Recently, Adobe, maker of Photoshop, Creative Cloud and Acrobat Sign, came under fire for changes to its terms of service that raised concerns about data privacy. This incident serves as a stark reminder that user agreements, terms of service and other fine print that most users ignore can significantly impact businesses and their customers – especially when third-party integrations are involved.
Many businesses rely on software platforms that integrate third-party electronic signature solutions. What these businesses often overlook is how the software relationship can subject themselves and their customers to terms and conditions from an electronic signature provider bound by a chain of licenses and agreements that are not easily accessed or understood. The terms of the electronic signature provider may not align with the business user's goals or the customer's best interests.
Consider a scenario where a bank chooses a loan origination system with an electronic signature integration. Electronic signature technology is actually provided by a separate company with its own terms of use. While the bank would certainly check the terms of use of the loan origination system, it is less likely that they would study the agreement between the LOS and the electronic signature technology provider.
Without careful oversight, the bank may agree to terms with an invisible electronic signature technology provider that lead to unexpected data handling practices, potential privacy violations or even non-compliance with industry regulations.
Ensuring signature and data privacy
If you are concerned about the security and privacy implications of document management and electronic signature solutions, here are some key considerations:
1. Data Ownership: Make sure your data remains your property. Be wary of the terms that give the provider rights to use your data for their own purposes. You must maintain full control over a single copy of the signed document that includes all the necessary data to prove its validity.
2. Clarity of terms: Look for providers with clear and unambiguous terms of service. Vague language can leave room for interpretations that may not favor your interests. Be vigilant and demand transparency from your partners.
3. Data continuity: Consider what happens to your documents if the provider goes out of business. Choose solutions that provide permanent verifiability and data portability. Again, you must maintain full control over the signature data that validates your electronically signed agreements, regardless of your relationship with a software platform.
4. Compliance standards: Verify that the solution meets the relevant compliance standards for your industry, such as SOC 2 Type II, HIPAA or GDPR. In the financial services space, FINRA Regulatory Notice 22-18 reminds registered representatives of their requirement to proactively monitor and ensure the authenticity of digital signatures.
5. Third Party Integrations: Pay attention to any third-party services integrated into your chosen platform. Make sure their terms match your privacy and security requirements. Understand who provides the technology that supports the platform you need for your business operations.
6. Data handling practices: Understand how your data is stored, processed and protected. This includes knowing where data centers are located and how data is encrypted.
The trust factor
From a business perspective, the key issue here is trust. Once eroded, trust is incredibly difficult – and very expensive – to regain. As businesses focus on selling their products or services, they are also implicitly selling their credibility. This characteristic should be at the heart of all business relationships – with customers, partners and vendors alike.
In an age where data breaches and privacy scandals regularly make headlines, businesses need to be more vigilant than ever. It's not enough to trust that your software providers have your best interests at heart. Due diligence in reviewing all terms of service, including those of third-party integrated solutions, is essential.
Remember, your commitment to data privacy isn't just about avoiding fines or bad publicity. It's about respecting your customers' rights and maintaining the trust they've placed in you. In today's digital landscape, that trust is one of your most valuable assets.
Jay Jumper is the CEO and President of SIGNiXa provider of secure and compliant digital signature solutions.