The online versions of legislation provided on this website are not official. Enrolled bills are the final version passed by the Ohio General Assembly and presented to the Governor for signature. The official version of acts signed by the Governor are available from the Secretary of State's Office in the Continental Plaza, 180 East Broad St., Columbus.
|
As Introduced
123rd General Assembly
Regular Session
1999-2000 | H. B. No. 488 |
REPRESENTATIVES TERWILLEGER-AMSTUTZ-HOUSEHOLDER-HARRIS-
GARDNER-TIBERI-CAREY-MOTTLEY-CORBIN-METZGER-HOLLISTER-
VAN VYVEN-WILLAMOWSKI-OLMAN-DePIERO-LUEBBERS-THOMAS-
TRAKAS-GOODMAN-HOOPS-AUSTRIA-DAMSCHRODER-HARTNETT-SYKES-
MAIER-BRADING-PETERSON-MEAD-SCHULER-METELSKY-TAYLOR-JOLIVETTE-
BUEHRER-FLANNERY
A BILL
To amend section 2913.31 and to enact sections 1306.01 to 1306.13,
1306.15, 1306.17 to 1306.26, 1306.28, 1306.29, 1306.32, 1306.35 to 1306.38,
and
1306.99 of the Revised Code to enact the Electronic Records and Signatures Act
by providing for regulation of
electronic signatures, including digital signatures, and electronic records;
creating the Electronic Commerce Commission to regulate security
and enforcement relative to electronic records and electronic
signatures;
providing for
state agency use of electronic records and signatures; and
providing civil remedies and criminal penalties for violations, and to
terminate the Electronic Commerce Commission four years after the effective
date of this act by repealing section 1306.32 of the Revised Code on that
date.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF OHIO:
Section 1. That section 2913.31 be amended and sections 1306.01,
1306.02, 1306.03, 1306.04, 1306.05, 1306.06, 1306.07, 1306.08,
1306.09, 1306.10, 1306.11, 1306.12, 1306.13, 1306.15, 1306.17,
1306.18, 1306.19, 1306.20, 1306.21, 1306.22, 1306.23, 1306.24,
1306.25, 1306.26, 1306.28, 1306.29, 1306.32, 1306.35, 1306.36,
1306.37, 1306.38, and 1306.99 of the Revised Code be enacted to
read as follows:
Sec. 1306.01. AS USED IN SECTIONS 1306.01 TO 1306.38 of the Revised Code:
(A) "ASYMMETRIC CRYPTOSYSTEM" MEANS A COMPUTER-BASED SYSTEM
CAPABLE OF GENERATING AND USING A KEY PAIR CONSISTING OF A PRIVATE KEY FOR
CREATING A DIGITAL SIGNATURE AND A PUBLIC KEY TO VERIFY THE DIGITAL SIGNATURE.
(B) "CERTIFICATE" MEANS A RECORD THAT AT A MINIMUM DOES ALL OF
THE
FOLLOWING:
(1) IT IDENTIFIES THE CERTIFICATION AUTHORITY ISSUING IT.
(2) IT NAMES OR OTHERWISE IDENTIFIES ITS SUBSCRIBER OR A DEVICE OR
ELECTRONIC AGENT UNDER THE CONTROL OF THE SUBSCRIBER.
(3) IT CONTAINS A PUBLIC KEY THAT CORRESPONDS TO A PRIVATE KEY UNDER THE
CONTROL OF THE SUBSCRIBER.
(4) IT SPECIFIES ITS OPERATIONAL PERIOD.
(5) IT IS DIGITALLY SIGNED BY THE CERTIFICATION AUTHORITY ISSUING IT.
(C) "CERTIFICATION AUTHORITY" MEANS A PERSON THAT AUTHORIZES AND
CAUSES THE ISSUANCE OF A CERTIFICATE.
(D) "CERTIFICATION PRACTICE STATEMENT" IS A STATEMENT PUBLISHED
BY A CERTIFICATION AUTHORITY THAT SPECIFIES THE POLICIES OR PRACTICES THAT THE
CERTIFICATION AUTHORITY EMPLOYS IN ISSUING, MANAGING, SUSPENDING, AND REVOKING
CERTIFICATES AND PROVIDING ACCESS TO THEM.
(E) "CORRESPOND," WITH REFERENCE TO KEYS, MEANS TO BELONG TO THE
SAME KEY PAIR.
(F) "DIGITAL SIGNATURE" MEANS A SECURITY PROCEDURE AND A TYPE OF
ELECTRONIC SIGNATURE CREATED BY TRANSFORMING AN ELECTRONIC RECORD USING A
MESSAGE DIGEST FUNCTION AND ENCRYPTING THE RESULTING TRANSFORMATION WITH AN
ASYMMETRIC CRYPTOSYSTEM USING THE SIGNER'S PRIVATE KEY SUCH THAT ANY PERSON
HAVING THE INITIAL UNTRANSFORMED ELECTRONIC RECORD, THE ENCRYPTED
TRANSFORMATION, AND THE SIGNER'S CORRESPONDING PUBLIC KEY CAN ACCURATELY
DETERMINE WHETHER THE TRANSFORMATION WAS CREATED USING THE PRIVATE KEY THAT
CORRESPONDS TO THE SIGNER'S PUBLIC KEY AND WHETHER THE INITIAL ELECTRONIC
RECORD HAS BEEN ALTERED SINCE THE TRANSFORMATION WAS MADE.
(G) "ELECTRONIC" INCLUDES ELECTRICAL, DIGITAL, MAGNETIC, OPTICAL,
ELECTROMAGNETIC, OR ANY OTHER FORM OF TECHNOLOGY THAT ENTAILS CAPABILITIES
SIMILAR TO THESE TECHNOLOGIES.
(H) "ELECTRONIC RECORD" MEANS A RECORD GENERATED, COMMUNICATED,
RECEIVED, OR STORED BY ELECTRONIC MEANS FOR USE IN AN INFORMATION SYSTEM OR
FOR TRANSMISSION FROM ONE INFORMATION SYSTEM TO ANOTHER.
(I) "ELECTRONIC SIGNATURE" MEANS A SIGNATURE IN ELECTRONIC FORM
ATTACHED TO OR LOGICALLY ASSOCIATED WITH AN ELECTRONIC RECORD.
(J) "INFORMATION" INCLUDES DATA, TEXT, IMAGES, SOUND, CODE,
COMPUTER PROGRAMS, SOFTWARE, DATABASES, AND THE LIKE.
(K) "KEY PAIR" MEANS, IN AN ASYMMETRIC CRYPTOSYSTEM, TWO
MATHEMATICALLY RELATED KEYS, REFERRED TO AS A PRIVATE KEY AND A PUBLIC KEY, TO
WHICH BOTH OF THE FOLLOWING APPLY:
(1) THE PRIVATE KEY CAN ENCRYPT A MESSAGE THAT ONLY THE PUBLIC KEY CAN
DECRYPT.
(2) EVEN KNOWING THE PUBLIC KEY, IT IS COMPUTATIONALLY UNFEASIBLE TO
DISCOVER THE PRIVATE KEY.
(L) "MESSAGE DIGEST FUNCTION" MEANS AN ALGORITHM THAT MAPS OR
TRANSLATES THE SEQUENCE OF BITS COMPRISING AN ELECTRONIC RECORD INTO A MESSAGE
DIGEST, WHICH IS GENERALLY A SMALLER SET OF BITS, WITHOUT REQUIRING THE USE OF
ANY SECRET INFORMATION, SUCH THAT AN ELECTRONIC RECORD YIELDS THE SAME MESSAGE
DIGEST EVERY TIME THE ALGORITHM IS EXECUTED USING SUCH RECORD AS INPUT, AND IT
IS COMPUTATIONALLY UNFEASIBLE THAT ANY TWO ELECTRONIC RECORDS CAN BE FOUND OR
DELIBERATELY GENERATED THAT WOULD PRODUCE THE SAME MESSAGE DIGEST USING THE
ALGORITHM UNLESS THE TWO RECORDS ARE PRECISELY IDENTICAL.
(M) "OPERATIONAL PERIOD OF A CERTIFICATE" BEGINS ON THE DATE AND
TIME THE CERTIFICATE IS ISSUED BY A CERTIFICATION AUTHORITY OR ON A LATER DATE
AND TIME CERTAIN IF STATED IN THE CERTIFICATE AND ENDS ON THE DATE AND TIME IT
EXPIRES AS NOTED IN THE CERTIFICATE OR IS EARLIER REVOKED BUT DOES NOT INCLUDE
ANY PERIOD DURING WHICH A CERTIFICATE IS SUSPENDED.
(N) "PERSON" MEANS AN INDIVIDUAL, CORPORATION, BUSINESS TRUST,
ESTATE, TRUST, PARTNERSHIP, LIMITED PARTNERSHIP, LIMITED LIABILITY
PARTNERSHIP, LIMITED LIABILITY COMPANY, ASSOCIATION, JOINT VENTURE,
GOVERNMENT, GOVERNMENTAL SUBDIVISION, AGENCY, OR INSTRUMENTALITY, OR ANY OTHER
LEGAL OR COMMERCIAL ENTITY.
(O) "PRIVATE KEY" MEANS THE KEY OF A KEY PAIR USED TO CREATE A
DIGITAL SIGNATURE.
(P) "PUBLIC KEY" MEANS THE KEY OF A KEY PAIR USED TO VERIFY A
DIGITAL SIGNATURE.
(Q) "RECORD" MEANS INFORMATION THAT IS INSCRIBED, STORED, OR
OTHERWISE FIXED ON A TANGIBLE MEDIUM OR THAT IS STORED IN AN ELECTRONIC OR
OTHER MEDIUM AND IS RETRIEVABLE IN PERCEIVABLE FORM.
(R) "REPOSITORY" MEANS A SYSTEM FOR STORING AND RETRIEVING
CERTIFICATES OR OTHER INFORMATION RELEVANT TO CERTIFICATES, INCLUDING
INFORMATION RELATING TO THE STATUS OF A CERTIFICATE.
(S) "REVOKE A CERTIFICATE" MEANS TO PERMANENTLY END THE
OPERATIONAL PERIOD OF A CERTIFICATE FROM A SPECIFIED TIME FORWARD.
(T) "SECURITY PROCEDURE" MEANS A METHODOLOGY OR PROCEDURE USED
FOR THE PURPOSE OF VERIFYING THAT AN ELECTRONIC RECORD IS THAT OF A SPECIFIC
PERSON OR DETECTING ERROR OR ALTERATION IN THE COMMUNICATION, CONTENT, OR
STORAGE OF AN ELECTRONIC RECORD SINCE A SPECIFIC POINT IN TIME.
A SECURITY PROCEDURE MAY REQUIRE THE USE OF ALGORITHMS OR CODES, IDENTIFYING
WORDS OR NUMBERS, ENCRYPTION, ANSWER BACK OR ACKNOWLEDGMENT PROCEDURES, OR
SIMILAR SECURITY DEVICES.
(U) "SIGNATURE DEVICE" MEANS UNIQUE INFORMATION, SUCH AS CODES,
ALGORITHMS, LETTERS, NUMBERS, PRIVATE KEYS, OR PERSONAL IDENTIFICATION
NUMBERS, OR A UNIQUELY CONFIGURED PHYSICAL DEVICE, THAT IS REQUIRED, ALONE OR
IN CONJUNCTION WITH OTHER INFORMATION OR DEVICES, IN ORDER TO CREATE AN
ELECTRONIC SIGNATURE ATTRIBUTABLE TO A SPECIFIC PERSON.
