Going Digital: Digitally Signing Personally Identifiable Information (PII) Data and Consent
Activity Factory supports 2 types of digital signing.
- Document Cryptographic Hash (sample summary, sample quote)
- Digital Signatures from a 3rd Party Provider (sample quote)
Activity Factory adds a signature page and calculates the Cryptographic HASH of the file.
A HASH is a mathematical algorithm that calculates the file bits into a fixed string value (HASH). It is a one way calculation and cannot be inverted.
So when someone tampers with a document it will result in a different HASH value.
3rd Party Digital Signatures
3rd Party Digital Signatures are recommended as they are validated by a 3rd Party Provider and is globally accepted.
Activity Factory Digital Signatures are provided by our partner Global Sign.
Minimizing the Cost of PII Compliance
Is this familiar?
- Gather paper documents from employees (SSS Forms, EIS, BIR Forms, Resumes, Drug Tests, etc)
- Producing and Printing consent forms
- Getting employees to sign the consent
- Storing all of these in folders
- And after all of that determining the completeness of all of it by employee.
This is HR at its worst state, consuming all strategic time to paper pushing. Workflow automation solves this problem. By gathering documents and consent electronically. With an added bonus of producing the compliance reports by using a document management system.
The purpose of Signatures are to validate and authorize a transaction. Obviously done by physically signing the document. Electronically Signing documents follow the same principle and are exposed to the same problem, forgery.
Hence the use of Cryptographic approaches to digital signing.
Usernames and passwords are not enough
We strongly recommend the use of One Time Passwords (OTP) when moving into digitally signing documents.
OTP provides an added layer of security by using a users mobile phone to ensure the identity of the user.
- Link to Cryptographic HASH - wiki
- Link to Digital Signatures- wiki