Recently, Adobe, the maker of Photoshop, Creative Cloud, and Acrobat Sign, came under fire for changes in its terms of service that raised concerns about data privacy. This incident serves as a stark reminder that user agreements, terms of service, and other fine print that most users ignore can significantly impact businesses and their customers—especially when third-party integrations are involved.
Many businesses rely on software platforms that integrate third-party e-signature solutions. What those businesses often overlook is how software relationships may subject themselves and their customers to terms and conditions from an e-signature provider connected by a chain of licenses and agreements not easily accessed or understood. The e-signature provider’s terms may not align with the business user’s goals or customer best interests.
Consider a scenario where a bank chooses a loan origination system with an e-signature integration. The e-signature technology is actually provided by a separate company with its own terms of use. While the bank would certainly vet the loan origination system’s terms of use, it’s less likely that they would study the agreement between the LOS and the e-signature technology provider.
Without careful oversight, the bank could agree to terms with an invisible e-signature technology provider that leads to unexpected data handling practices, potential privacy breaches, or even non-compliance with industry regulations.
Secure signing and data privacy
If you're concerned about the security and privacy implications of your document management and e-signature solutions, here are some key considerations:
1. Data ownership: Ensure that your data remains your property. Be wary of any terms that grant the provider rights to use your data for their own purposes. You should maintain complete control over a single copy of the signed document that includes all data necessary to prove its validity.
2. Clarity of terms: Look for providers with clear, unambiguous terms of service. Vague language can leave room for interpretations that may not favor your interests. Stay vigilant and demand transparency from your partners.
3. Data continuity: Consider what happens to your documents if the provider ceases operations. Opt for solutions that offer permanent verifiability and data portability. Again, you should retain complete control over the signature data that validates your e-signed agreements regardless of your relationship with a software platform.
4. Compliance standards: Verify that the solution meets relevant compliance standards for your industry, such as SOC 2 Type II, HIPAA, or GDPR. In the financial services space, FINRA Regulatory Notice 22-18 reminds registered representatives of their requirement to proactively monitor and ensure the authenticity of digital signatures.
5. Third-party integrations: Pay close attention to any third-party services integrated into your chosen platform. Ensure their terms align with your privacy and security requirements. Understand who provides the technology underpinning the platform you need for your business operations.
6. Data handling practices: Understand how your data is stored, processed, and protected. This includes knowing where data centers are located and how data is encrypted.
The trust factor
From a business standpoint, the core issue here is trust. Once eroded, trust is incredibly difficult—and very expensive—to regain. While businesses focus on selling their products or services, they're also implicitly selling their trustworthiness. This characteristic must be at the center of all business relationships—with customers, partners, and vendors alike.
In an era where data breaches and privacy scandals regularly make headlines, businesses must be more vigilant than ever. It's not enough to trust that your software providers have your best interests at heart. Due diligence in reviewing all terms of service, including those of integrated third-party solutions—is crucial.
Remember, your commitment to data privacy isn't just about avoiding fines or bad publicity. It's about respecting your customers' rights and maintaining the trust they've placed in you. In today's digital landscape, that trust is one of your most valuable assets.
Jay Jumper is CEO & President of SIGNiX, a provider of secure and compliant digital signature solutions.