(V) "SIGNED" OR "SIGNATURE" INCLUDES ANY SYMBOL EXECUTED OR
ADOPTED, OR ANY SECURITY PROCEDURE EMPLOYED OR ADOPTED, USING ELECTRONIC MEANS
OR OTHERWISE, BY OR ON BEHALF OF A PERSON WITH INTENT TO AUTHENTICATE A
RECORD.
(W) "STATE AGENCY" MEANS EVERY ORGANIZED BODY, OFFICE, OR AGENCY
ESTABLISHED BY THE LAWS OF THE STATE FOR THE EXERCISE OF ANY FUNCTION OF STATE
GOVERNMENT.
(X) "SUBSCRIBER" MEANS A PERSON MEETING ALL OF THE FOLLOWING:
(1) THE PERSON IS THE SUBJECT NAMED OR OTHERWISE IDENTIFIED IN A
CERTIFICATE.
(2) THE PERSON CONTROLS A PRIVATE KEY THAT CORRESPONDS TO THE PUBLIC KEY
LISTED IN THAT CERTIFICATE.
(3) THE PERSON IS THE PERSON TO WHOM DIGITALLY SIGNED MESSAGES VERIFIED BY
REFERENCE TO SUCH CERTIFICATE ARE TO BE ATTRIBUTED.
(Y) "SUSPEND A CERTIFICATE" MEANS TO TEMPORARILY SUSPEND THE
OPERATIONAL PERIOD OF A CERTIFICATE FOR A SPECIFIED TIME PERIOD OR FROM A
SPECIFIED TIME FORWARD.
(Z) "TRUSTWORTHY MANNER" MEANS THE USE OF COMPUTER HARDWARE,
SOFTWARE, AND PROCEDURES THAT, IN THE CONTEXT IN WHICH THEY ARE USED, MEET ALL
OF THE FOLLOWING:
(1) THEY CAN BE SHOWN TO BE REASONABLY RESISTANT TO PENETRATION,
COMPROMISE, AND MISUSE.
(2) THEY PROVIDE A REASONABLE LEVEL OF RELIABILITY AND CORRECT OPERATION.
(3) THEY ARE REASONABLY SUITED TO PERFORMING THEIR INTENDED FUNCTIONS OR
SERVING THEIR INTENDED PURPOSES.
(4) THEY COMPLY WITH APPLICABLE AGREEMENTS BETWEEN THE PARTIES, IF ANY.
(5) THEY ADHERE TO GENERALLY ACCEPTED SECURITY PROCEDURES.
(AA) "VALID CERTIFICATE" MEANS A CERTIFICATE THAT A CERTIFICATION
AUTHORITY HAS ISSUED AND THAT THE SUBSCRIBER LISTED IN THE CERTIFICATE HAS
ACCEPTED.
(BB) "VERIFY A DIGITAL SIGNATURE" MEANS TO USE THE PUBLIC KEY
LISTED IN A VALID CERTIFICATE, ALONG WITH THE APPROPRIATE MESSAGE DIGEST
FUNCTION AND ASYMMETRIC CRYPTOSYSTEM, TO EVALUATE A DIGITALLY SIGNED
ELECTRONIC RECORD, SUCH THAT THE RESULT OF THE PROCESS CONCLUDES THAT THE
DIGITAL SIGNATURE WAS CREATED USING THE PRIVATE KEY CORRESPONDING TO THE
PUBLIC KEY LISTED IN THE CERTIFICATE AND THAT THE ELECTRONIC RECORD HAS NOT
BEEN ALTERED SINCE ITS DIGITAL SIGNATURE WAS CREATED.
Sec. 1306.02.
(A) SECTIONS 1306.01 TO 1306.38 OF THE REVISED
CODE MAY BE CITED
AS THE "ELECTRONIC RECORDS AND SIGNATURES ACT."
(B)
SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL BE CONSTRUED
CONSISTENTLY WITH WHAT IS COMMERCIALLY REASONABLE UNDER THE CIRCUMSTANCES AND
TO EFFECTUATE THE FOLLOWING PURPOSES:
(1) TO FACILITATE ELECTRONIC COMMUNICATIONS BY MEANS OF RELIABLE
ELECTRONIC RECORDS;
(2) TO FACILITATE AND PROMOTE ELECTRONIC COMMERCE, BY ELIMINATING
BARRIERS RESULTING FROM UNCERTAINTIES OVER WRITING AND SIGNATURE REQUIREMENTS,
AND PROMOTING THE DEVELOPMENT OF THE LEGAL AND BUSINESS INFRASTRUCTURE
NECESSARY TO IMPLEMENT SECURE ELECTRONIC COMMERCE;
(3) TO FACILITATE ELECTRONIC FILING OF DOCUMENTS WITH STATE
AGENCIES AND LOCAL GOVERNMENTS, AND TO PROMOTE EFFICIENT DELIVERY OF
GOVERNMENT SERVICES BY MEANS OF RELIABLE ELECTRONIC RECORDS;
(4) TO MINIMIZE THE INCIDENCE OF FORGED ELECTRONIC RECORDS,
INTENTIONAL AND UNINTENTIONAL ALTERATION OF RECORDS, AND FRAUD IN ELECTRONIC
COMMERCE;
(5) TO HELP TO ESTABLISH UNIFORMITY OF RULES AND STANDARDS
REGARDING THE AUTHENTICATION AND INTEGRITY OF ELECTRONIC RECORDS;
(6) TO PROMOTE PUBLIC CONFIDENCE IN THE INTEGRITY AND RELIABILITY
OF ELECTRONIC RECORDS AND ELECTRONIC COMMERCE.
Sec. 1306.03. (A) INFORMATION, RECORDS, AND SIGNATURES SHALL NOT
BE DENIED LEGAL EFFECT, VALIDITY, OR ENFORCEABILITY SOLELY ON THE GROUNDS THAT
THEY ARE IN ELECTRONIC FORM.
(B) WHERE A RULE OF LAW REQUIRES INFORMATION TO BE "WRITTEN" OR
"IN WRITING," OR PROVIDES FOR CERTAIN CONSEQUENCES IF IT IS NOT, AN ELECTRONIC
RECORD SATISFIES THAT RULE OF LAW.
(C)(1) WHERE A RULE OF LAW REQUIRES A SIGNATURE, OR PROVIDES FOR
CERTAIN CONSEQUENCES IF A DOCUMENT IS NOT SIGNED, AN ELECTRONIC SIGNATURE
SATISFIES THAT RULE OF LAW.
(2) AN ELECTRONIC SIGNATURE MAY BE PROVED IN ANY MANNER, INCLUDING BY
SHOWING THAT A PROCEDURE EXISTED BY WHICH A PARTY MUST OF NECESSITY HAVE
EXECUTED A SYMBOL OR SECURITY PROCEDURE FOR THE PURPOSE OF VERIFYING THAT AN
ELECTRONIC RECORD IS THAT OF SUCH PARTY IN ORDER TO PROCEED FURTHER WITH A
TRANSACTION.
(D) DIVISIONS (B) AND (C) OF THIS SECTION DO
NOT APPLY:
(1) WHEN THEIR APPLICATION WOULD INVOLVE A CONSTRUCTION OF A RULE OF LAW
THAT IS CLEARLY INCONSISTENT WITH THE LAW OR REPUGNANT TO THE CONTEXT OF THE
SAME RULE OF LAW, PROVIDED THAT THE REQUIREMENT
THAT INFORMATION BE "IN WRITING," "WRITTEN," OR "PRINTED,"
OR THAT THERE BE A "SIGNATURE" OR THAT THE RECORD BE "SIGNED,"
SHALL NOT BY ITSELF BE SUFFICIENT TO ESTABLISH THIS INTENT;
(2) TO ANY RULE OF LAW GOVERNING THE CREATION OR EXECUTION OF A WILL OR
TRUST, LIVING WILL, OR HEALTH CARE POWER OF ATTORNEY;
(3) TO ANY RECORD THAT SERVES AS A UNIQUE AND TRANSFERABLE INSTRUMENT OF
RIGHTS AND OBLIGATIONS, INCLUDING, WITHOUT LIMITATION, NEGOTIABLE INSTRUMENTS
AND OTHER INSTRUMENTS OF TITLE WHEREIN POSSESSION OF THE INSTRUMENT IS DEEMED
TO CONFER TITLE, UNLESS AN ELECTRONIC VERSION OF THE RECORD IS CREATED,
STORED, AND TRANSFERRED IN A MANNER THAT ALLOWS FOR THE EXISTENCE OF ONLY ONE
UNIQUE, IDENTIFIABLE, AND UNALTERABLE ORIGINAL WITH THE FUNCTIONAL ATTRIBUTES
OF AN EQUIVALENT PHYSICAL INSTRUMENT, THAT CAN BE POSSESSED BY ONLY ONE
PERSON, AND THAT CANNOT BE COPIED EXCEPT IN A FORM THAT IS READILY
IDENTIFIABLE AS A COPY.
Sec. 1306.04. (A) WHERE A RULE OF LAW REQUIRES INFORMATION TO BE
PRESENTED OR RETAINED IN ITS ORIGINAL FORM, OR PROVIDES CONSEQUENCES FOR THE
INFORMATION NOT BEING PRESENTED OR RETAINED IN ITS ORIGINAL FORM, THAT RULE OF
LAW IS SATISFIED BY AN ELECTRONIC RECORD IF THERE EXISTS RELIABLE ASSURANCE AS
TO THE INTEGRITY AND RELIABILITY OF THE INFORMATION, DETERMINED IN ACCORDANCE
WITH DIVISION (B) OF THIS SECTION, FROM THE TIME WHEN IT WAS FIRST
GENERATED IN ITS FINAL FORM, AS AN ELECTRONIC RECORD OR OTHERWISE.
(B)(1) THE CRITERION FOR ASSESSING INTEGRITY IS WHETHER
THE INFORMATION HAS REMAINED COMPLETE AND UNALTERED, APART FROM THE ADDITION
OF ANY ENDORSEMENT OR OTHER INFORMATION THAT ARISES IN THE NORMAL COURSE OF
COMMUNICATION, STORAGE, AND DISPLAY.
(2) THE STANDARD OF RELIABILITY REQUIRED TO ENSURE THAT INFORMATION HAS
REMAINED COMPLETE AND UNALTERED IS TO BE ASSESSED IN THE LIGHT OF THE PURPOSE
FOR WHICH THE INFORMATION WAS GENERATED AND IN THE LIGHT OF ALL THE RELEVANT
CIRCUMSTANCES.
(C) THIS SECTION DOES NOT APPLY TO ANY RECORD THAT SERVES AS A
UNIQUE AND TRANSFERABLE INSTRUMENT OF RIGHTS AND OBLIGATIONS, INCLUDING,
WITHOUT LIMITATION, NEGOTIABLE INSTRUMENTS AND OTHER INSTRUMENTS OF TITLE
WHEREIN POSSESSION OF THE INSTRUMENT IS DEEMED TO CONFER TITLE, UNLESS AN
ELECTRONIC VERSION OF THE RECORD IS CREATED, STORED, AND TRANSFERRED IN A
MANNER THAT ALLOWS FOR THE EXISTENCE OF ONLY ONE UNIQUE, IDENTIFIABLE, AND
UNALTERABLE ORIGINAL WITH THE FUNCTIONAL ATTRIBUTES OF AN EQUIVALENT PHYSICAL
INSTRUMENT, THAT CAN BE POSSESSED BY ONLY ONE PERSON, AND THAT
CANNOT BE COPIED EXCEPT IN A FORM THAT IS READILY IDENTIFIABLE AS A COPY.
