Wyo. Code R. 077-0001-4
Director's Office
Chapter 4: Electronic Signatures
Effective Date: 06/08/2016 to Current
Rule Type: Current Rules & Regulations
Reference Number: 077.0001.4.06082016
(a) In accordance with W.S. 40-21-118 (b)(ii), this chapter applies to the electronic communications or transactions conducted with a State agency, for which a method of signing is required, where: (i) a user or signer must be verified or signature authenticated; and (ii) requires a capture of intent for legal purposes. (b) This chapter does not apply to: (i) The use of digital signatures where the conditions in Section 1 do not apply; or (ii) The use of e-mail to conduct business with the State where the conditions in Section 1(a) do not apply; or (iii) The processing of electronic transactions under rules adopted by the Wyoming State Auditor's Office pursuant to applicable law; or (iv) The receipt of electronically filed documents pursuant to Wyoming statutes or other applicable statutory law where the purpose of the written electronic communication is to comply with statutory filing; or (v) As otherwise excluded by Wyoming Statute, or applicable statutory law.
(a) The agency is responsible for establishing adequate guidelines and
procedures for the management and administration of technologies that are consistent with the risks and consequences associated with the compromise of the information or transaction in accordance with state policies and standards. An electronic signature:
(i) should be unique to the signer within the context in which it is
Used;
(ii) should be used to objectively identify the person signing and transmitting the electronic record;
(iii) should provide reasonable assurance the electronic signature created by such identified person cannot be readily duplicated or compromised; and
(iv) should be linked to the electronic record to which it relates, in a manner such that if the record or the signature is intentionally or unintentionally changed after signing the electronic signature is invalidated.
(b) The integrity of the data or content contained in the communication or transaction must be:
(i) maintained in verifiable form appropriate to the communication throughout the lifecycle of the data;
(ii) provide reasonable assurance the transaction record data cannot be readily compromised; and
(iii) linked to the electronic signature to which it relates, in a manner such that if the original transaction record data or the signature is intentionally or unintentionally changes after signing, the transaction record is invalidated.
(c) An Agency accepting an electronic transaction that contains an electronic signature, shall ensure that the level of security used to identify the sender and to authenticate the electronic signature is sufficient for the transaction being conducted, and in accordance with Chapter 3 Electronic Transactions Security.
(d) A State agency shall not be required to accept an electronic signature for specific transactions if the State agency:
(i) Determines that the expense or resources required by the State agency to accept such an electronic signature are unreasonable; and
(ii) Provides reasonable notice to all interested persons of the fact that such electronic signatures will not be accepted, and of the basis for the determination that the expense or resources required for acceptance are unreasonable.
(e) Any agreements entered into between a sender and the receiving State agency after the effective date of these rules must comply with these rules.
(f) Except as provided by another applicable rule of law, a secure electronic signature is attributable to the person to whom it correlates, whether or not authorized, if:
(i) The electronic signature resulted from acts of a person that obtained
the signature device or other information necessary to create the signature from a source under the control of the alleged signer, or the access or use occurred under circumstances constituting a failure to exercise reasonable care by the alleged signer; and
(ii) The receiving party relied reasonably and in good faith to their detriment on the apparent source of the electronic record.
The Chief Information Officer may issue written policy statements relating to the interpretation or application of this chapter, to include electronic signature authentication procedures, attribution of signatures, electronic signatures technologies, transaction record authentication procedures, and supporting procedures as fit to ensure proper management of this service and technology. Agency heads shall ensure dissemination of, and compliance with, such policy statements.