VALID CERTIFICATE AND IS VERIFIED BY REFERENCE TO THE PUBLIC KEY LISTED IN THE CERTIFICATE.

(B) A DIGITAL SIGNATURE THAT IS CREATED USING AN ASYMMETRIC ALGORITHM CERTIFIED BY THE COMMISSION PURSUANT TO DIVISION (B)(2) OF SECTION 1306.09 of the Revised Code SHALL BE CONSIDERED TO BE A QUALIFIED SECURITY PROCEDURE FOR PURPOSES OF IDENTIFYING A PERSON UNDER THAT SECTION IF BOTH OF THE FOLLOWING APPLY:

(1) THE DIGITAL SIGNATURE MEETS ALL OF THE FOLLOWING:

(a) IT WAS CREATED DURING THE OPERATIONAL PERIOD OF A VALID CERTIFICATE.

(b) IT WAS USED WITHIN THE SCOPE OF ANY OTHER RESTRICTIONS SPECIFIED OR INCORPORATED BY REFERENCE IN THE CERTIFICATE.

(c) IT CAN BE VERIFIED BY REFERENCE TO THE PUBLIC KEY LISTED IN THE CERTIFICATE.

(2) THE CERTIFICATE IS CONSIDERED TRUSTWORTHY AND AN ACCURATE BINDING OF A PUBLIC KEY TO A PERSON'S IDENTITY AS A RESULT OF EITHER OF THE FOLLOWING:

(a) THE CERTIFICATE WAS ISSUED BY A CERTIFICATION AUTHORITY IN ACCORDANCE WITH STANDARDS, PROCEDURES, AND OTHER REQUIREMENTS SPECIFIED BY THE COMMISSION.

(b) A TRIER OF FACT IN A LEGAL PROCEEDING INDEPENDENTLY FINDS THAT THE CERTIFICATE WAS ISSUED IN A TRUSTWORTHY MANNER BY A CERTIFICATION AUTHORITY THAT PROPERLY AUTHENTICATED THE SUBSCRIBER AND THE SUBSCRIBER'S PUBLIC KEY OR OTHERWISE FINDS THAT THE MATERIAL INFORMATION SET FORTH IN THE CERTIFICATE IS TRUE.

(C) FOR PURPOSES OF THIS SECTION, IT IS FORESEEABLE THAT PERSONS RELYING ON A DIGITAL SIGNATURE ALSO WILL RELY ON A VALID CERTIFICATE CONTAINING THE PUBLIC KEY BY WHICH THE DIGITAL SIGNATURE CAN BE VERIFIED, DURING THE OPERATIONAL PERIOD OF THAT CERTIFICATE AND WITHIN ANY LIMITS SPECIFIED IN THAT CERTIFICATE.

Sec. 1306.17. (A) THE ELECTRONIC COMMERCE COMMISSION, IN ACCORDANCE WITH CHAPTER 119. of the Revised Code, MAY ADOPT RULES APPLICABLE TO BOTH THE PUBLIC AND PRIVATE SECTORS FOR THE PURPOSE OF DEFINING UNDER WHAT CIRCUMSTANCES A CERTIFICATE IS CONSIDERED SUFFICIENTLY TRUSTWORTHY UNDER SECTION 1306.15 of the Revised Code SUCH THAT A DIGITAL SIGNATURE VERIFIED BY REFERENCE TO SUCH A CERTIFICATE WILL BE CONSIDERED A QUALIFIED SECURITY PROCEDURE UNDER SECTION 1306.09 of the Revised Code.

(B) THE RULES DESCRIBED IN DIVISION (A) OF THIS SECTION MAY INCLUDE BOTH OF THE FOLLOWING:

(1) RULES ESTABLISHING OR ADOPTING STANDARDS APPLICABLE TO CERTIFICATION AUTHORITIES OR CERTIFICATES, COMPLIANCE WITH WHICH MAY BE MEASURED BY BECOMING CERTIFIED BY THE COMMISSION, BY BECOMING ACCREDITED BY ONE OR MORE INDEPENDENT ACCREDITING ENTITIES RECOGNIZED BY THE COMMISSION, OR BY OTHER APPROPRIATE MEANS;

(2) WHERE APPROPRIATE, RULES ESTABLISHING FEES TO BE CHARGED BY THE COMMISSION TO RECOVER ALL OR A PORTION OF COSTS IN CONNECTION WITH BECOMING CERTIFIED BY THE COMMISSION.

(C) IF THE COMMISSION ADOPTS RULES PURSUANT TO DIVISION (A) OR (B) OF THIS SECTION, THE RULES SHALL DO ALL OF THE FOLLOWING:

(1) PROVIDE MAXIMUM FLEXIBILITY TO THE IMPLEMENTATION OF DIGITAL SIGNATURE TECHNOLOGY AND THE BUSINESS MODELS NECESSARY TO SUPPORT IT;

(2) PROVIDE A CLEAR BASIS FOR THE AUTHORITIES;

(3) TO THE EXTENT REASONABLY POSSIBLE, MAXIMIZE THE OPPORTUNITIES FOR UNIFORMITY WITH THE LAWS OF OTHER JURISDICTIONS WITHIN THE UNITED STATES AND INTERNATIONALLY.

Sec. 1306.18. (A) EXCEPT AS CONSPICUOUSLY SET FORTH IN ITS CERTIFICATION PRACTICE STATEMENT, A CERTIFICATION AUTHORITY, AND A PERSON MAINTAINING A REPOSITORY, SHALL MAINTAIN ITS OPERATIONS AND PERFORM ITS SERVICES IN A TRUSTWORTHY MANNER.

(B) FOR EACH CERTIFICATE ISSUED BY A CERTIFICATION AUTHORITY WITH THE INTENTION THAT IT WILL BE RELIED UPON BY THIRD PARTIES TO VERIFY DIGITAL SIGNATURES CREATED BY SUBSCRIBERS, A CERTIFICATION AUTHORITY SHALL PUBLISH OR OTHERWISE MAKE AVAILABLE TO THE SUBSCRIBER AND ALL SUCH RELYING PARTIES BOTH OF THE FOLLOWING:

(1) ITS CERTIFICATION PRACTICE STATEMENT, IF ANY;

(2) ITS CERTIFICATION AUTHORITY CERTIFICATE THAT IDENTIFIES THE CERTIFICATION AUTHORITY AS A SUBSCRIBER AND THAT CONTAINS THE PUBLIC KEY CORRESPONDING TO THE PRIVATE KEY USED BY THE CERTIFICATION AUTHORITY TO DIGITALLY SIGN THE CERTIFICATE.

