With several data breaches and malware phishing attacks in May 2017, concerns regarding the security and privacy of digital processes—including data and signature biometrics—have reached a new high. This is after the number of U.S. data breaches tracked in 2016 already had hit an all-time record high, according to figures from the Identity Theft Resource Center (ITRC).
In several of the recent data breaches, cybercriminals specifically targeted business users who were processing personal documents and signing confidential contracts. Regulated companies and supervisory bodies like the Consumer Financial Protection Bureau (CFPB) might hold them accountable for any consumer harms. Ballard Spahr’s Privacy and Data Security Group has published a long list of what customers of the most recent data breach should consider.
As a result, these attacks are raising customer fears, creating uncertainty and doubt about the trustworthiness of paperless workflows.
According to Dan Bieler, Principal Analyst at Forrester Research, trust must be at the center of your digital transformation initiatives to maintain customer confidence and loyalty. So it’s important to take the security of electronic signatures—and all of its corresponding processes and data—seriously.
The good news is you can protect your organization from exposure with a few basic considerations when designing your customers’ e-signing experience.
First, keep as much personal data under your organization‘s control to comply with regulations such as EU General Data Protection Regulation (GDPR) and be able to prove data residence if required. If you prefer an e-signing process in the cloud, consider setting up your own private cloud.
So why should you keep personal data and the e-signing process under the control of your organization as much as possible?
Remember, you are already investing a lot to establish a trusted brand through a seamless, superior customer experience. Customers, as well as business partners and employees, will typically trust your organization over unknown, third-party services.
Next, take full control of the orchestration and execution of signing processes. In addition to ensuring a seamless integration of e-signing into your workflows, make sure you can fully white-label the solution. If individuals are required to register with a third-party service, some of their personal data might be stored in systems outside the actual service in environments with a lower protection level.
To better protect the security of their data and digital processes, many organizations are moving to a hybrid approach—keeping some functions behind the firewall in data centers operated on-premises or as part of their larger organizational structure. For example, some organizations run regional or local operation centers in several countries.
Beyond increased control, on-premises deployment of your electronic signature solution also offers greater flexibility in process design, deeper integration and collaboration with corresponding workflows, as well as in-depth reporting and monitoring of transactions. Functionality and ease of use of your solution may be adjusted based on specific requirements or regional preferences of your organization’s customers and employees.
And, contrary to what you may think, on-premise deployment does not necessarily mean long project cycles. By selecting a provider with expertise in solution design, implementation can be accelerated and the required resources (hardware, in-house IT resources and professional services) can be minimized.
The success of your business and digital transformation efforts depends on trusted relationships. Data breaches seriously affect the most important assets of your organization—your customers—and as a result, may endanger its very existence.
Discover how you can seamlessly integrate an electronic signature solution while protecting the security and privacy of personal data. Download the eBook: Globally Legal: Best Practices for eSignature Deployment.