1 / 38

Review of the Electronic Transactions Ordinance

Review of the Electronic Transactions Ordinance. Information Infrastructure Advisory Committee 9 April 2002. B ackground. Electronic Transactions Ordinance. Enacted on 5 January 2000 All provisions came into operation by April 2000. Objective.

cristinahall
Download Presentation

Review of the Electronic Transactions Ordinance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002

  2. Background

  3. Electronic Transactions Ordinance • Enacted on 5 January 2000 • All provisions came into operation by April 2000

  4. Objective • Provide a clear legal framework for the conduct of e-business • Enhance confidence in electronic transactions

  5. Electronic Transactions Ordinance • Provide electronic records and digital signatures the same legal status as that of their paper-based counterparts • Provide a voluntary recognition scheme for certification authorities

  6. E-business developments in Hong Kong • Government took the lead to accept electronic submissions under law for the bulk of legislation • Electronic Service Delivery Scheme

  7. E-business developments in Hong Kong • Established the local public key infrastructure • Two certification authorities recognised • Digital certificates adopted in online applications in the public and commercial sectors to ensure security in electronic transactions

  8. E-business developments in Hong Kong • On par in establishing legal framework with countries advanced in e-business development • Hong Kong’s e-business potential and readiness widely recognised internationally

  9. Review

  10. Review of Electronic Transactions Ordinance • A clear legal framework provides a solid foundation for e-business development • Committed to review the Ordinance 18 months after its enactment • To ensure Hong Kong has the most up-to-date legislative framework for the conduct of e-business

  11. Review of Electronic Transactions Ordinance • Factors considered: - operational experience gained since enactment - technological advancement - social changes - international e-business development • Consulted Government bureaux and departments on the implementation of the Ordinance

  12. Preliminary proposals

  13. Legal recognition of other forms of electronic signatures • Legal recognition for digital signatures supported by recognised digital certificates • Different electronic authentication technologies and means developed and adopted by governments and business communities around the world • Personal identification number (PIN) commonly used in: - banking service - filing of tax return (Australia, Singapore, UK and USA) - renewal of driving licence (some states in USA)

  14. Personal identification number (PIN) • Where the level of security offered by PIN is commensurate with the risk of the service involved, e.g. - where there is established relationship between the parties involved so that the PIN could be securely issued, used and verified - where a secure system like the Electronic Service Delivery Scheme which provides strong encryption services for data transmission is used

  15. Personal identification number (PIN) • Propose to accept the use of PIN for satisfying statutory signature requirements in specified cases • Secretary for Information Technology and Broadcasting (the Secretary) to specify these cases by subsidiary legislation • Users will be free to choose PIN, digital certificate or hand-written signature

  16. Legal recognition of other forms of electronic signatures • Considered other means of authentication like using biometrics • Yet to have institutional arrangement to support community-wide application • Yet to gain wide acceptance by the community • Propose to examine at a later stage

  17. Legal requirement of “delivery by post or in person” • Certain legal provisions require documents to be delivered either by post or in person • An impediment to the adoption of electronic transactions

  18. Legal requirement of “delivery by post or in person” • Propose that these legal provisions should be automatically construed as covering “delivery by electronic means” • The Secretary to specify these provisions by subsidiary legislation

  19. Exemptions under the Ordinance • Schedule 1 sets out matters which are exempt from the electronic means, e.g. will, trust, power of attorney, oath, statutory declaration, etc. • Should retain these exemptions in view of the solemnity and complexity involved • Propose not to amend Schedule 1 for the time being

  20. Exemptions under the Ordinance • Schedule 2 sets out court and quasi-judicial proceedings which are exempt from the electronic means • Electronic filing yet to become mature and common in the legal profession • Propose not to amend Schedule 2 for the time being

  21. Exemptions under the Ordinance • The Secretary had made exclusion order to exclude 202 statutory provisions from the application of the Ordinance

  22. Exemptions under the Ordinance • Exclusions made can be classified into the following five categories: - solemnity of the matter or document involved - on operational grounds, e.g. production of documents to Government authorities on the spot

  23. Exemptions under the Ordinance - involved submission of voluminous documents or complex plans - compliance with international practices - to ensure that the Government would be able to meet its contractual obligations

  24. Exemptions under the Ordinance • These principles for exemption remain valid today • Should continue to be adopted • Will continue to review existing exemptions • Withdraw exemptions which are or will soon become unnecessary

  25. Voluntary recognition scheme for certification authorities • Director of Information Technology Services (the Director) will grant recognition to certification authorities (CAs) which provide a trustworthy service • The Director has published Code of Practice for Recognised Certification Authorities (the Code) setting out the standards and procedures that recognised CAs have to adopt • Advisory Committee to be consulted on any proposed amendment to the Code

  26. Voluntary recognition scheme for certification authorities • CA applicants should engage an independent assessor to prepare an assessment report • Assessment report to state whether the applicant is capable of meeting the relevant requirements in the Ordinance and Code

  27. Voluntary recognition scheme for certification authorities • The Director may renew, suspend or revoke the recognition • Established an appeal mechanism; no appeal case so far • Recognised CAs should furnish an assessment report to the Director every twelve months • The Director will publish material information in the report for public inspection

  28. Voluntary recognition scheme for certification authorities • Smooth implementation of the scheme • Propose not to make any substantial changes for the time being

  29. Voluntary recognition scheme for certification authorities • Assessment reports should be prepared by persons approved by the Director • Assessors shall assess whether the CA is capable of meeting the relevant requirements in the Ordinance and Code

  30. Voluntary recognition scheme for certification authorities • An assessment includes requirements: - related to the trustworthiness (e.g. system security, procedural safeguard, financial liability) of the certification service - not related to trustworthiness but other aspects of the operation (e.g. adoption of discriminatory practices)

  31. Voluntary recognition scheme for certification authorities • Approved persons may not practically be able to make an assessment on whether the applicant is in compliance with those provisions which are not related to the trustworthiness of the certification service

  32. Voluntary recognition scheme for certification authorities • Propose to split the assessment into two parts: - the first part concerns trustworthiness of the certification service and to be prepared by a qualified and independent person approved by the Director - the second part concerns provisions not related to trustworthiness of the certification service that can be dealt with through a declaration made by an authorised person of the CA

  33. Voluntary recognition scheme for certification authorities • The Ordinance requires submission of an assessment report every twelve months • There may be crucial changes in the operation of the CA in between two annual assessments which may affect its trustworthiness

  34. Voluntary recognition scheme for certification authorities • Propose to empower the Director to ask recognised CA to furnish an assessment report when there are or will be major changes • The assessment report should be prepared by persons authorised by the Director • It should focus only on the concerns raised by the Director

  35. Timetable • Issued public consultation paper to solicit public views (4 March) • Consulted the Legislative Council Panel on Information Technology and Broadcasting (11 March)

  36. Timetable • Written to relevant organisations to proactively solicit views: - IT industry organisations - Organisations which have an interest in e-business - Legal and professional organisations - Tertiary institutions - Other relevant organisations

  37. Timetable • Consultation to end on 30 April 2002 • To report to IIAC and the Legislative Council on the outcome of the public consultation • To introduce legislative amendments in the 2002-03 legislative session

  38. Invite Members’ views on the review

More Related