(C) IN THE EVENT OF AN OCCURRENCE THAT MATERIALLY AND ADVERSELY AFFECTS A CERTIFICATION AUTHORITY'S OPERATIONS OR SYSTEM, ITS CERTIFICATION AUTHORITY CERTIFICATE, OR ANY OTHER ASPECT OF ITS ABILITY TO OPERATE IN A TRUSTWORTHY MANNER, THE CERTIFICATION AUTHORITY SHALL ACT IN ACCORDANCE WITH PROCEDURES GOVERNING SUCH AN OCCURRENCE SPECIFIED IN ITS CERTIFICATION PRACTICE STATEMENT OR, IN THE ABSENCE OF SUCH PROCEDURES, SHALL USE REASONABLE EFFORTS TO NOTIFY ANY PERSONS THAT THE CERTIFICATION AUTHORITY KNOWS MIGHT FORESEEABLY BE DAMAGED AS A RESULT OF SUCH OCCURRENCE.

Sec. 1306.19. A CERTIFICATION AUTHORITY MAY ISSUE A CERTIFICATE TO A PROSPECTIVE SUBSCRIBER FOR THE PURPOSE OF ALLOWING THIRD PARTIES TO VERIFY DIGITAL SIGNATURES CREATED BY THE SUBSCRIBER ONLY AFTER BOTH OF THE FOLLOWING OCCUR:

(A) THE CERTIFICATION AUTHORITY HAS RECEIVED A REQUEST FOR ISSUANCE FROM THE PROSPECTIVE SUBSCRIBER.

(B) THE CERTIFICATION AUTHORITY HAS DONE EITHER OF THE FOLLOWING:

(1) COMPLIED WITH ALL OF THE RELEVANT PRACTICES AND PROCEDURES SET FORTH IN ITS APPLICABLE CERTIFICATION PRACTICE STATEMENT;

(2) IN THE ABSENCE OF A CERTIFICATION PRACTICE STATEMENT ADDRESSING ISSUES RELATED TO THE ISSUANCE OF A CERTIFICATE, CONFIRMED IN A TRUSTWORTHY MANNER ALL OF THE FOLLOWING:

(a) THE PROSPECTIVE SUBSCRIBER IS THE PERSON TO BE LISTED IN THE CERTIFICATE TO BE ISSUED.

(b) THE INFORMATION IN THE CERTIFICATE TO BE ISSUED IS ACCURATE.

(c) THE PROSPECTIVE SUBSCRIBER RIGHTFULLY HOLDS A PRIVATE KEY CAPABLE OF CREATING A DIGITAL SIGNATURE, AND THE PUBLIC KEY TO BE LISTED IN THE CERTIFICATE CAN BE USED TO VERIFY A DIGITAL SIGNATURE AFFIXED BY THAT PRIVATE KEY.

Sec. 1306.20. (A) BY ISSUING A CERTIFICATE WITH THE INTENTION THAT IT WILL BE RELIED UPON BY THIRD PARTIES TO VERIFY DIGITAL SIGNATURES CREATED BY THE SUBSCRIBER, A CERTIFICATION AUTHORITY REPRESENTS ALL OF THE FOLLOWING TO THE SUBSCRIBER, AND TO ANY PERSON THAT REASONABLY RELIES ON INFORMATION CONTAINED IN THE CERTIFICATE IN GOOD FAITH AND DURING ITS OPERATIONAL PERIOD:

(1) THE CERTIFICATION AUTHORITY HAS PROCESSED, APPROVED, AND ISSUED, AND WILL MANAGE AND REVOKE IF NECESSARY, THE CERTIFICATE IN ACCORDANCE WITH ITS APPLICABLE CERTIFICATION PRACTICE STATEMENT STATED OR INCORPORATED BY REFERENCE IN THE CERTIFICATE OR OF WHICH SUCH PERSON HAS NOTICE OR, IN LIEU THEREOF, IN ACCORDANCE WITH SECTIONS 1306.01 TO 1306.38 of the Revised Code OR THE LAW OF THE JURISDICTION GOVERNING ISSUANCE OF THE CERTIFICATE.

(2) THE CERTIFICATION AUTHORITY HAS VERIFIED THE IDENTITY OF THE SUBSCRIBER TO THE EXTENT STATED IN THE CERTIFICATE OR ITS APPLICABLE CERTIFICATION PRACTICE STATEMENT, OR IN LIEU THEREOF, THE CERTIFICATION AUTHORITY HAS VERIFIED THE IDENTITY OF THE SUBSCRIBER IN A TRUSTWORTHY MANNER.

(3) THE CERTIFICATION AUTHORITY HAS VERIFIED THAT THE PERSON REQUESTING THE CERTIFICATE HOLDS THE PRIVATE KEY CORRESPONDING TO THE PUBLIC KEY LISTED IN THE CERTIFICATE.

(4) EXCEPT AS CONSPICUOUSLY SET FORTH IN THE CERTIFICATE OR ITS APPLICABLE CERTIFICATION PRACTICE STATEMENT, TO THE CERTIFICATION AUTHORITY'S KNOWLEDGE AS OF THE DATE THE CERTIFICATE WAS ISSUED, ALL OTHER INFORMATION IN THE CERTIFICATE IS ACCURATE AND NOT MATERIALLY MISLEADING.

(B) IF A CERTIFICATION AUTHORITY ISSUED THE CERTIFICATE SUBJECT TO THE LAWS OF ANOTHER JURISDICTION, THE CERTIFICATION AUTHORITY ALSO MAKES ALL WARRANTIES AND REPRESENTATIONS OTHERWISE APPLICABLE UNDER THE LAW GOVERNING ITS ISSUANCE.