Sec. 1306.05. (A) WHERE A RULE OF LAW REQUIRES THAT CERTAIN
DOCUMENTS, RECORDS, OR INFORMATION BE RETAINED, THAT REQUIREMENT IS MET BY
RETAINING ELECTRONIC RECORDS OF SUCH INFORMATION IN A TRUSTWORTHY MANNER,
PROVIDED THE FOLLOWING CONDITIONS ARE SATISFIED:
(1) THE ELECTRONIC RECORD AND THE INFORMATION CONTAINED THEREIN ARE
ACCESSIBLE SO AS TO BE USABLE FOR SUBSEQUENT REFERENCE AT ALL TIMES WHEN SUCH
INFORMATION MUST BE RETAINED.
(2) THE INFORMATION IS RETAINED IN THE FORMAT IN WHICH IT WAS ORIGINALLY
GENERATED, SENT, OR RECEIVED OR IN A FORMAT THAT CAN BE DEMONSTRATED TO
REPRESENT ACCURATELY THE INFORMATION ORIGINALLY GENERATED, SENT, OR RECEIVED.
(3) SUCH DATA, IF ANY, IS RETAINED AS ENABLES THE IDENTIFICATION OF THE
ORIGIN AND DESTINATION OF THE INFORMATION, THE AUTHENTICITY AND INTEGRITY OF
THE INFORMATION, AND THE DATE AND TIME WHEN IT WAS SENT OR RECEIVED.
(B) AN OBLIGATION TO RETAIN DOCUMENTS, RECORDS, OR INFORMATION IN
ACCORDANCE WITH DIVISION (A) OF THIS SECTION DOES NOT EXTEND TO ANY
DATA THE SOLE PURPOSE OF WHICH IS TO ENABLE THE RECORD TO BE SENT OR RECEIVED.
(C) NOTHING IN THIS SECTION PRECLUDES ANY STATE AGENCY, IN
ACCORDANCE WITH SECTION 1306.35 of the Revised Code, FROM SPECIFYING ADDITIONAL REQUIREMENTS
FOR THE RETENTION OF RECORDS THAT ARE SUBJECT TO THE JURISDICTION OF THAT
AGENCY.
Sec. 1306.06. AS BETWEEN PARTIES INVOLVED IN GENERATING, SENDING,
RECEIVING, STORING, OR OTHERWISE PROCESSING ELECTRONIC RECORDS, THE
APPLICABILITY OF SECTIONS 1306.01 TO 1306.38 of the Revised Code MAY BE WAIVED BY AGREEMENT
OF THE PARTIES, EXCEPT FOR
THE PROHIBITIONS SET FORTH IN SECTION 1306.24 of the Revised Code
OR UNLESS THE AGREEMENT INVOLVES THE ATTRIBUTION OF AN ELECTRONIC
SIGNATURE IN A CONSUMER TRANSACTION DESCRIBED IN DIVISION
(B) OF SECTION 1306.12 of the Revised Code.
Sec. 1306.07. (A) NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code
SHALL BE CONSTRUED TO DO EITHER OF THE FOLLOWING:
(1) REQUIRE ANY PERSON TO CREATE, STORE, TRANSMIT, ACCEPT, OR OTHERWISE
USE OR COMMUNICATE INFORMATION, RECORDS, OR SIGNATURES BY ELECTRONIC MEANS OR
IN ELECTRONIC FORM;
(2) PROHIBIT ANY PERSON ENGAGING IN AN ELECTRONIC TRANSACTION FROM
ESTABLISHING REASONABLE REQUIREMENTS REGARDING THE MEDIUM ON WHICH IT WILL
ACCEPT RECORDS OR THE METHOD AND TYPE OF SYMBOL OR SECURITY PROCEDURE IT WILL
ACCEPT AS A SIGNATURE.
(B) NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code
SHALL BE CONSTRUED TO PREVENT APPLICATION OF ANY OTHER LAW OR RULE
ADOPTED PURSUANT TO SECTION 1306.35 of the Revised Code
REQUIRING THE APPROVAL OF A STATE AGENCY PRIOR TO THE USE OR
RETENTION OF ELECTRONIC RECORDS OR THE USE OF ELECTRONIC
SIGNATURES.
Sec. 1306.08. (A) IF, THROUGH THE USE OF A QUALIFIED SECURITY
PROCEDURE, IT CAN BE VERIFIED THAT AN ELECTRONIC RECORD HAS NOT BEEN ALTERED
SINCE A SPECIFIED POINT IN TIME, SUCH ELECTRONIC RECORD SHALL BE CONSIDERED TO
BE A SECURE ELECTRONIC RECORD FROM THAT SPECIFIED POINT IN TIME TO THE TIME OF
VERIFICATION, IF THE RELYING PARTY ESTABLISHES THAT THE QUALIFIED SECURITY
PROCEDURE WAS ALL OF THE FOLLOWING:
(1) COMMERCIALLY REASONABLE UNDER THE CIRCUMSTANCES IN ACCORDANCE WITH
SECTION 1306.10 of the Revised Code;
(2) APPLIED BY THE RELYING PARTY IN A TRUSTWORTHY MANNER;
(3) REASONABLY AND IN GOOD FAITH RELIED UPON BY THE RELYING PARTY.
(B) FOR PURPOSES OF THIS SECTION, A QUALIFIED SECURITY PROCEDURE
IS A SECURITY PROCEDURE TO DETECT CHANGES IN THE CONTENT OF AN ELECTRONIC
RECORD THAT IS EITHER OF THE FOLLOWING:
(1) PREVIOUSLY AGREED TO BY THE PARTIES;
(2) CERTIFIED BY THE ELECTRONIC COMMERCE COMMISSION IN ACCORDANCE
WITH SECTION 1306.13
of the Revised Code AS BEING CAPABLE OF PROVIDING RELIABLE EVIDENCE THAT AN ELECTRONIC RECORD
HAS NOT BEEN ALTERED.
Sec. 1306.09. (A) IF, THROUGH THE USE OF A QUALIFIED SECURITY
PROCEDURE, IT CAN BE VERIFIED THAT AN ELECTRONIC SIGNATURE IS THE SIGNATURE OF
A SPECIFIC PERSON, THE ELECTRONIC SIGNATURE SHALL BE CONSIDERED TO BE A SECURE
ELECTRONIC SIGNATURE AT THE TIME OF VERIFICATION, IF THE RELYING PARTY
ESTABLISHES THAT THE QUALIFIED SECURITY PROCEDURE WAS ALL OF THE FOLLOWING:
(1) COMMERCIALLY REASONABLE IN ACCORDANCE WITH SECTION 1306.10 of the Revised Code;
(2) APPLIED BY THE RELYING PARTY IN A TRUSTWORTHY MANNER;
(3) REASONABLY AND IN GOOD FAITH RELIED UPON BY THE RELYING PARTY.
(B) FOR PURPOSES OF THIS SECTION, A QUALIFIED SECURITY PROCEDURE
IS A SECURITY PROCEDURE FOR
IDENTIFYING A PERSON, WHICH PROCEDURE IS EITHER OF THE FOLLOWING:
(1) PREVIOUSLY AGREED TO BY THE PARTIES;
(2) CERTIFIED BY THE ELECTRONIC COMMERCE COMMISSION IN ACCORDANCE
WITH SECTION 1306.13
of the Revised Code AS BEING CAPABLE OF CREATING, IN A TRUSTWORTHY MANNER, AN ELECTRONIC
SIGNATURE THAT IS ALL OF THE FOLLOWING:
(a) IT IS UNIQUE TO THE SIGNER WITHIN THE CONTEXT IN WHICH IT IS
USED.
(b) IT CAN BE USED TO OBJECTIVELY IDENTIFY THE PERSON SIGNING THE
ELECTRONIC RECORD.
(c) IT WAS RELIABLY CREATED BY THE IDENTIFIED PERSON, AND IT
CANNOT BE READILY DUPLICATED OR COMPROMISED.
(d) IT IS CREATED AND IS LINKED TO THE ELECTRONIC RECORD TO WHICH
IT RELATES, IN SUCH A MANNER THAT IF THE RECORD OR THE SIGNATURE IS
INTENTIONALLY OR UNINTENTIONALLY CHANGED AFTER SIGNING, THE ELECTRONIC
SIGNATURE IS INVALIDATED.
Sec. 1306.10. (A) THE COMMERCIAL REASONABLENESS OF A SECURITY
PROCEDURE IS A QUESTION OF LAW TO BE DETERMINED IN LIGHT OF THE PURPOSES OF
THE PROCEDURE AND THE COMMERCIAL CIRCUMSTANCES AT THE TIME THE PROCEDURE WAS
USED, INCLUDING CONSIDERATION OF ALL OF THE FOLLOWING:
(1) THE NATURE OF THE TRANSACTION;
(2) THE SOPHISTICATION OF THE PARTIES;
(3) THE VOLUME OF SIMILAR TRANSACTIONS ENGAGED IN BY EITHER OR BOTH OF THE
PARTIES;
(4) THE AVAILABILITY OF ALTERNATIVES OFFERED TO BUT REJECTED BY EITHER OF
THE PARTIES;
(5) THE COST OF ALTERNATIVE PROCEDURES;
(6) THE PROCEDURES USED FOR SIMILAR TYPES OF TRANSACTIONS.
(B) WHETHER RELIANCE ON A SECURITY PROCEDURE WAS REASONABLE AND
IN GOOD FAITH IS TO BE DETERMINED IN LIGHT OF ALL THE CIRCUMSTANCES KNOWN TO
THE RELYING PARTY AT THE TIME OF THE RELIANCE, HAVING REGARD TO ALL OF THE
FOLLOWING:
(1) THE INFORMATION THAT THE RELYING PARTY KNEW OR SHOULD HAVE KNOWN OF AT
THE TIME OF RELIANCE THAT WOULD SUGGEST THAT RELIANCE WAS OR WAS NOT
REASONABLE;
(2) THE VALUE OR IMPORTANCE OF THE ELECTRONIC RECORD, IF KNOWN;
(3) ANY COURSE OF DEALING BETWEEN THE RELYING PARTY AND THE PURPORTED
SENDER AND THE AVAILABLE INDICIA OF RELIABILITY OR UNRELIABILITY APART FROM
THE SECURITY PROCEDURE;
(4) ANY USAGE OF TRADE, PARTICULARLY TRADE CONDUCTED BY TRUSTWORTHY
SYSTEMS OR OTHER COMPUTER-BASED MEANS;
(5) WHETHER THE VERIFICATION WAS PERFORMED WITH THE ASSISTANCE OF AN
INDEPENDENT THIRD PARTY.
Sec. 1306.11. (A) EXCEPT AS OTHERWISE PROVIDED BY ANOTHER
APPLICABLE RULE OF LAW, WHENEVER THE CREATION, VALIDITY, OR RELIABILITY OF AN
ELECTRONIC SIGNATURE CREATED BY A QUALIFIED SECURITY PROCEDURE UNDER SECTION
1306.08 OR 1306.09 of the Revised Code IS DEPENDENT UPON THE SECRECY OR CONTROL OF A
SIGNATURE DEVICE OF THE SIGNER, ALL OF THE FOLLOWING APPLY:
(1) THE PERSON GENERATING OR CREATING THE SIGNATURE DEVICE SHALL DO SO IN
A TRUSTWORTHY MANNER.
