New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 7 - DIGITAL / ELECTRONIC SIGNATURE
Section 1.12.7.13 - REQUIREMENTS FOR LEGALLY BINDING ELECTRONIC SIGNATURE

Universal Citation: 1 NM Admin Code 1.12.7.13

Current through Register Vol. 35, No. 18, September 24, 2024

Where an electronic signature is required by law or otherwise deemed desirable, it is critical that the electronic signature and the associated signing process satisfy all of the applicable legal requirements. Generally, creating a valid and enforceable electronic signature requires satisfying the following signing requirements.

A.A person (i.e., the signer) must use an acceptable electronic form of signature. Electronic signatures can take many forms, and can be created by many different technologies. No specific technology or form of signature is required. Generally, any electronic "sound, symbol, or process" can be used as the form of signature. Examples of commonly used electronic forms of signature include, but are not limited to:

(1) Symbols such as a typed name (e.g., typed at the end of an e-mail message by the sender, or typed into a signature block on a website form by a party); digitized image of a handwritten signature that is attached to an electronic record; a shared secret (e.g., a secret code, password, or PIN) used by a person to sign the electronic record; a unique biometrics-based identifier, such as a fingerprint, voice print, or a retinal scan; or a digital signature.

(2) Sounds such as sound recording of a person's voice expressing consent.

(3)Processes such as using a mouse to click a button or hyperlink (such as clicking an "I Agree" button); using a private key and applicable software to apply a "digital signature;" or scanning and applying a fingerprint.

B. The electronic form of signature must be executed or adopted by a person with the intent to sign the electronic record, (e.g., to indicate a person's approval of the information contained in the electronic record). A person's intent to sign is often inferred from his or her approval of the reason for signing as stated in the text of either:

(i) the electronic record being signed or

(ii) the surrounding signing process. For example, words appearing immediately above a blank signature line on a contract document might state "By signing below I agree to the foregoing contract terms." That statement indicates both the reason for signing (agreement to the contract) as well as the means by which a person can indicate an intent to sign (i.e., by applying the form of signature where indicated). Thus, a person indicates his or her intention to sign, for the reason stated, by signing on the applicable blank line. Likewise, text on a website might state that "By checking this box I agree to the terms of use." A person indicates his or her intention to sign, for the reason stated, by checking the box on the website.

C. The electronic form of signature must be attached to or associated with the electronic record being signed. Specifically, it must be attached to, or logically associated with, the record being signed. Satisfying this requirement requires storing the data constituting the electronic form of signature, and doing so in a way that permanently associates it with the electronic record that was signed. Where the electronic form of signature consists of a symbol or a sound (such as a typed name, a digitized image of a handwritten name, a PIN, a digital signature, a voice recording, etc.), the data representing the symbol or sound must be saved. Where the electronic form of signature consists of a process (such as clicking on an "I Agree" button), the system must be programmed so that completion of the process generates some specific data element to indicate completion of the signing process, or some other procedure (such as generation of a log record or audit trail) to record the act of signing. It is also recommended that the following additional data elements be appended to or associated with the signature data provided privacy considerations have been taken into account:

(1) Identity of the signer or a link to the source of identifying information, such as a validated User ID, a digital certificate, a biometric database, etc.;

(2) Date and time of the signature;

(3) Method used to sign the record; and

(4) An indication of the reason for signing.

D. There must be a means to identify and authenticate a particular person as the signer. Meeting this burden of proof requires establishing a link between an identified person and the signature. An electronic form of signature may or may not provide proof of identity. Many forms of signature do not contain or directly link to the identity of the person making them (such as clicking an "I Agree" button), or if they do provide evidence of identity, such identity may not be reliable (e.g., a typed name). Other security procedures may be used to accomplish this objective. The signer's identity may be authenticated as part of an overall process of obtaining access to a website or electronic resource that includes the record to be signed. If the act of signing is performed during the session authorized by the authentication process, the signature itself is attributed to the signer because the person accessing the record for signing has been duly authenticated.

E. There must be a means to preserve the integrity of the signed record. The usability, admissibility, and provability of a signed electronic record requires procedures be undertaken to ensure the continuing integrity of both the electronic record and its electronic signature following completion of the signing process. Data integrity is concerned with the accuracy and completeness of electronic information communicated over the internet or stored in an electronic system, and with ensuring that no unauthorized alterations are made to such information either intentionally or accidentally. Ensuring "integrity" requires "guarding against improper information modification or destruction, for the full retention period of the record. Electronic records are easily altered in a manner that is not detectable. In an electronic transaction of any significance, the parties to the transaction must be confident of the integrity of the information before they rely or act on the record.

Disclaimer: These regulations may not be the most recent version. New Mexico may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.