Sec. 1306.21. (A) DURING THE OPERATIONAL PERIOD OF A CERTIFICATE, THE CERTIFICATION AUTHORITY THAT ISSUED THE CERTIFICATE SHALL REVOKE THE CERTIFICATE IN ACCORDANCE WITH THE POLICIES AND PROCEDURES GOVERNING REVOCATION SPECIFIED IN ITS APPLICABLE CERTIFICATION PRACTICE STATEMENT OR, IN THE ABSENCE OF SUCH POLICIES AND PROCEDURES, AS SOON AS POSSIBLE AFTER ANY OF THE FOLLOWING:

(1) RECEIVING A REQUEST FOR REVOCATION BY THE SUBSCRIBER NAMED IN THE CERTIFICATE, AND CONFIRMING THAT THE PERSON REQUESTING REVOCATION IS THE SUBSCRIBER, OR IS AN AGENT OF THE SUBSCRIBER, OR IS AN AGENT OF THE SUBSCRIBER WITH AUTHORITY TO REQUEST THE REVOCATION;

(2) RECEIVING A CERTIFIED COPY OF AN INDIVIDUAL SUBSCRIBER'S DEATH CERTIFICATE, OR UPON CONFIRMING BY OTHER RELIABLE EVIDENCE THAT THE SUBSCRIBER IS DEAD;

(3) BEING PRESENTED WITH DOCUMENTS EFFECTING A DISSOLUTION OF A CORPORATE SUBSCRIBER, OR CONFIRMATION BY OTHER EVIDENCE THAT THE SUBSCRIBER HAS BEEN DISSOLVED OR HAS CEASED TO EXIST;

(4) BEING SERVED WITH AN ORDER REQUIRING REVOCATION THAT WAS ISSUED BY A COURT OF COMPETENT JURISDICTION;

(5) CONFIRMATION BY THE CERTIFICATION AUTHORITY THAT ANY OF THE FOLLOWING APPLY:

(a) A MATERIAL FACT REPRESENTED IN THE CERTIFICATE IS FALSE.

(b) A MATERIAL PREREQUISITE TO ISSUANCE OF THE CERTIFICATE WAS NOT SATISFIED.

(c) THE CERTIFICATION AUTHORITY'S PRIVATE KEY OR SYSTEM OPERATIONS WERE COMPROMISED IN A MANNER MATERIALLY AFFECTING THE CERTIFICATE'S RELIABILITY.

(d) THE SUBSCRIBER'S PRIVATE KEY WAS COMPROMISED.

(B) UPON EFFECTING A REVOCATION DESCRIBED IN DIVISION (A) OF THIS SECTION, THE CERTIFICATION AUTHORITY SHALL DO ALL OF THE FOLLOWING:

(1) NOTIFY THE SUBSCRIBER AND RELYING PARTIES IN ACCORDANCE WITH THE POLICIES AND PROCEDURES GOVERNING NOTICE OF REVOCATION SPECIFIED IN ITS APPLICABLE CERTIFICATION PRACTICE STATEMENT OR, IN THE ABSENCE OF SUCH POLICIES AND PROCEDURES, PROMPTLY NOTIFY THE SUBSCRIBER;

(2) PROMPTLY PUBLISH NOTICE OF THE REVOCATION IN ALL REPOSITORIES WHERE THE CERTIFICATION AUTHORITY PREVIOUSLY CAUSED PUBLICATION OF THE CERTIFICATE;

(3) OTHERWISE DISCLOSE THE FACT OF REVOCATION ON INQUIRY BY A RELYING PARTY.

Sec. 1306.22. (A) A PERSON ACCEPTS A CERTIFICATE THAT NAMES THAT PERSON AS A SUBSCRIBER BY PUBLISHING OR APPROVING PUBLICATION OF IT TO ONE OR MORE PERSONS OR IN A REPOSITORY, OR BY OTHERWISE DEMONSTRATING APPROVAL OF IT, WHILE KNOWING OR HAVING NOTICE OF ITS CONTENTS.

(B) BY ACCEPTING A CERTIFICATE, THE SUBSCRIBER LISTED IN THE CERTIFICATE REPRESENTS ALL OF THE FOLLOWING TO ANY PERSON THAT REASONABLY RELIES ON INFORMATION CONTAINED IN THE CERTIFICATE IN GOOD FAITH AND DURING ITS OPERATIONAL PERIOD:

(1) THE SUBSCRIBER RIGHTFULLY HOLDS THE PRIVATE KEY CORRESPONDING TO THE PUBLIC KEY LISTED IN THE CERTIFICATE.

(2) ALL REPRESENTATIONS MADE BY THE SUBSCRIBER TO THE CERTIFICATION AUTHORITY AND MATERIAL TO THE INFORMATION LISTED IN THE CERTIFICATE ARE TRUE.

(3) ALL INFORMATION IN THE CERTIFICATE THAT IS WITHIN THE KNOWLEDGE OF THE SUBSCRIBER IS TRUE.

(C) ALL MATERIAL REPRESENTATIONS KNOWINGLY MADE BY A PERSON TO A CERTIFICATION AUTHORITY FOR PURPOSES OF OBTAINING A CERTIFICATE NAMING SUCH PERSON AS A SUBSCRIBER SHALL BE ACCURATE AND COMPLETE TO THE BEST OF SUCH PERSON'S KNOWLEDGE AND BELIEF.

Sec. 1306.23. EXCEPT AS OTHERWISE PROVIDED BY ANOTHER APPLICABLE RULE OF LAW, IF THE PRIVATE KEY CORRESPONDING TO THE PUBLIC KEY LISTED IN A VALID CERTIFICATE IS LOST, STOLEN, ACCESSIBLE TO AN UNAUTHORIZED PERSON, OR OTHERWISE COMPROMISED DURING THE OPERATIONAL PERIOD OF THE CERTIFICATE, A SUBSCRIBER THAT HAS LEARNED OF THE COMPROMISE SHALL DO EITHER OF THE FOLLOWING:

(A) PROMPTLY REQUEST THE ISSUING CERTIFICATION AUTHORITY TO REVOKE THE CERTIFICATE AND PUBLISH NOTICE OF REVOCATION IN ALL REPOSITORIES IN WHICH THE SUBSCRIBER PREVIOUSLY AUTHORIZED THE CERTIFICATE TO BE PUBLISHED;

(B) PROVIDE REASONABLE NOTICE OF THE REVOCATION.