(2) THE SIGNER AND ALL OTHER PERSONS THAT RIGHTFULLY HAVE ACCESS TO THE
SIGNATURE DEVICE SHALL EXERCISE REASONABLE CARE TO RETAIN CONTROL AND MAINTAIN
THE SECRECY OF THE SIGNATURE DEVICE, AND TO PROTECT IT FROM ANY UNAUTHORIZED
ACCESS, DISCLOSURE, OR USE, DURING THE PERIOD WHEN RELIANCE ON A SIGNATURE
CREATED BY THE DEVICE IS REASONABLE.
(3) IN THE EVENT THAT THE SIGNER, OR ANY OTHER PERSON THAT RIGHTFULLY HAS
ACCESS TO THE SIGNATURE DEVICE, KNOWS OR HAS REASON TO KNOW THAT THE SECRECY
OR CONTROL OF THE SIGNATURE DEVICE HAS BEEN COMPROMISED, THAT PERSON SHALL
MAKE A REASONABLE EFFORT TO PROMPTLY NOTIFY ALL PERSONS THAT THE PERSON KNOWS
MIGHT FORESEEABLY BE DAMAGED AS A RESULT OF SUCH COMPROMISE OR, WHERE
AN APPROPRIATE PUBLICATION MECHANISM IS AVAILABLE, TO PUBLISH NOTICE OF THE
COMPROMISE AND A DISAVOWAL OF ANY SIGNATURES CREATED THEREAFTER.
(B) FOR PURPOSES OF DIVISION (A)(3) OF THIS SECTION, IF
THE PERSON IS A STATE AGENCY, THE NOTICE DESCRIBED IN THAT DIVISION
SHALL BE
PUBLISHED IN A NEWSPAPER OF GENERAL CIRCULATION IN THE CITY OF
COLUMBUS, OHIO, AND ALSO PUBLISHED ON THE PERSON'S INTERNET
HOME PAGE FOR A MINIMUM OF THIRTY CONSECUTIVE DAYS.
Sec. 1306.12. (A) EXCEPT AS PROVIDED BY ANOTHER APPLICABLE RULE
OF LAW, A SECURE ELECTRONIC SIGNATURE IS ATTRIBUTABLE TO THE PERSON TO WHOM IT
CORRELATES, WHETHER OR NOT AUTHORIZED, IF ALL OF THE FOLLOWING APPLY:
(1) THE ELECTRONIC SIGNATURE RESULTED FROM ACTS OF A PERSON THAT OBTAINED
THE SIGNATURE DEVICE OR OTHER INFORMATION NECESSARY TO CREATE THE SIGNATURE
FROM A SOURCE UNDER THE CONTROL OF THE ALLEGED SIGNER, CREATING THE APPEARANCE
THAT IT CAME FROM THAT PARTY.
(2) THE ACCESS OR USE OCCURRED UNDER CIRCUMSTANCES CONSTITUTING A FAILURE
TO EXERCISE REASONABLE CARE BY THE ALLEGED SIGNER.
(3) THE RELYING PARTY RELIED REASONABLY AND IN GOOD FAITH TO ITS DETRIMENT
ON THE APPARENT SOURCE OF THE ELECTRONIC RECORD.
(B) THIS SECTION DOES NOT APPLY TO TRANSACTIONS THAT ARE INTENDED
PRIMARILY FOR PERSONAL, FAMILY, OR HOUSEHOLD USE, OR THAT OTHERWISE ARE
CONSUMER TRANSACTIONS.
Sec. 1306.13. (A) A SECURITY PROCEDURE MAY BE CERTIFIED
IN ACCORDANCE WITH DIVISION (C) OF THIS SECTION
BY THE ELECTRONIC COMMERCE COMMISSION, AS A QUALIFIED SECURITY
PROCEDURE FOR PURPOSES OF
SECTION 1306.08 OR 1306.09 of the Revised Code, FOLLOWING AN APPROPRIATE INVESTIGATION OR
REVIEW, IF BOTH OF THE FOLLOWING APPLY:
(1) THE SECURITY PROCEDURE, INCLUDING ANY TECHNOLOGY AND ALGORITHMS IT
EMPLOYS, IS COMPLETELY OPEN AND FULLY DISCLOSED TO THE PUBLIC, AND HAS BEEN SO
FOR A LENGTH OF TIME SUFFICIENT TO FACILITATE A COMPREHENSIVE REVIEW AND
EVALUATION OF ITS SUITABILITY FOR THE INTENDED PURPOSE BY THE APPLICABLE
INFORMATION SECURITY OR SCIENTIFIC COMMUNITY.
(2) THE SECURITY PROCEDURE, INCLUDING ANY TECHNOLOGY AND ALGORITHMS IT
EMPLOYS, HAS BEEN GENERALLY ACCEPTED IN THE APPLICABLE INFORMATION SECURITY OR
SCIENTIFIC COMMUNITY AS BEING CAPABLE OF SATISFYING THE REQUIREMENTS OF
SECTION 1306.08 OR 1306.09 of the Revised Code, AS APPLICABLE, IN A TRUSTWORTHY MANNER.
(B) IN MAKING THE DETERMINATION
DESCRIBED IN DIVISION (A)(2) OF THIS SECTION,
THE COMMISSION SHALL CONSIDER THE OPINION OF INDEPENDENT EXPERTS IN
THE APPLICABLE FIELD AND THE PUBLISHED FINDINGS OF THE APPLICABLE INFORMATION
SECURITY OR SCIENTIFIC COMMUNITY, INCLUDING APPLICABLE STANDARDS ORGANIZATIONS
SUCH AS THE AMERICAN NATIONAL STANDARDS INSTITUTE, INTERNATIONAL
STANDARDS ORGANIZATION, INTERNATIONAL TELECOMMUNICATIONS UNION, AND NATIONAL
INSTITUTE OF STANDARDS AND TECHNOLOGY.
(C) CERTIFICATION SHALL BE DONE THROUGH THE ADOPTION OF RULES IN
ACCORDANCE WITH CHAPTER 119. of the Revised Code AND SHALL SPECIFY A FULL AND
COMPLETE IDENTIFICATION OF THE SECURITY PROCEDURE, INCLUDING REQUIREMENTS AS
TO HOW IT IS TO BE IMPLEMENTED, IF APPROPRIATE.
(D) THE COMMISSION MAY DECERTIFY A SECURITY PROCEDURE AS
A QUALIFIED SECURITY PROCEDURE FOR PURPOSES OF SECTION 1306.08 OR 1309.09 of the Revised Code
FOLLOWING AN APPROPRIATE INVESTIGATION OR REVIEW AND THE ADOPTION OF RULES IN
ACCORDANCE WITH CHAPTER 119. of the Revised Code, IF SUBSEQUENT DEVELOPMENTS
ESTABLISH THAT THE SECURITY PROCEDURE IS NO LONGER SUFFICIENTLY TRUSTWORTHY OR
RELIABLE FOR ITS INTENDED PURPOSE OR FOR ANY OTHER REASON NO LONGER MEETS THE
REQUIREMENTS FOR CERTIFICATION.
(E) THE COMMISSION HAS EXCLUSIVE AUTHORITY TO CERTIFY
SECURITY PROCEDURES UNDER THIS SECTION.
Sec. 1306.15. (A) A DIGITAL SIGNATURE THAT IS CREATED USING AN
ASYMMETRIC ALGORITHM CERTIFIED BY THE ELECTRONIC COMMERCE COMMISSION
PURSUANT TO
DIVISION
(B)(2) OF SECTION 1306.08 of the Revised Code SHALL BE CONSIDERED TO BE A QUALIFIED
SECURITY PROCEDURE FOR PURPOSES OF DETECTING CHANGES IN THE CONTENT OF AN
ELECTRONIC RECORD UNDER THAT SECTION, IF THE DIGITAL SIGNATURE WAS CREATED
DURING THE OPERATIONAL PERIOD OF A VALID CERTIFICATE AND IS VERIFIED BY
REFERENCE TO THE PUBLIC KEY LISTED IN THE CERTIFICATE.
(B) A DIGITAL SIGNATURE THAT IS CREATED USING AN ASYMMETRIC
ALGORITHM CERTIFIED BY THE COMMISSION
PURSUANT TO DIVISION (B)(2) OF SECTION 1306.09 of the Revised Code SHALL
BE CONSIDERED TO BE A QUALIFIED SECURITY PROCEDURE FOR PURPOSES OF IDENTIFYING
A PERSON UNDER THAT SECTION IF BOTH OF THE FOLLOWING APPLY:
(1) THE DIGITAL SIGNATURE MEETS ALL OF THE FOLLOWING:
(a) IT WAS CREATED DURING THE OPERATIONAL PERIOD OF A VALID
CERTIFICATE.
(b) IT WAS USED WITHIN THE SCOPE OF ANY OTHER RESTRICTIONS
SPECIFIED OR INCORPORATED BY REFERENCE IN THE CERTIFICATE.
(c) IT CAN BE VERIFIED BY REFERENCE TO THE PUBLIC KEY LISTED IN
THE CERTIFICATE.
(2) THE CERTIFICATE IS CONSIDERED TRUSTWORTHY AND AN ACCURATE BINDING OF A
PUBLIC KEY TO A PERSON'S IDENTITY AS A RESULT OF EITHER OF THE FOLLOWING:
(a) THE CERTIFICATE WAS ISSUED BY A CERTIFICATION AUTHORITY IN
ACCORDANCE WITH STANDARDS, PROCEDURES, AND OTHER REQUIREMENTS SPECIFIED BY THE
COMMISSION.
(b) A TRIER OF FACT IN A LEGAL PROCEEDING INDEPENDENTLY FINDS
THAT THE CERTIFICATE
WAS ISSUED IN A TRUSTWORTHY MANNER BY A CERTIFICATION AUTHORITY THAT PROPERLY
AUTHENTICATED THE SUBSCRIBER AND THE SUBSCRIBER'S PUBLIC KEY OR OTHERWISE
FINDS THAT THE MATERIAL INFORMATION SET FORTH IN THE CERTIFICATE IS TRUE.
(C) FOR PURPOSES OF THIS SECTION, IT IS FORESEEABLE THAT PERSONS
RELYING ON A DIGITAL SIGNATURE ALSO WILL RELY ON A VALID CERTIFICATE
CONTAINING THE PUBLIC KEY BY WHICH THE DIGITAL SIGNATURE CAN BE VERIFIED,
DURING THE OPERATIONAL PERIOD OF THAT CERTIFICATE AND WITHIN ANY LIMITS
SPECIFIED IN THAT CERTIFICATE.
Sec. 1306.17. (A) THE ELECTRONIC COMMERCE COMMISSION,
IN ACCORDANCE WITH CHAPTER 119. of the Revised Code, MAY
ADOPT
RULES
APPLICABLE TO BOTH THE PUBLIC AND PRIVATE SECTORS FOR THE PURPOSE OF DEFINING
UNDER WHAT CIRCUMSTANCES A CERTIFICATE IS CONSIDERED SUFFICIENTLY TRUSTWORTHY
UNDER SECTION 1306.15 of the Revised Code SUCH THAT A DIGITAL SIGNATURE VERIFIED BY REFERENCE
TO
SUCH A CERTIFICATE WILL BE CONSIDERED A QUALIFIED SECURITY PROCEDURE UNDER
SECTION 1306.09 of the Revised Code.
