(a) This section applies to all written electronic communications which are sent to an institution of higher education over the Internet or other electronic network or by another means that is acceptable to the institution of higher education, for which the identity of the sender or the contents of the message must be authenticated, and for which no prior agreement between the sender and the receiving institution of higher education regarding message authentication existed as of the effective date of this section. This section does not apply to or supersede the use and expansion of existing systems:
- (1) for the receipt of electronically filed documents pursuant to the Texas Business and Commerce Code or other applicable statutory law where the purpose of the written electronic communication is to comply with statutory filing requirements and the receiving institution of higher education is not a party to the underlying transaction which is the subject of the communication; or
- (2) for the electronic approval of payment vouchers under rules adopted by the comptroller of public accounts pursuant to applicable law.
- (b) Prior to accepting a digital signature, an institution of higher education shall ensure that the level of security used to identify the signer of a message and to transmit the signature is sufficient for the transaction being conducted. An institution of higher education that accepts digital signatures may not effectively discourage the use of digital signatures by imposing unreasonable or burdensome requirements on persons wishing to use digital signatures to authenticate written electronic communications sent to the institution of higher education.
(c) An institution of higher education that accepts digital signatures shall not be required to accept a digital signature that has been created by means of a particular acceptable technology described in §203.44 of this chapter if the institution of higher education:
- (1) determines that the expense that would necessarily be incurred by the institution of higher education in accepting such a digital signature is excessive and unreasonable;
- (2) provides reasonable notice to all interested persons of the fact that such digital signatures will not be accepted, and of the basis for the determination that the cost of acceptance is excessive and unreasonable; and
- (d) An institution of higher education shall review and consider any applicable guidelines and recommendations that have been adopted by the department in determining whether and for what purposes the institution of higher education shall accept a digital signature. A copy of such guidelines and recommendations may be obtained directly from the department, or may be obtained electronically via the World Wide Web at the following location: http://www.dir.state.tx.us.
- (e) An institution of higher education shall ensure that all written electronic communications received by it and authenticated by means of a digital signature in accordance with this section, as well as any information resources necessary to permit access to the written electronic communications, are retained by the institution of higher education as necessary to comply with applicable law pertaining to audit and records retention requirements.
Source Note:The provisions of this §203.43 adopted to be effective November 28, 2004, 29 TexReg 10710.