Sec. 1306.24. (A) NO PERSON SHALL KNOWINGLY ACCESS, COPY, OR OTHERWISE OBTAIN POSSESSION OF OR RE-CREATE THE SIGNATURE DEVICE OF ANOTHER PERSON WITHOUT AUTHORIZATION FOR THE PURPOSE OF CREATING, OR ALLOWING OR CAUSING ANOTHER PERSON TO CREATE, AN UNAUTHORIZED ELECTRONIC SIGNATURE USING SUCH SIGNATURE DEVICE.

(B) NO PERSON SHALL KNOWINGLY ALTER, DISCLOSE, OR USE THE SIGNATURE DEVICE OF ANOTHER PERSON WITHOUT AUTHORIZATION, OR IN EXCESS OF LAWFUL AUTHORIZATION, FOR THE PURPOSE OF CREATING, OR ALLOWING OR CAUSING ANOTHER PERSON TO CREATE, AN UNAUTHORIZED ELECTRONIC SIGNATURE USING SUCH SIGNATURE DEVICE.

(C) NO PERSON SHALL KNOWINGLY CREATE, PUBLISH, ALTER, OR OTHERWISE USE A CERTIFICATE ISSUED IN CONNECTION WITH A DIGITAL SIGNATURE FOR ANY FRAUDULENT OR OTHER UNLAWFUL PURPOSE.

(D) NO PERSON SHALL KNOWINGLY MISREPRESENT THE PERSON'S IDENTITY OR AUTHORIZATION IN REQUESTING OR ACCEPTING A CERTIFICATE OR IN REQUESTING SUSPENSION OR REVOCATION OF A CERTIFICATE ISSUED IN CONNECTION WITH A DIGITAL SIGNATURE.

(E) NO PERSON, IN CONNECTION WITH A DIGITAL SIGNATURE, SHALL KNOWINGLY ACCESS, ALTER, DISCLOSE, OR USE THE SIGNATURE DEVICE OF A CERTIFICATION AUTHORITY USED TO ISSUE CERTIFICATES WITHOUT AUTHORIZATION, OR IN EXCESS OF LAWFUL AUTHORIZATION, FOR THE PURPOSE OF CREATING, OR ALLOWING OR CAUSING ANOTHER PERSON TO CREATE, AN UNAUTHORIZED ELECTRONIC SIGNATURE USING SUCH SIGNATURE DEVICE.

(F) NO PERSON SHALL PUBLISH A CERTIFICATE, OR OTHERWISE KNOWINGLY MAKE IT AVAILABLE TO ANYONE LIKELY TO RELY ON THE CERTIFICATE OR ON A DIGITAL SIGNATURE THAT IS VERIFIABLE WITH REFERENCE TO THE PUBLIC KEY LISTED IN THE CERTIFICATE, IF THE PERSON HAS KNOWLEDGE OF ANY OF THE FOLLOWING:

(1) THE CERTIFICATION AUTHORITY LISTED IN THE CERTIFICATE HAS NOT ISSUED IT.

(2) THE SUBSCRIBER LISTED IN THE CERTIFICATE HAS NOT ACCEPTED IT.

(3) THE CERTIFICATE HAS BEEN REVOKED OR SUSPENDED, UNLESS THE PUBLICATION IS FOR THE PURPOSE OF VERIFYING A DIGITAL SIGNATURE CREATED PRIOR TO THE REVOCATION OR SUSPENSION, OR GIVING NOTICE OF REVOCATION OR SUSPENSION.

Sec. 1306.25. (A) IN ANY LEGAL PROCEEDING, NOTHING IN THE RULES OF EVIDENCE SHALL APPLY TO DENY THE ADMISSIBILITY OF AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE INTO EVIDENCE ON THE SOLE GROUND THAT IT IS AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE, OR ON THE GROUNDS THAT IT IS NOT IN ITS ORIGINAL FORM OR IS NOT AN ORIGINAL.

(B)(1) INFORMATION IN THE FORM OF AN ELECTRONIC RECORD SHALL BE GIVEN DUE EVIDENTIARY WEIGHT BY THE TRIER OF FACT.

(2) IN ASSESSING THE EVIDENTIAL WEIGHT OF AN ELECTRONIC RECORD OR ELECTRONIC SIGNATURE WHERE ITS AUTHENTICITY IS IN ISSUE, THE TRIER OF FACT MAY CONSIDER ANY OR ALL OF THE FOLLOWING:

(a) THE MANNER IN WHICH IT WAS GENERATED, STORED, OR COMMUNICATED;

(b) THE RELIABILITY OF THE MANNER IN WHICH ITS INTEGRITY WAS MAINTAINED;

(c) THE MANNER IN WHICH ITS ORIGINATOR WAS IDENTIFIED OR THE ELECTRONIC RECORD WAS SIGNED;

(d) ANY OTHER RELEVANT INFORMATION OR CIRCUMSTANCES.

Sec. 1306.26. ANY PERSON THAT SUFFERS A LOSS DUE TO A VIOLATION OF SECTION 1306.24 OR 2913.35 of the Revised Code MAY BRING A CIVIL ACTION IN A COURT OF COMPETENT JURISDICTION AND, IN ADDITION TO OTHER APPROPRIATE RELIEF, IS ENTITLED TO RECOVER REASONABLE ATTORNEY'S FEES AND OTHER COURT COSTS.

Sec. 1306.28. (A) IN RESOLVING A CIVIL DISPUTE INVOLVING A SECURE ELECTRONIC RECORD, IT SHALL BE REBUTTABLY PRESUMED THAT THE ELECTRONIC RECORD HAS NOT BEEN ALTERED SINCE THE SPECIFIC TIME TO WHICH THE SECURE STATUS RELATES.