(B) THE RULES DESCRIBED IN DIVISION (A) OF THIS SECTION
MAY INCLUDE BOTH OF THE FOLLOWING:
(1) RULES ESTABLISHING OR ADOPTING STANDARDS APPLICABLE TO CERTIFICATION
AUTHORITIES OR CERTIFICATES, COMPLIANCE WITH WHICH MAY BE MEASURED BY BECOMING
CERTIFIED BY THE COMMISSION, BY BECOMING ACCREDITED BY ONE OR MORE
INDEPENDENT ACCREDITING ENTITIES RECOGNIZED BY THE COMMISSION, OR BY
OTHER APPROPRIATE MEANS;
(2) WHERE APPROPRIATE, RULES ESTABLISHING FEES TO BE CHARGED BY THE
COMMISSION TO RECOVER ALL OR A PORTION OF COSTS IN CONNECTION WITH
BECOMING CERTIFIED BY THE COMMISSION.
(C) IF THE COMMISSION ADOPTS RULES PURSUANT TO DIVISION
(A) OR (B) OF THIS SECTION, THE RULES
SHALL DO ALL OF THE FOLLOWING:
(1) PROVIDE MAXIMUM FLEXIBILITY TO THE IMPLEMENTATION OF DIGITAL SIGNATURE
TECHNOLOGY AND THE BUSINESS MODELS NECESSARY TO SUPPORT IT;
(2) PROVIDE A CLEAR BASIS FOR THE AUTHORITIES;
(3) TO THE EXTENT REASONABLY POSSIBLE, MAXIMIZE THE OPPORTUNITIES FOR
UNIFORMITY WITH THE LAWS OF OTHER JURISDICTIONS WITHIN THE UNITED
STATES AND INTERNATIONALLY.
Sec. 1306.18. (A) EXCEPT AS CONSPICUOUSLY SET FORTH IN ITS
CERTIFICATION PRACTICE STATEMENT, A CERTIFICATION AUTHORITY, AND A PERSON
MAINTAINING A REPOSITORY, SHALL MAINTAIN ITS OPERATIONS AND PERFORM ITS
SERVICES IN A TRUSTWORTHY MANNER.
(B) FOR EACH CERTIFICATE ISSUED BY A CERTIFICATION AUTHORITY WITH
THE INTENTION THAT IT WILL BE RELIED UPON BY THIRD PARTIES TO VERIFY DIGITAL
SIGNATURES CREATED BY SUBSCRIBERS, A CERTIFICATION AUTHORITY SHALL PUBLISH OR
OTHERWISE MAKE AVAILABLE TO THE SUBSCRIBER AND ALL SUCH RELYING PARTIES BOTH
OF THE FOLLOWING:
(1) ITS CERTIFICATION PRACTICE STATEMENT, IF ANY;
(2) ITS CERTIFICATION AUTHORITY CERTIFICATE THAT IDENTIFIES THE
CERTIFICATION AUTHORITY AS A SUBSCRIBER AND THAT CONTAINS THE PUBLIC KEY
CORRESPONDING TO THE PRIVATE KEY USED BY THE CERTIFICATION AUTHORITY TO
DIGITALLY SIGN THE CERTIFICATE.
(C) IN THE EVENT OF AN OCCURRENCE THAT MATERIALLY AND ADVERSELY
AFFECTS A CERTIFICATION AUTHORITY'S OPERATIONS OR SYSTEM, ITS CERTIFICATION
AUTHORITY CERTIFICATE, OR ANY OTHER ASPECT OF ITS ABILITY TO OPERATE IN A
TRUSTWORTHY MANNER, THE CERTIFICATION AUTHORITY SHALL ACT IN
ACCORDANCE WITH PROCEDURES GOVERNING SUCH AN OCCURRENCE SPECIFIED IN ITS
CERTIFICATION PRACTICE STATEMENT OR, IN THE ABSENCE OF SUCH PROCEDURES, SHALL
USE REASONABLE EFFORTS TO NOTIFY ANY PERSONS THAT THE CERTIFICATION AUTHORITY
KNOWS MIGHT FORESEEABLY BE DAMAGED AS A RESULT OF SUCH OCCURRENCE.
Sec. 1306.19. A CERTIFICATION AUTHORITY MAY ISSUE A CERTIFICATE TO A
PROSPECTIVE SUBSCRIBER FOR THE PURPOSE OF ALLOWING THIRD PARTIES TO VERIFY
DIGITAL SIGNATURES CREATED BY THE SUBSCRIBER ONLY AFTER BOTH OF THE FOLLOWING
OCCUR:
(A) THE CERTIFICATION AUTHORITY HAS RECEIVED A REQUEST FOR
ISSUANCE FROM THE PROSPECTIVE SUBSCRIBER.
(B) THE CERTIFICATION AUTHORITY HAS DONE EITHER OF THE FOLLOWING:
(1) COMPLIED WITH ALL OF THE RELEVANT PRACTICES AND PROCEDURES SET FORTH
IN ITS APPLICABLE CERTIFICATION PRACTICE STATEMENT;
(2) IN THE ABSENCE OF A CERTIFICATION PRACTICE STATEMENT ADDRESSING ISSUES
RELATED TO THE ISSUANCE OF A CERTIFICATE, CONFIRMED IN A TRUSTWORTHY MANNER
ALL OF THE FOLLOWING:
(a) THE PROSPECTIVE SUBSCRIBER IS THE PERSON TO BE LISTED IN THE
CERTIFICATE TO BE ISSUED.
(b) THE INFORMATION IN THE CERTIFICATE TO BE ISSUED IS ACCURATE.
(c) THE PROSPECTIVE SUBSCRIBER RIGHTFULLY HOLDS A PRIVATE KEY
CAPABLE OF CREATING A DIGITAL SIGNATURE, AND THE PUBLIC KEY TO BE LISTED IN
THE CERTIFICATE CAN BE USED TO VERIFY A DIGITAL SIGNATURE AFFIXED BY THAT
PRIVATE KEY.
Sec. 1306.20. (A) BY ISSUING A CERTIFICATE WITH THE INTENTION
THAT IT WILL BE RELIED UPON BY THIRD PARTIES TO VERIFY DIGITAL SIGNATURES
CREATED BY THE SUBSCRIBER, A CERTIFICATION AUTHORITY REPRESENTS ALL OF THE
FOLLOWING TO THE SUBSCRIBER, AND TO ANY PERSON THAT REASONABLY RELIES ON
INFORMATION CONTAINED IN THE CERTIFICATE IN GOOD FAITH AND DURING ITS
OPERATIONAL PERIOD:
(1) THE CERTIFICATION AUTHORITY HAS PROCESSED, APPROVED, AND ISSUED, AND
WILL MANAGE AND REVOKE IF NECESSARY, THE CERTIFICATE IN ACCORDANCE WITH ITS
APPLICABLE CERTIFICATION PRACTICE STATEMENT STATED OR INCORPORATED BY
REFERENCE IN THE CERTIFICATE OR OF WHICH SUCH PERSON HAS NOTICE OR, IN LIEU
THEREOF, IN ACCORDANCE WITH SECTIONS 1306.01 TO 1306.38 of the Revised Code OR THE LAW OF THE
JURISDICTION GOVERNING ISSUANCE OF THE CERTIFICATE.
(2) THE CERTIFICATION AUTHORITY HAS VERIFIED THE IDENTITY OF THE
SUBSCRIBER TO THE EXTENT STATED IN THE CERTIFICATE OR ITS APPLICABLE
CERTIFICATION PRACTICE STATEMENT, OR IN LIEU THEREOF, THE CERTIFICATION
AUTHORITY HAS VERIFIED THE IDENTITY OF THE SUBSCRIBER IN A TRUSTWORTHY MANNER.
(3) THE CERTIFICATION AUTHORITY HAS VERIFIED THAT THE PERSON
REQUESTING THE CERTIFICATE HOLDS THE PRIVATE KEY CORRESPONDING TO THE PUBLIC
KEY LISTED IN THE CERTIFICATE.
(4) EXCEPT AS CONSPICUOUSLY SET FORTH IN THE CERTIFICATE OR ITS APPLICABLE
CERTIFICATION PRACTICE STATEMENT, TO THE CERTIFICATION AUTHORITY'S KNOWLEDGE
AS OF THE DATE THE CERTIFICATE WAS ISSUED, ALL OTHER INFORMATION IN THE
CERTIFICATE IS ACCURATE AND NOT MATERIALLY MISLEADING.
(B) IF A CERTIFICATION AUTHORITY ISSUED THE CERTIFICATE SUBJECT
TO THE LAWS OF ANOTHER JURISDICTION, THE CERTIFICATION AUTHORITY ALSO MAKES
ALL WARRANTIES AND REPRESENTATIONS OTHERWISE APPLICABLE UNDER THE LAW
GOVERNING ITS ISSUANCE.
Sec. 1306.21. (A) DURING THE OPERATIONAL PERIOD OF A
CERTIFICATE, THE CERTIFICATION AUTHORITY THAT ISSUED THE CERTIFICATE SHALL
REVOKE THE CERTIFICATE IN ACCORDANCE WITH THE POLICIES AND PROCEDURES
GOVERNING REVOCATION SPECIFIED IN ITS APPLICABLE CERTIFICATION PRACTICE
STATEMENT OR, IN THE ABSENCE OF SUCH POLICIES AND PROCEDURES, AS SOON AS
POSSIBLE AFTER ANY OF THE FOLLOWING:
(1) RECEIVING A REQUEST FOR REVOCATION BY THE SUBSCRIBER NAMED IN THE
CERTIFICATE, AND CONFIRMING THAT THE PERSON REQUESTING REVOCATION IS THE
SUBSCRIBER, OR IS AN AGENT OF THE SUBSCRIBER, OR IS AN AGENT OF THE SUBSCRIBER
WITH AUTHORITY TO REQUEST THE REVOCATION;
(2) RECEIVING A CERTIFIED COPY OF AN INDIVIDUAL SUBSCRIBER'S DEATH
CERTIFICATE, OR UPON CONFIRMING BY OTHER RELIABLE EVIDENCE THAT THE SUBSCRIBER
IS DEAD;
(3) BEING PRESENTED WITH DOCUMENTS EFFECTING A DISSOLUTION OF A CORPORATE
SUBSCRIBER, OR CONFIRMATION BY OTHER EVIDENCE THAT THE SUBSCRIBER HAS BEEN
DISSOLVED OR HAS CEASED TO EXIST;
(4) BEING SERVED WITH AN ORDER REQUIRING REVOCATION THAT WAS ISSUED BY A
COURT OF COMPETENT JURISDICTION;
(5) CONFIRMATION BY THE CERTIFICATION AUTHORITY THAT ANY OF THE FOLLOWING
APPLY:
(a) A MATERIAL FACT REPRESENTED IN THE CERTIFICATE IS FALSE.
(b) A MATERIAL PREREQUISITE TO ISSUANCE OF THE CERTIFICATE WAS
NOT SATISFIED.
(c) THE CERTIFICATION AUTHORITY'S PRIVATE KEY OR SYSTEM
OPERATIONS WERE COMPROMISED IN A MANNER MATERIALLY AFFECTING THE CERTIFICATE'S
RELIABILITY.
(d) THE SUBSCRIBER'S PRIVATE KEY WAS COMPROMISED.
