I am researching legal and regulatory issues relating to the electronic storage of scanned customer signatures. The purpose of storing the scanned signatures is to compare them at a later date to customer signed authorizations. These authorizations request cash transactions within the customers' investment accounts.
Are there any laws or regulations dictating the level and type of security that should be used to protect such data? What is a company's potential exposure or legal liability if such customer data is compromised? (Note: I am not concerned with digital signatures but rather actual images of signatures.)
The only law that I am familiar with that covers this area at all is the Electronic Signatures in Global and National Commerce Act ("E-SIGN") (Public Law 106-229) enacted on June 30, 2000. While this law does cover digital signatures, it also covers the scanned and electronically stored signatures you describe. Unfortunately, I am not a lawyer, so I can't answer the rest of your questions. I'd suggest doing a Web search on the title of the act or E-SIGN, and you will likely find more information on this topic then you ever really wanted to know.
For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Law, Public Policy & Standards
Chat Transcript: Digital Certificates and Signatures
Ask the Expert: The difference between electronic and digital signatures