(B) IN RESOLVING A CIVIL DISPUTE INVOLVING A SECURE ELECTRONIC SIGNATURE, IT SHALL BE REBUTTABLY PRESUMED THAT THE SECURE ELECTRONIC SIGNATURE IS THE SIGNATURE OF THE PERSON TO WHOM IT CORRELATES.

(C) THE EFFECT OF PRESUMPTIONS PROVIDED IN THIS SECTION IS TO PLACE ON THE PARTY CHALLENGING THE INTEGRITY OF A SECURE ELECTRONIC RECORD OR CHALLENGING THE GENUINENESS OF A SECURE ELECTRONIC SIGNATURE BOTH THE BURDEN OF GOING FORWARD WITH EVIDENCE TO REBUT THE PRESUMPTION AND THE BURDEN OF PERSUADING THE TRIER OF FACT THAT THE NONEXISTENCE OF THE PRESUMED FACT IS MORE PROBABLE THAN ITS EXISTENCE.

(D) IN THE ABSENCE OF A SECURE ELECTRONIC RECORD OR A SECURE ELECTRONIC SIGNATURE, NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL CHANGE EXISTING RULES REGARDING LEGAL OR EVIDENTIARY RULES REGARDING THE BURDEN OF PROVING THE AUTHENTICITY AND INTEGRITY OF AN ELECTRONIC RECORD OR AN ELECTRONIC SIGNATURE.

Sec. 1306.29. (A)(1) EXCEPT AS PROVIDED IN DIVISION (A)(2) OF THIS SECTION, THE ELECTRONIC COMMERCE COMMISSION MAY INVESTIGATE COMPLAINTS FILED WITH THE COMMISSION OR OTHER INFORMATION BROUGHT TO THE ATTENTION OF THE COMMISSION, WHICH COMPLAINTS OR INFORMATION INDICATE A VIOLATION OF SECTIONS 1306.01 TO 1306.38 of the Revised Code OR THE RULES ADOPTED UNDER THOSE SECTIONS.

(2) IF THE DEPARTMENT OF ADMINISTRATIVE SERVICES IS THE SUBJECT OF A COMPLAINT FILED PURSUANT TO DIVISION (A) OF THIS SECTION, THE AUDITOR OF STATE SHALL INVESTIGATE THE COMPLAINT.

(B) UPON REQUEST OF THE COMMISSION, THE ATTORNEY GENERAL, OR COUNTY PROSECUTOR LOCATED IN THE COUNTY IN WHICH THE SUBJECT OF A COMPLAINT INVESTIGATED PURSUANT TO DIVISION (A) OF THIS SECTION RESIDES, MAY COMMENCE AND PROSECUTE ANY APPROPRIATE ACTION OR PROCEEDING AGAINST A PERSON FOR A VIOLATION OF SECTIONS 1306.01 TO 1306.38 of the Revised Code.

Sec. 1306.32. (A) THERE IS HEREBY ESTABLISHED IN THE DEPARTMENT OF ADMINISTRATIVE SERVICES THE ELECTRONIC COMMERCE COMMISSION CONSISTING OF SEVEN MEMBERS.

(B)(1) OF THE SEVEN MEMBERS OF THE COMMISSION, FOUR SHALL BE EX OFFICIO MEMBERS, AS FOLLOWS:

(a) THE DIRECTOR OF ADMINISTRATIVE SERVICES OR THE DIRECTOR'S DESIGNEE;

(b) THE DIRECTOR OF COMMERCE OR THE DIRECTOR'S DESIGNEE;

(c) THE SECRETARY OF STATE OR THE SECRETARY OF STATE'S DESIGNEE;

(d) THE AUDITOR OF STATE OR THE AUDITOR OF STATE'S DESIGNEE.

(2) OF THE OTHER MEMBERS OF THE COMMISSION, THREE SHALL BE APPOINTED BY THE GOVERNOR, AS FOLLOWS:

(a) AN INDIVIDUAL WHO SHALL BE AN ATTORNEY AT LAW LICENSED TO PRACTICE IN THIS STATE AND WHO SHALL HAVE SIGNIFICANT KNOWLEDGE OF INTELLECTUAL PROPERTY LAW OR INTERNET SECURITY LAW, OR BOTH AREAS OF THE LAW;

(b) AN INDIVIDUAL WHO SHALL BE EMPLOYED BY A FOR-PROFIT BUSINESS WITH OFFICES IN THIS STATE, THE PRIMARY BUSINESS OF WHICH IS OTHER THAN PROVIDING INFORMATION SYSTEMS PRODUCTS OR SERVICES, AND WHO SHALL HAVE SIGNIFICANT KNOWLEDGE OF INTERNET SECURITY ISSUES AND EXPERIENCE WITH THE DEVELOPMENT OF INTERNET-BASED ELECTRONIC COMMERCE;

(c) AN INDIVIDUAL WHO SHALL BE EMPLOYED BY A FOR-PROFIT BUSINESS WITH OFFICES IN THIS STATE, THE PRIMARY BUSINESS OF WHICH IS PROVIDING INFORMATION SYSTEMS PRODUCTS OR SERVICES, AND WHO SHALL HAVE SIGNIFICANT KNOWLEDGE OF INTERNET SECURITY ISSUES AND EXPERIENCE WITH THE DEVELOPMENT OF INTERNET-BASED ELECTRONIC COMMERCE.

(C)(1) WITHIN THIRTY DAYS AFTER THE EFFECTIVE DATE OF THIS SECTION, THE GOVERNOR SHALL MAKE INITIAL APPOINTMENTS TO THE COMMISSION OF PERSONS DESCRIBED IN DIVISIONS (B)(2)(a) TO (c) OF THIS SECTION. OF THE INITIAL APPOINTMENTS MADE TO THE COMMISSION, ONE SHALL BE FOR A TERM ENDING ONE YEAR AFTER THE EFFECTIVE DATE OF THIS SECTION, ONE SHALL BE FOR A TERM ENDING TWO YEARS AFTER THE EFFECTIVE DATE OF THIS SECTION, AND ONE SHALL BE FOR A TERM ENDING THREE YEARS AFTER THE EFFECTIVE DATE OF THIS SECTION. THEREAFTER, TERMS OF OFFICE SHALL BE FOR THREE YEARS, WITH EACH TERM ENDING ON THE SAME DAY OF THE SAME MONTH AS DID THE TERM THAT IT SUCCEEDS.