(B) UPON EFFECTING A REVOCATION DESCRIBED IN DIVISION
(A) OF THIS SECTION, THE CERTIFICATION AUTHORITY SHALL DO ALL OF THE
FOLLOWING:
(1) NOTIFY THE SUBSCRIBER AND RELYING PARTIES IN ACCORDANCE WITH THE
POLICIES AND PROCEDURES GOVERNING NOTICE OF REVOCATION SPECIFIED IN ITS
APPLICABLE CERTIFICATION PRACTICE STATEMENT OR, IN THE ABSENCE OF SUCH
POLICIES AND PROCEDURES, PROMPTLY NOTIFY THE SUBSCRIBER;
(2) PROMPTLY PUBLISH NOTICE OF THE REVOCATION IN ALL REPOSITORIES WHERE
THE CERTIFICATION AUTHORITY PREVIOUSLY CAUSED PUBLICATION OF THE CERTIFICATE;
(3) OTHERWISE DISCLOSE THE FACT OF REVOCATION ON INQUIRY BY A RELYING
PARTY.
Sec. 1306.22. (A) A PERSON ACCEPTS A CERTIFICATE THAT NAMES THAT
PERSON AS A SUBSCRIBER BY PUBLISHING OR APPROVING PUBLICATION OF IT TO ONE OR
MORE PERSONS OR IN A REPOSITORY, OR BY OTHERWISE DEMONSTRATING APPROVAL OF
IT, WHILE KNOWING OR HAVING NOTICE OF ITS CONTENTS.
(B) BY ACCEPTING A CERTIFICATE, THE SUBSCRIBER LISTED IN THE
CERTIFICATE REPRESENTS ALL OF THE FOLLOWING TO ANY PERSON THAT REASONABLY
RELIES ON INFORMATION CONTAINED IN THE CERTIFICATE IN GOOD FAITH AND DURING
ITS OPERATIONAL PERIOD:
(1) THE SUBSCRIBER RIGHTFULLY HOLDS THE PRIVATE KEY CORRESPONDING TO THE
PUBLIC KEY LISTED IN THE CERTIFICATE.
(2) ALL REPRESENTATIONS MADE BY THE SUBSCRIBER TO THE CERTIFICATION
AUTHORITY AND MATERIAL TO THE INFORMATION LISTED IN THE CERTIFICATE ARE TRUE.
(3) ALL INFORMATION IN THE CERTIFICATE THAT IS WITHIN THE KNOWLEDGE OF THE
SUBSCRIBER IS TRUE.
(C) ALL MATERIAL REPRESENTATIONS KNOWINGLY MADE BY A PERSON TO A
CERTIFICATION AUTHORITY FOR PURPOSES OF OBTAINING A CERTIFICATE NAMING SUCH
PERSON AS A SUBSCRIBER SHALL BE ACCURATE AND COMPLETE TO THE BEST OF SUCH
PERSON'S KNOWLEDGE AND BELIEF.
Sec. 1306.23. EXCEPT AS OTHERWISE PROVIDED BY ANOTHER APPLICABLE RULE OF
LAW, IF THE PRIVATE KEY CORRESPONDING TO THE PUBLIC KEY LISTED IN A VALID
CERTIFICATE IS LOST, STOLEN, ACCESSIBLE TO AN UNAUTHORIZED PERSON, OR
OTHERWISE
COMPROMISED DURING THE OPERATIONAL PERIOD OF THE CERTIFICATE, A SUBSCRIBER
THAT
HAS LEARNED OF THE COMPROMISE SHALL DO EITHER OF THE FOLLOWING:
(A) PROMPTLY REQUEST THE ISSUING CERTIFICATION AUTHORITY TO
REVOKE
THE CERTIFICATE AND PUBLISH NOTICE OF REVOCATION IN ALL REPOSITORIES IN WHICH
THE SUBSCRIBER PREVIOUSLY AUTHORIZED THE CERTIFICATE TO BE PUBLISHED;
(B) PROVIDE
REASONABLE NOTICE OF THE REVOCATION.
Sec. 1306.24. (A) NO PERSON SHALL KNOWINGLY ACCESS, COPY, OR
OTHERWISE OBTAIN POSSESSION OF OR RE-CREATE THE SIGNATURE DEVICE OF ANOTHER
PERSON WITHOUT AUTHORIZATION FOR THE PURPOSE OF CREATING, OR ALLOWING OR
CAUSING ANOTHER PERSON TO CREATE, AN UNAUTHORIZED ELECTRONIC SIGNATURE USING
SUCH SIGNATURE DEVICE.
(B) NO PERSON SHALL KNOWINGLY ALTER, DISCLOSE, OR USE THE
SIGNATURE DEVICE OF ANOTHER PERSON WITHOUT AUTHORIZATION, OR IN EXCESS OF
LAWFUL AUTHORIZATION, FOR THE PURPOSE OF CREATING, OR ALLOWING OR CAUSING
ANOTHER PERSON TO CREATE, AN UNAUTHORIZED ELECTRONIC SIGNATURE USING SUCH
SIGNATURE DEVICE.
(C) NO PERSON SHALL KNOWINGLY CREATE, PUBLISH, ALTER, OR
OTHERWISE USE A CERTIFICATE ISSUED IN CONNECTION WITH A DIGITAL SIGNATURE FOR
ANY FRAUDULENT OR OTHER UNLAWFUL PURPOSE.
(D) NO PERSON SHALL KNOWINGLY MISREPRESENT THE PERSON'S IDENTITY
OR AUTHORIZATION IN REQUESTING OR ACCEPTING A CERTIFICATE OR IN REQUESTING
SUSPENSION OR REVOCATION OF A CERTIFICATE ISSUED IN CONNECTION WITH A DIGITAL
SIGNATURE.
(E) NO PERSON, IN CONNECTION WITH A DIGITAL SIGNATURE, SHALL
KNOWINGLY ACCESS, ALTER, DISCLOSE, OR USE THE SIGNATURE DEVICE OF A
CERTIFICATION AUTHORITY USED TO ISSUE CERTIFICATES WITHOUT AUTHORIZATION, OR
IN EXCESS OF LAWFUL AUTHORIZATION, FOR THE PURPOSE OF CREATING, OR ALLOWING OR
CAUSING ANOTHER PERSON TO CREATE, AN UNAUTHORIZED ELECTRONIC SIGNATURE USING
SUCH SIGNATURE DEVICE.
(F) NO PERSON SHALL PUBLISH A CERTIFICATE, OR OTHERWISE KNOWINGLY
MAKE IT AVAILABLE TO ANYONE LIKELY TO RELY ON THE CERTIFICATE OR ON A DIGITAL
SIGNATURE THAT IS VERIFIABLE WITH REFERENCE TO THE PUBLIC KEY LISTED IN THE
CERTIFICATE, IF THE PERSON HAS KNOWLEDGE OF ANY OF THE FOLLOWING:
(1) THE CERTIFICATION AUTHORITY LISTED IN THE CERTIFICATE HAS NOT ISSUED
IT.
(2) THE SUBSCRIBER LISTED IN THE CERTIFICATE HAS NOT ACCEPTED IT.
(3) THE CERTIFICATE HAS BEEN REVOKED OR SUSPENDED, UNLESS THE PUBLICATION
IS FOR THE PURPOSE OF VERIFYING A DIGITAL SIGNATURE CREATED PRIOR TO THE
REVOCATION OR SUSPENSION, OR GIVING NOTICE OF REVOCATION OR SUSPENSION.
Sec. 1306.25. (A) IN ANY LEGAL PROCEEDING, NOTHING IN THE RULES
OF EVIDENCE SHALL APPLY TO DENY THE ADMISSIBILITY OF AN ELECTRONIC
RECORD
OR ELECTRONIC SIGNATURE INTO EVIDENCE ON THE SOLE GROUND THAT IT IS AN
ELECTRONIC RECORD OR ELECTRONIC SIGNATURE, OR ON THE GROUNDS THAT IT IS NOT IN
ITS ORIGINAL FORM OR IS NOT AN ORIGINAL.
(B)(1) INFORMATION IN THE FORM OF AN ELECTRONIC RECORD SHALL BE
GIVEN DUE EVIDENTIARY WEIGHT BY THE TRIER OF FACT.
(2) IN ASSESSING THE EVIDENTIAL WEIGHT OF AN ELECTRONIC RECORD OR
ELECTRONIC SIGNATURE WHERE ITS AUTHENTICITY IS IN ISSUE, THE TRIER OF FACT MAY
CONSIDER ANY OR ALL OF THE FOLLOWING:
(a) THE MANNER IN WHICH IT WAS GENERATED, STORED, OR
COMMUNICATED;
(b) THE RELIABILITY OF THE MANNER IN WHICH ITS INTEGRITY WAS
MAINTAINED;
(c) THE MANNER IN WHICH ITS ORIGINATOR WAS IDENTIFIED OR THE
ELECTRONIC RECORD WAS SIGNED;
(d) ANY OTHER RELEVANT INFORMATION OR CIRCUMSTANCES.
Sec. 1306.26. ANY PERSON THAT SUFFERS A LOSS DUE TO A VIOLATION
OF SECTION 1306.24 OR 2913.35 of the Revised Code MAY BRING A
CIVIL ACTION IN A COURT OF COMPETENT JURISDICTION AND, IN ADDITION TO OTHER
APPROPRIATE RELIEF, IS ENTITLED TO RECOVER REASONABLE
ATTORNEY'S FEES AND OTHER COURT COSTS.
Sec. 1306.28. (A) IN RESOLVING A CIVIL DISPUTE INVOLVING A
SECURE
ELECTRONIC RECORD, IT SHALL BE REBUTTABLY PRESUMED THAT THE ELECTRONIC RECORD
HAS NOT BEEN ALTERED SINCE THE SPECIFIC TIME TO WHICH THE SECURE STATUS
RELATES.
(B) IN RESOLVING A CIVIL DISPUTE INVOLVING A SECURE ELECTRONIC
SIGNATURE, IT SHALL BE REBUTTABLY PRESUMED THAT THE SECURE ELECTRONIC SIGNATURE
IS THE SIGNATURE OF THE PERSON TO WHOM IT CORRELATES.
(C) THE EFFECT OF PRESUMPTIONS PROVIDED IN THIS SECTION IS TO
PLACE ON THE PARTY CHALLENGING THE INTEGRITY OF A SECURE ELECTRONIC RECORD OR
CHALLENGING THE GENUINENESS OF A SECURE ELECTRONIC SIGNATURE BOTH THE BURDEN
OF
GOING FORWARD WITH EVIDENCE TO REBUT THE PRESUMPTION AND THE BURDEN OF
PERSUADING THE TRIER OF FACT THAT THE NONEXISTENCE OF THE PRESUMED FACT IS
MORE
PROBABLE THAN ITS EXISTENCE.
(D) IN THE ABSENCE OF A SECURE ELECTRONIC RECORD OR A SECURE
ELECTRONIC SIGNATURE, NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL CHANGE
EXISTING RULES REGARDING LEGAL OR EVIDENTIARY RULES REGARDING THE BURDEN OF
PROVING THE AUTHENTICITY AND INTEGRITY OF AN ELECTRONIC RECORD OR AN
ELECTRONIC SIGNATURE.
Sec. 1306.29. (A)(1) EXCEPT AS PROVIDED IN DIVISION
(A)(2) OF THIS SECTION,
THE ELECTRONIC COMMERCE COMMISSION MAY
INVESTIGATE
COMPLAINTS FILED WITH THE COMMISSION OR OTHER INFORMATION BROUGHT TO
THE ATTENTION OF THE COMMISSION, WHICH COMPLAINTS OR
INFORMATION INDICATE A VIOLATION OF SECTIONS 1306.01 TO 1306.38 of the Revised Code OR THE
RULES ADOPTED UNDER THOSE SECTIONS.