(2) EACH MEMBER APPOINTED PURSUANT TO DIVISIONS (B)(2)(a) TO (c) OF THIS SECTION SHALL HOLD OFFICE FROM THE DATE OF APPOINTMENT UNTIL THE END OF THE TERM FOR WHICH THE MEMBER WAS APPOINTED. ANY MEMBER APPOINTED TO FILL A VACANCY OCCURRING PRIOR TO THE EXPIRATION OF THE TERM FOR WHICH THE MEMBER'S PREDECESSOR WAS APPOINTED SHALL HOLD OFFICE FOR THE REMAINDER OF THAT TERM. ANY MEMBER SHALL CONTINUE IN OFFICE SUBSEQUENT TO THE EXPIRATION DATE OF THE MEMBER'S TERM UNTIL THE MEMBER'S SUCCESSOR TAKES OFFICE, OR UNTIL A PERIOD OF SIXTY DAYS HAS ELAPSED, WHICHEVER OCCURS FIRST.

(3) BEFORE ENTERING UPON THEIR OFFICIAL DUTIES, EACH MEMBER APPOINTED PURSUANT TO DIVISIONS (B)(2)(a) TO (c) OF THIS SECTION SHALL TAKE AN OATH AS PROVIDED BY SECTION 7 OF ARTICLE XV, OHIO CONSTITUTION.

(4) EACH MEMBER APPOINTED TO THE COMMISSION PURSUANT TO DIVISIONS (B)(2)(a) TO (c) OF THIS SECTION SHALL RECEIVE COMPENSATION FOR ACTUAL AND NECESSARY EXPENSES INCURRED IN THE PERFORMANCE OF OFFICIAL DUTIES. THE AMOUNT OF THE EXPENSES SHALL BE CERTIFIED BY THE CHAIRPERSON OF THE COMMISSION AND PAID IN THE SAME MANNER AS THE EXPENSES OF EMPLOYEES OF THE DEPARTMENT OF ADMINISTRATIVE SERVICES ARE PAID.

(D) THE DIRECTOR OF ADMINISTRATIVE SERVICES OR THE DIRECTOR'S DESIGNEE SHALL SERVE AS CHAIRPERSON OF THE COMMISSION.

(E) THE DEPARTMENT OF ADMINISTRATIVE SERVICES SHALL PROVIDE ADMINISTRATIVE SERVICES TO THE COMMISSION AND SHALL ASSIGN EXPERTS REQUIRED BY THE COMMISSION TO ENABLE THE COMMISSION TO CARRY OUT THE COMMISSION'S DUTIES UNDER SECTIONS 1306.13, 1306.17, AND 1306.29 of the Revised Code.

(F) THE COMMISSION MAY ADOPT ITS OWN RULES OF PROCEDURE AND MAY CHANGE THEM AT ITS DISCRETION. THE VOTES OF FOUR OF THE MEMBERS OF THE COMMISSION ARE REQUIRED FOR THE ADOPTION OF ANY RULE OR ANY AMENDMENT OR RESCISSION OF A RULE.

(G) A FULL AND COMPLETE RECORD OF ALL PROCEEDINGS OF THE COMMISSION SHALL BE KEPT OPEN TO PUBLIC INSPECTION AND AUTHENTICATED IN THE MANNER PROVIDED IN SECTION 121.20 of the Revised Code.

Sec. 1306.35. (A) EACH STATE AGENCY SHALL DETERMINE IF, AND THE EXTENT TO WHICH, IT WILL SEND AND RECEIVE ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES TO AND FROM OTHER PERSONS AND OTHERWISE CREATE, USE, STORE, AND RELY UPON ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES.

(B) IN ANY CASE IN WHICH A STATE AGENCY DECIDES TO SEND OR RECEIVE ELECTRONIC RECORDS, OR TO ACCEPT DOCUMENT FILINGS BY ELECTRONIC RECORDS, THE STATE AGENCY, BY RULE AND GIVING DUE CONSIDERATION TO SECURITY, MAY SPECIFY ALL OF THE FOLLOWING:

(1) THE MANNER AND FORMAT IN WHICH SUCH ELECTRONIC RECORDS MUST BE CREATED, SENT, RECEIVED, AND STORED;

(2) IF THE ELECTRONIC RECORDS MUST BE SIGNED, ALL OF THE FOLLOWING:

(a) THE TYPE OF ELECTRONIC SIGNATURE REQUIRED;

(b) THE MANNER AND FORMAT IN WHICH SUCH SIGNATURE MUST BE AFFIXED TO THE ELECTRONIC RECORD;

(c) THE IDENTITY OF, OR CRITERIA THAT MUST BE MET BY, ANY THIRD PARTY USED BY THE PERSON FILING THE DOCUMENT TO FACILITATE THE PROCESS.

(3) CONTROL PROCESSES AND PROCEDURES AS APPROPRIATE TO ENSURE ADEQUATE INTEGRITY, SECURITY, CONFIDENTIALITY, AND AUDITABILITY OF SUCH ELECTRONIC RECORDS;

(4) ANY OTHER REQUIRED ATTRIBUTES FOR ELECTRONIC RECORDS THAT ARE CURRENTLY SPECIFIED FOR CORRESPONDING PAPER DOCUMENTS OR ARE REASONABLY NECESSARY UNDER THE CIRCUMSTANCES.

(C) ALL RULES ADOPTED BY A STATE AGENCY MAY INCLUDE THE RELEVANT MINIMUM SECURITY REQUIREMENTS ESTABLISHED BY THE DEPARTMENT OF ADMINISTRATIVE SERVICES IN ACCORDANCE WITH DIVISION (A) OF SECTION 1306.36 of the Revised Code, IF ANY.

(D) WHENEVER ANY RULE OF LAW REQUIRES OR AUTHORIZES THE FILING OF ANY INFORMATION, NOTICE, LIEN, OR OTHER DOCUMENT OR RECORD WITH ANY STATE AGENCY, A FILING MADE BY AN ELECTRONIC RECORD SHALL HAVE THE SAME FORCE AND EFFECT AS A FILING MADE ON PAPER IN ALL CASES WHERE THE STATE AGENCY HAS AUTHORIZED OR AGREED TO SUCH ELECTRONIC FILING AND THE FILING IS MADE IN ACCORDANCE WITH APPLICABLE RULES OR AGREEMENT.

(E)(1) NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL BE CONSTRUED TO REQUIRE ANY STATE AGENCY TO USE OR PERMIT THE USE OF ELECTRONIC RECORDS OR ELECTRONIC SIGNATURES.

(2) NOTWITHSTANDING DIVISION (C) OF THIS SECTION, ANY STATE AGENCY THAT, PRIOR TO THE EFFECTIVE DATE OF THIS SECTION, USED OR PERMITTED THE USE OF ELECTRONIC RECORDS OR ELECTRONIC SIGNATURES PURSUANT TO LAWS ENACTED OR RULES ADOPTED BEFORE THE EFFECTIVE DATE OF THIS SECTION, MAY USE OR PERMIT THE USE OF ELECTRONIC RECORDS OR ELECTRONIC SIGNATURES PURSUANT TO THOSE PREVIOUSLY ENACTED LAWS OR ADOPTED RULES.

(F) FOR PURPOSES OF THIS SECTION, "STATE AGENCY" DOES NOT INCLUDE THE GENERAL ASSEMBLY OR THE SUPREME COURT.

Sec. 1306.36. (A) THE DEPARTMENT OF ADMINISTRATIVE SERVICES, IN ACCORDANCE WITH CHAPTER 119. of the Revised Code, MAY ADOPT RULES, INCLUDING RULES DESCRIBED IN DIVISION (C) OF THIS SECTION, SETTING FORTH MINIMUM SECURITY REQUIREMENTS FOR THE USE OF ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES BY STATE AGENCIES.

(B) WITH RESPECT TO VERIFYING A DIGITAL SIGNATURE, THE DEPARTMENT MAY ADOPT RULES, PROCEDURES, AND POLICIES WHEREBY STATE AGENCIES MAY ISSUE OR CONTRACT FOR THE ISSUANCE OF CERTIFICATES.

(C) THE DEPARTMENT, BY RULE, MAY SPECIFY APPROPRIATE MINIMUM SECURITY REQUIREMENTS TO BE IMPLEMENTED AND FOLLOWED BY STATE AGENCIES FOR ALL OF THE FOLLOWING:

(1) THE GENERATION, USE, AND STORAGE OF KEY PAIRS;

(2) THE ISSUANCE, ACCEPTANCE, USE, SUSPENSION, AND REVOCATION OF CERTIFICATES;

(3) THE USE OF DIGITAL SIGNATURES.

(D) EACH STATE AGENCY MAY ISSUE, OR CONTRACT FOR THE ISSUANCE OF, CERTIFICATES TO ITS EMPLOYEES AND AGENTS AND PERSONS CONDUCTING BUSINESS OR OTHER TRANSACTIONS WITH THE STATE AGENCY AND MAY TAKE OTHER ACTIONS CONSISTENT THEREWITH, INCLUDING THE ESTABLISHMENT OF REPOSITORIES AND THE SUSPENSION OR REVOCATION OF CERTIFICATES ISSUED, PROVIDED THESE ACTIONS ARE CONDUCTED IN ACCORDANCE WITH ALL RULES, PROCEDURES, AND POLICIES ADOPTED BY THE DEPARTMENT PURSUANT TO THIS SECTION.

(E) THE DEPARTMENT MAY SPECIFY APPROPRIATE MINIMUM STANDARDS AND REQUIREMENTS THAT MUST BE SATISFIED BY A CERTIFICATION AUTHORITY BEFORE EITHER OF THE FOLLOWING OCCURS:

(1) THE SERVICES OF THE CERTIFICATION AUTHORITY ARE USED BY ANY STATE AGENCY FOR THE ISSUANCE, PUBLICATION, REVOCATION, AND SUSPENSION OF CERTIFICATES TO SUCH AGENCY OR ITS EMPLOYEES OR AGENTS.

(2) THE CERTIFICATES ISSUED BY THE CERTIFICATION AUTHORITY WILL BE ACCEPTED FOR PURPOSES OF VERIFYING DIGITALLY SIGNED ELECTRONIC RECORDS SENT TO ANY STATE AGENCY BY ANY PERSON.

(F) WHERE APPROPRIATE, THE RULES ADOPTED BY THE DEPARTMENT PURSUANT TO THIS SECTION SHALL SPECIFY DIFFERING LEVELS OF MINIMUM STANDARDS FROM WHICH IMPLEMENTING STATE AGENCIES SHALL SELECT THE STANDARD MOST APPROPRIATE FOR A PARTICULAR APPLICATION.

(G) THE GENERAL ASSEMBLY AND THE SUPREME COURT ALSO MAY ADOPT RULES PERTAINING TO THE USE OF ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES BY THEIR RESPECTIVE AGENCIES.

(H) FOR PURPOSES OF THIS SECTION, "STATE AGENCY" DOES NOT INCLUDE THE GENERAL ASSEMBLY OR THE SUPREME COURT.

Sec. 1306.37. TO THE EXTENT REASONABLE UNDER THE CIRCUMSTANCES, RULES ADOPTED BY THE DEPARTMENT OF ADMINISTRATIVE SERVICES, THE ELECTRONIC COMMERCE COMMISSION, OR ANY OTHER STATE AGENCY PURSUANT TO SECTION 1306.13, 1306.17, 1306.35, OR 1306.36 OF THE REVISED CODE AND RELATING TO THE USE OF ELECTRONIC RECORDS OR ELECTRONIC SIGNATURES SHALL ENCOURAGE AND PROMOTE CONSISTENCY AND INTEROPERABILITY WITH SIMILAR REQUIREMENTS ADOPTED BY AGENCIES OF OTHER STATES AND THE FEDERAL GOVERNMENT.