(2) IF THE DEPARTMENT OF ADMINISTRATIVE SERVICES IS THE SUBJECT
OF A COMPLAINT FILED PURSUANT TO DIVISION (A) OF THIS SECTION, THE
AUDITOR OF STATE SHALL INVESTIGATE THE COMPLAINT.
(B) UPON REQUEST OF THE COMMISSION, THE ATTORNEY GENERAL,
OR COUNTY PROSECUTOR LOCATED IN THE COUNTY IN WHICH THE SUBJECT OF A COMPLAINT
INVESTIGATED PURSUANT TO DIVISION (A) OF THIS SECTION RESIDES, MAY
COMMENCE AND PROSECUTE ANY APPROPRIATE ACTION OR PROCEEDING AGAINST A
PERSON FOR A VIOLATION OF SECTIONS 1306.01 TO 1306.38 of the Revised Code.
Sec. 1306.32. (A) THERE IS HEREBY ESTABLISHED IN THE DEPARTMENT
OF ADMINISTRATIVE SERVICES THE ELECTRONIC COMMERCE COMMISSION CONSISTING OF
SEVEN MEMBERS.
(B)(1) OF THE SEVEN MEMBERS OF THE COMMISSION, FOUR SHALL BE EX
OFFICIO MEMBERS, AS FOLLOWS:
(a) THE DIRECTOR OF ADMINISTRATIVE SERVICES OR THE DIRECTOR'S
DESIGNEE;
(b) THE DIRECTOR OF COMMERCE OR THE DIRECTOR'S DESIGNEE;
(c) THE SECRETARY OF STATE OR THE SECRETARY OF STATE'S DESIGNEE;
(d) THE AUDITOR OF STATE OR THE AUDITOR OF STATE'S DESIGNEE.
(2) OF THE OTHER MEMBERS OF THE COMMISSION, THREE SHALL BE APPOINTED BY
THE
GOVERNOR, AS FOLLOWS:
(a) AN INDIVIDUAL WHO SHALL BE AN ATTORNEY AT LAW LICENSED TO
PRACTICE IN THIS STATE AND WHO SHALL HAVE SIGNIFICANT KNOWLEDGE OF
INTELLECTUAL
PROPERTY LAW OR INTERNET SECURITY LAW, OR BOTH AREAS OF THE LAW;
(b) AN INDIVIDUAL WHO SHALL BE EMPLOYED BY A FOR-PROFIT BUSINESS
WITH OFFICES IN THIS STATE, THE PRIMARY BUSINESS OF WHICH IS OTHER THAN
PROVIDING INFORMATION SYSTEMS PRODUCTS OR SERVICES, AND WHO SHALL HAVE
SIGNIFICANT KNOWLEDGE OF INTERNET SECURITY ISSUES AND EXPERIENCE WITH THE
DEVELOPMENT OF INTERNET-BASED ELECTRONIC COMMERCE;
(c) AN INDIVIDUAL WHO SHALL BE EMPLOYED BY A FOR-PROFIT BUSINESS
WITH OFFICES IN THIS STATE, THE PRIMARY BUSINESS OF WHICH IS PROVIDING
INFORMATION SYSTEMS PRODUCTS OR SERVICES, AND WHO SHALL HAVE SIGNIFICANT
KNOWLEDGE OF INTERNET SECURITY ISSUES AND EXPERIENCE WITH THE DEVELOPMENT OF
INTERNET-BASED ELECTRONIC COMMERCE.
(C)(1) WITHIN THIRTY DAYS AFTER THE EFFECTIVE DATE
OF THIS
SECTION, THE GOVERNOR SHALL MAKE INITIAL APPOINTMENTS TO THE COMMISSION
OF PERSONS DESCRIBED IN DIVISIONS (B)(2)(a) TO
(c) OF
THIS SECTION. OF THE INITIAL APPOINTMENTS MADE TO THE COMMISSION,
ONE SHALL BE FOR A TERM ENDING ONE YEAR AFTER THE EFFECTIVE DATE OF THIS
SECTION, ONE
SHALL BE FOR A TERM ENDING TWO YEARS AFTER THE EFFECTIVE DATE OF THIS SECTION,
AND
ONE SHALL BE FOR A TERM ENDING THREE YEARS AFTER THE EFFECTIVE
DATE OF THIS SECTION. THEREAFTER, TERMS OF OFFICE SHALL BE FOR
THREE YEARS, WITH EACH TERM ENDING ON THE SAME DAY OF THE SAME
MONTH AS DID THE TERM THAT IT SUCCEEDS.
(2) EACH MEMBER APPOINTED PURSUANT TO DIVISIONS
(B)(2)(a) TO
(c) OF THIS SECTION SHALL
HOLD OFFICE
FROM THE DATE OF APPOINTMENT UNTIL THE END
OF THE TERM FOR WHICH
THE MEMBER WAS APPOINTED. ANY MEMBER APPOINTED TO FILL A VACANCY OCCURRING
PRIOR TO THE EXPIRATION OF THE TERM FOR WHICH THE MEMBER'S PREDECESSOR
WAS APPOINTED SHALL HOLD OFFICE FOR THE REMAINDER OF THAT TERM.
ANY MEMBER SHALL CONTINUE IN OFFICE SUBSEQUENT TO THE EXPIRATION
DATE OF THE MEMBER'S TERM UNTIL THE MEMBER'S SUCCESSOR TAKES
OFFICE, OR UNTIL A PERIOD OF SIXTY DAYS HAS ELAPSED, WHICHEVER
OCCURS FIRST.
(3) BEFORE ENTERING UPON THEIR OFFICIAL DUTIES, EACH MEMBER APPOINTED
PURSUANT TO DIVISIONS (B)(2)(a) TO (c)
OF THIS SECTION SHALL
TAKE AN OATH AS PROVIDED BY
SECTION 7 OF
ARTICLE
XV,
OHIO
CONSTITUTION.
(4) EACH MEMBER APPOINTED TO THE COMMISSION PURSUANT TO DIVISIONS
(B)(2)(a) TO (c)
OF THIS SECTION SHALL RECEIVE COMPENSATION
FOR ACTUAL AND NECESSARY EXPENSES INCURRED IN THE PERFORMANCE OF OFFICIAL
DUTIES. THE AMOUNT OF THE EXPENSES SHALL BE CERTIFIED BY THE
CHAIRPERSON OF THE COMMISSION AND PAID IN THE SAME MANNER AS THE
EXPENSES OF EMPLOYEES OF THE DEPARTMENT OF ADMINISTRATIVE SERVICES
ARE PAID.
(D) THE DIRECTOR OF ADMINISTRATIVE SERVICES OR THE DIRECTOR'S
DESIGNEE SHALL SERVE AS CHAIRPERSON OF THE COMMISSION.
(E) THE DEPARTMENT OF ADMINISTRATIVE SERVICES SHALL PROVIDE
ADMINISTRATIVE SERVICES TO THE COMMISSION AND SHALL ASSIGN EXPERTS REQUIRED BY
THE COMMISSION TO ENABLE THE COMMISSION TO CARRY OUT THE COMMISSION'S DUTIES
UNDER SECTIONS 1306.13, 1306.17, AND 1306.29 of the Revised Code.
(F) THE COMMISSION MAY ADOPT ITS OWN RULES OF PROCEDURE AND MAY
CHANGE THEM AT ITS DISCRETION. THE VOTES OF FOUR OF THE MEMBERS OF THE
COMMISSION ARE REQUIRED FOR THE ADOPTION OF ANY RULE OR ANY AMENDMENT OR
RESCISSION OF A RULE.
(G) A FULL AND COMPLETE RECORD OF ALL PROCEEDINGS OF THE
COMMISSION SHALL BE KEPT OPEN TO PUBLIC INSPECTION AND AUTHENTICATED IN THE
MANNER PROVIDED IN SECTION 121.20 of the Revised Code.
Sec. 1306.35. (A) EACH STATE AGENCY SHALL DETERMINE IF, AND THE
EXTENT TO WHICH, IT WILL SEND AND RECEIVE ELECTRONIC RECORDS AND ELECTRONIC
SIGNATURES TO AND FROM OTHER PERSONS AND OTHERWISE CREATE, USE, STORE, AND
RELY
UPON ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES.
(B) IN ANY CASE IN WHICH A STATE AGENCY DECIDES TO SEND OR
RECEIVE
ELECTRONIC RECORDS, OR TO ACCEPT DOCUMENT FILINGS BY ELECTRONIC RECORDS, THE
STATE AGENCY, BY RULE AND GIVING DUE CONSIDERATION TO SECURITY, MAY SPECIFY
ALL
OF THE FOLLOWING:
(1) THE MANNER AND FORMAT IN WHICH SUCH ELECTRONIC RECORDS MUST BE
CREATED,
SENT, RECEIVED, AND STORED;
(2) IF THE ELECTRONIC RECORDS MUST BE SIGNED, ALL OF THE FOLLOWING:
(a) THE TYPE OF ELECTRONIC SIGNATURE REQUIRED;
(b) THE MANNER AND FORMAT IN WHICH SUCH SIGNATURE MUST BE AFFIXED
TO THE ELECTRONIC RECORD;
(c) THE IDENTITY OF, OR CRITERIA THAT MUST BE MET BY, ANY THIRD
PARTY USED BY THE PERSON FILING THE DOCUMENT TO FACILITATE THE PROCESS.
(3) CONTROL PROCESSES AND PROCEDURES AS APPROPRIATE TO ENSURE ADEQUATE
INTEGRITY, SECURITY, CONFIDENTIALITY, AND AUDITABILITY OF SUCH ELECTRONIC
RECORDS;
(4) ANY OTHER REQUIRED ATTRIBUTES FOR ELECTRONIC RECORDS THAT ARE
CURRENTLY SPECIFIED FOR CORRESPONDING PAPER DOCUMENTS OR ARE REASONABLY
NECESSARY UNDER THE CIRCUMSTANCES.
(C) ALL RULES ADOPTED BY A STATE AGENCY MAY INCLUDE THE
RELEVANT MINIMUM SECURITY REQUIREMENTS ESTABLISHED BY THE DEPARTMENT OF
ADMINISTRATIVE SERVICES IN ACCORDANCE WITH DIVISION (A) OF SECTION
1306.36 of the Revised Code, IF ANY.
(D) WHENEVER ANY RULE OF LAW REQUIRES OR AUTHORIZES THE FILING OF
ANY INFORMATION, NOTICE, LIEN, OR OTHER DOCUMENT OR RECORD WITH ANY STATE
AGENCY, A FILING MADE BY AN ELECTRONIC RECORD SHALL HAVE THE SAME FORCE AND
EFFECT AS A FILING MADE ON PAPER IN ALL CASES WHERE THE STATE AGENCY HAS
AUTHORIZED OR AGREED TO SUCH ELECTRONIC FILING AND THE FILING IS MADE IN
ACCORDANCE WITH APPLICABLE RULES OR AGREEMENT.
(E)(1) NOTHING IN SECTIONS 1306.01 TO 1306.38 of the Revised Code SHALL BE
CONSTRUED TO REQUIRE ANY STATE AGENCY TO USE OR PERMIT THE USE OF ELECTRONIC
RECORDS OR ELECTRONIC SIGNATURES.