Sec. 1306.38. INFORMATION THAT WOULD DISCLOSE OR MAY LEAD TO THE DISCLOSURE OF SECRET OR CONFIDENTIAL INFORMATION, CODES, ALGORITHMS, PROGRAMS, OR PRIVATE KEYS INTENDED TO BE USED TO CREATE ELECTRONIC OR DIGITAL SIGNATURES UNDER SECTIONS 1306.01 TO 1306.38 OF THE REVISED CODE ARE NOT PUBLIC RECORDS FOR PURPOSES OF SECTION 149.43 OF THE REVISED CODE.

Sec. 1306.99. (A) WHOEVER VIOLATES DIVISION (A) OR (D) OF SECTION 1306.24 OF THE REVISED CODE IS GUILTY OF A MISDEMEANOR OF THE FIRST DEGREE.

(B) WHOEVER VIOLATES DIVISION (B) OR (C) OF SECTION 1306.24 OF THE REVISED CODE IS GUILTY OF A FELONY OF THE FOURTH DEGREE.

(C) WHOEVER VIOLATES DIVISION (B) OR (C) OF SECTION 1306.24 OF THE REVISED CODE AND PREVIOUSLY HAS VIOLATED DIVISION (B) OR (C) OF THAT SECTION IS GUILTY OF A FELONY OF THE THIRD DEGREE.

(D) WHOEVER VIOLATES DIVISION (B), (C), OR (D) OF SECTION 1306.24 OF THE REVISED CODE IN FURTHERANCE OF ANY SCHEME OR ARTIFICE TO DEFRAUD IN EXCESS OF FIFTY THOUSAND DOLLARS IS GUILTY OF A FELONY OF THE SECOND DEGREE.

(E) WHOEVER VIOLATES DIVISION (D) OF SECTION 1306.24 OF THE REVISED CODE TEN TIMES IN A TWELVE-MONTH PERIOD OR IN FURTHERANCE OF ANY SCHEME OR ARTIFICE TO DEFRAUD IS GUILTY OF A FELONY OF THE FOURTH DEGREE.

(F) WHOEVER VIOLATES DIVISION (E) OF SECTION 1306.24 OF THE REVISED CODE IS GUILTY OF A FELONY OF THE THIRD DEGREE.

(G) WHOEVER VIOLATES DIVISION (E) OF SECTION 1306.24 OF THE REVISED CODE IN FURTHERANCE OF A SCHEME OR ARTIFICE TO DEFRAUD IS GUILTY OF A FELONY OF THE SECOND DEGREE.

Sec. 2913.31. (A) No person, with purpose to defraud, or knowing that the person is facilitating a fraud, shall do any of the following:

(1) Forge any writing of another without the other person's authority;

(2) Forge any writing so that it purports to be genuine when it actually is spurious, or to be the act of another who did not authorize that act, or to have been executed at a time or place or with terms different from what in fact was the case, or to be a copy of an original when no such original existed;

(3) Utter, or possess with purpose to utter, any writing that the person knows to have been forged.

(B) No person shall knowingly do either of the following:

(1) Forge an identification card;

(2) Sell or otherwise distribute a card that purports to be an identification card, knowing it to have been forged.

As used in this division, "identification card" means a card that includes personal information or characteristics of an individual, a purpose of which is to establish the identity of the bearer described on the card, whether the words "identity," "identification," "identification card," or other similar words appear on the card.

(C) NO PERSON SHALL KNOWINGLY USE A SIGNATURE DEVICE OF ANOTHER PERSON TO CREATE AN ELECTRONIC SIGNATURE OF THAT OTHER PERSON. AS USED IN THIS DIVISION, "SIGNATURE DEVICE" AND "ELECTRONIC SIGNATURE" HAVE THE SAME MEANINGS AS IN SECTION 1306.01 of the Revised Code.

(D)(1)(a) Whoever violates division (A) of this section is guilty of forgery.

(b) Except as otherwise provided in this division or division (C)(D)(1)(c) of this section, forgery is a felony of the fifth degree. If property or services are involved in the offense or the victim suffers a loss, forgery is one of the following:

(i) If the value of the property or services or the loss to the victim is five thousand dollars or more and is less than one hundred thousand dollars, a felony of the fourth degree;

(ii) If the value of the property or services or the loss to the victim is one hundred thousand dollars or more, a felony of the third degree.

(c) If the victim of the offense is an elderly person or disabled adult, division (C)(D)(1)(c) of this section applies to the forgery. Except as otherwise provided in division (C)(D)(1)(c) of this section, forgery is a felony of the fifth degree. If property or services are involved in the offense or if the victim suffers a loss, forgery is one of the following:

(i) If the value of the property or services or the loss to the victim is five hundred dollars or more and is less than five thousand dollars, a felony of the fourth degree;

(ii) If the value of the property or services or the loss to the victim is five thousand dollars or more and is less than twenty-five thousand dollars, a felony of the third degree;

(iii) If the value of the property or services or the loss to the victim is twenty-five thousand dollars or more, a felony of the second degree.

(2) Whoever violates division (B) of this section is guilty of forging identification cards or selling or distributing forged identification cards. Except as otherwise provided in this division, forging identification cards or selling or distributing forged identification cards is a misdemeanor of the first degree. If the offender previously has been convicted of a violation of division (B) of this section, forging identification cards or selling or distributing forged identification cards is a misdemeanor of the first degree and, in addition, the court shall impose upon the offender a fine of not less than two hundred fifty dollars.

(3) WHOEVER VIOLATES DIVISION (C) OF THIS SECTION IS GUILTY OF FORGING AN ELECTRONIC SIGNATURE, A FELONY OF THE THIRD DEGREE.


Section 2. That existing section 2913.31 of the Revised Code is hereby repealed.


Section 3. The Electronic Commerce Commission shall file the original version of the proposed rules pursuant to divisions (B) and (H) of section 119.03 of the Revised Code no later than ninety days after the effective date of this act.


Section 4. Section 1306.32 of the Revised Code is hereby repealed four years after the effective date of this act.
Please send questions and comments to the Webmaster.
© 2024 Legislative Information Systems | Disclaimer