(2) NOTWITHSTANDING DIVISION (C) OF THIS SECTION, ANY STATE
AGENCY THAT, PRIOR TO THE EFFECTIVE DATE OF THIS SECTION, USED OR
PERMITTED THE USE OF ELECTRONIC RECORDS OR ELECTRONIC SIGNATURES
PURSUANT TO LAWS ENACTED OR RULES ADOPTED BEFORE THE EFFECTIVE
DATE OF THIS SECTION, MAY USE OR PERMIT THE USE OF ELECTRONIC
RECORDS OR ELECTRONIC
SIGNATURES PURSUANT TO THOSE PREVIOUSLY ENACTED LAWS OR ADOPTED
RULES.
(F) FOR PURPOSES OF THIS SECTION, "STATE AGENCY" DOES NOT INCLUDE
THE GENERAL ASSEMBLY OR THE SUPREME COURT.
Sec. 1306.36. (A) THE DEPARTMENT OF ADMINISTRATIVE SERVICES, IN
ACCORDANCE WITH CHAPTER 119. of the Revised Code, MAY
ADOPT RULES, INCLUDING RULES DESCRIBED IN DIVISION (C) OF THIS
SECTION, SETTING FORTH MINIMUM SECURITY REQUIREMENTS FOR THE USE OF
ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES BY STATE AGENCIES.
(B) WITH RESPECT TO VERIFYING A DIGITAL SIGNATURE, THE DEPARTMENT
MAY ADOPT RULES, PROCEDURES, AND POLICIES WHEREBY STATE AGENCIES MAY ISSUE
OR
CONTRACT FOR THE ISSUANCE OF CERTIFICATES.
(C) THE DEPARTMENT, BY RULE, MAY SPECIFY APPROPRIATE MINIMUM
SECURITY
REQUIREMENTS TO BE IMPLEMENTED AND FOLLOWED BY STATE AGENCIES FOR ALL OF THE
FOLLOWING:
(1) THE GENERATION, USE, AND STORAGE OF KEY PAIRS;
(2) THE ISSUANCE, ACCEPTANCE, USE, SUSPENSION, AND REVOCATION OF
CERTIFICATES;
(3) THE USE OF DIGITAL SIGNATURES.
(D) EACH STATE AGENCY MAY ISSUE, OR CONTRACT FOR THE ISSUANCE OF,
CERTIFICATES TO ITS EMPLOYEES AND AGENTS AND PERSONS CONDUCTING BUSINESS OR
OTHER TRANSACTIONS WITH THE STATE AGENCY AND MAY TAKE OTHER ACTIONS CONSISTENT
THEREWITH, INCLUDING THE ESTABLISHMENT OF REPOSITORIES AND THE SUSPENSION OR
REVOCATION OF CERTIFICATES ISSUED, PROVIDED THESE ACTIONS ARE CONDUCTED IN
ACCORDANCE WITH ALL RULES, PROCEDURES, AND POLICIES ADOPTED BY THE DEPARTMENT
PURSUANT TO THIS SECTION.
(E) THE DEPARTMENT MAY SPECIFY
APPROPRIATE MINIMUM STANDARDS AND REQUIREMENTS THAT MUST BE SATISFIED BY A
CERTIFICATION AUTHORITY BEFORE EITHER OF THE FOLLOWING OCCURS:
(1) THE SERVICES OF THE CERTIFICATION AUTHORITY ARE USED BY ANY STATE
AGENCY FOR THE ISSUANCE, PUBLICATION, REVOCATION, AND SUSPENSION OF
CERTIFICATES TO SUCH AGENCY OR ITS EMPLOYEES OR AGENTS.
(2) THE CERTIFICATES ISSUED BY THE CERTIFICATION AUTHORITY WILL BE
ACCEPTED FOR PURPOSES OF VERIFYING DIGITALLY SIGNED ELECTRONIC RECORDS SENT TO
ANY STATE AGENCY BY ANY PERSON.
(F) WHERE APPROPRIATE, THE RULES ADOPTED BY THE DEPARTMENT
PURSUANT TO THIS SECTION SHALL SPECIFY DIFFERING
LEVELS OF MINIMUM STANDARDS FROM WHICH IMPLEMENTING STATE AGENCIES SHALL
SELECT THE STANDARD MOST APPROPRIATE FOR A PARTICULAR APPLICATION.
(G) THE GENERAL ASSEMBLY AND THE SUPREME COURT ALSO MAY ADOPT
RULES PERTAINING TO THE USE OF ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES BY
THEIR RESPECTIVE AGENCIES.
(H) FOR PURPOSES OF THIS SECTION, "STATE AGENCY" DOES NOT INCLUDE
THE GENERAL ASSEMBLY OR THE SUPREME COURT.
Sec. 1306.37. TO THE EXTENT REASONABLE UNDER THE CIRCUMSTANCES, RULES
ADOPTED BY THE DEPARTMENT OF ADMINISTRATIVE SERVICES, THE ELECTRONIC COMMERCE
COMMISSION, OR ANY OTHER STATE AGENCY
PURSUANT TO SECTION 1306.13, 1306.17, 1306.35, OR 1306.36 OF THE
REVISED CODE
AND RELATING TO THE USE OF ELECTRONIC RECORDS OR ELECTRONIC SIGNATURES SHALL
ENCOURAGE AND PROMOTE CONSISTENCY AND INTEROPERABILITY WITH SIMILAR
REQUIREMENTS ADOPTED BY AGENCIES OF OTHER STATES AND THE FEDERAL GOVERNMENT.
Sec. 1306.38. INFORMATION THAT WOULD DISCLOSE OR MAY LEAD TO THE
DISCLOSURE OF SECRET OR CONFIDENTIAL INFORMATION, CODES, ALGORITHMS, PROGRAMS,
OR PRIVATE KEYS INTENDED TO BE USED TO CREATE ELECTRONIC OR DIGITAL SIGNATURES
UNDER SECTIONS 1306.01 TO 1306.38 OF THE REVISED CODE ARE
NOT PUBLIC RECORDS FOR PURPOSES OF SECTION 149.43 OF THE REVISED
CODE.
Sec. 1306.99. (A) WHOEVER VIOLATES DIVISION (A) OR
(D) OF SECTION 1306.24 OF THE REVISED CODE IS
GUILTY OF A MISDEMEANOR OF THE FIRST DEGREE.
(B) WHOEVER VIOLATES DIVISION (B) OR (C) OF
SECTION
1306.24 OF THE REVISED CODE IS GUILTY OF A FELONY OF THE
FOURTH DEGREE.
(C) WHOEVER VIOLATES DIVISION (B) OR (C) OF
SECTION 1306.24 OF THE REVISED CODE AND PREVIOUSLY HAS
VIOLATED DIVISION (B) OR (C) OF THAT SECTION IS GUILTY OF A
FELONY OF THE THIRD DEGREE.
(D) WHOEVER VIOLATES DIVISION (B), (C), OR
(D) OF SECTION 1306.24 OF THE REVISED CODE IN
FURTHERANCE OF ANY SCHEME OR ARTIFICE TO DEFRAUD IN EXCESS OF FIFTY THOUSAND
DOLLARS IS GUILTY OF A FELONY OF THE SECOND DEGREE.
(E) WHOEVER VIOLATES DIVISION (D) OF SECTION 1306.24 OF
THE REVISED CODE TEN TIMES IN A TWELVE-MONTH PERIOD OR IN
FURTHERANCE OF ANY SCHEME OR ARTIFICE TO DEFRAUD IS GUILTY OF A FELONY OF THE
FOURTH DEGREE.
(F) WHOEVER VIOLATES DIVISION (E) OF SECTION 1306.24 OF
THE REVISED CODE IS GUILTY OF A FELONY OF THE THIRD DEGREE.
(G) WHOEVER VIOLATES DIVISION (E) OF SECTION 1306.24 OF
THE REVISED CODE IN FURTHERANCE OF A SCHEME OR ARTIFICE TO
DEFRAUD IS GUILTY OF A FELONY OF THE SECOND DEGREE.
Sec. 2913.31. (A) No person, with purpose to defraud, or
knowing that the person is facilitating a fraud, shall do any of the
following:
(1) Forge any writing of another without the other person's
authority;
(2) Forge any writing so that it purports to be genuine
when it actually is spurious, or to be the act of another who did
not authorize that act, or to have been executed at a time or
place or with terms different from what in fact was the case, or
to be a copy of an original when no such original existed;
(3) Utter, or possess with purpose to utter, any writing
that the person knows to have been forged.
(B) No person shall knowingly do either of the following:
(1) Forge an identification card;
(2) Sell or otherwise distribute a card that purports to
be an identification card, knowing it to have been forged.
As used in this division, "identification card" means a
card that includes personal information or characteristics of an
individual, a purpose of which is to establish the identity of
the bearer described on the card, whether the words "identity,"
"identification," "identification card," or other similar words
appear on the card.
(C) NO PERSON SHALL KNOWINGLY USE A SIGNATURE DEVICE OF ANOTHER PERSON TO
CREATE AN ELECTRONIC SIGNATURE OF THAT OTHER PERSON. AS USED IN THIS
DIVISION, "SIGNATURE DEVICE" AND "ELECTRONIC SIGNATURE" HAVE THE SAME MEANINGS
AS IN SECTION 1306.01 of the Revised Code.
(D)(1)(a) Whoever violates division (A) of this section is
guilty of forgery.
(b) Except as otherwise provided in this
division or division (C)(D)(1)(c) of this
section, forgery is a felony of the fifth degree.
If property or services are involved in the offense or the victim suffers a
loss, forgery is one of the following:
(i) If the value of the property or services or the loss to
the victim is
five
thousand dollars or more and is less than one hundred thousand dollars,
a felony of the fourth degree;
(ii) If the value of the property or
services or
the loss to the victim is one hundred thousand dollars or more,
a felony of the third degree.
(c) If the victim of the offense is an elderly person or
disabled adult, division (C)(D)(1)(c) of this section
applies to the forgery. Except as
otherwise provided in division (C)(D)(1)(c) of this
section, forgery is a felony of the fifth
degree. If property or services are involved in the offense or if the
victim suffers a loss, forgery is one of the following:
(i) If the value of the property or services or the
loss to the victim is five hundred dollars or more and is less
than five thousand dollars, a felony of the fourth
degree;
(ii) If
the value of the property or
services or the loss to the victim is five thousand dollars or
more and is less than twenty-five thousand dollars, a
felony of the third degree;
(iii) If the value of
the property or services or the loss to the victim is twenty-five
thousand dollars or more, a felony of the second degree.
(2) Whoever violates division (B) of this section is
guilty of forging identification cards or selling or distributing
forged identification cards. Except as otherwise provided
in this division, forging identification cards or selling or distributing
forged identification cards is a misdemeanor of the first degree.
If the offender previously has been convicted of a violation of
division (B) of this section, forging identification
cards or selling or
distributing forged identification cards is a misdemeanor of the
first degree and, in addition, the court shall impose upon the
offender a fine of not less than two hundred fifty dollars.
(3) WHOEVER VIOLATES DIVISION (C) OF THIS SECTION IS
GUILTY OF FORGING AN ELECTRONIC SIGNATURE, A FELONY OF THE THIRD DEGREE.
Section 2. That existing section 2913.31 of the Revised Code is
hereby repealed.
Section 3. The Electronic Commerce Commission shall file the
original version of the proposed rules pursuant to divisions (B)
and (H) of section 119.03 of the Revised Code no later than ninety
days after the effective date of this act.
Section 4. Section 1306.32 of the Revised Code is hereby repealed four years
after the
effective date of this act.
|