American Bar Association
Science and Technology Section

No. 254436

SUMMARY OF RESULTS

ABA/ACCA SURVEY OF ELECTRONIC COMMERCE PRACTICES

Thomas J. Smedinghoff

McBride Baker & Coles, Chicago, www.mbc.com

In July, 1998, the Electronic Commerce Division of the American Bar Association's Section of Science and Technology, in conjunction with the Law Department Management Committee of the American Corporate Counsel Association, undertook a survey of electronic commerce practices among its members. The survey was designed to obtain a snapshot of the various electronic commerce practices and procedures currently utilized by the members of both organizations in order to obtain a better picture of the overall state of electronic commerce from a corporate and business perspective.

The survey examined six basic categories of issues that arise for businesses conducting electronic commerce as follows:

1. Electronic purchase and sale activities - this section addressed fundamental questions such as whether a business was buying or selling products via electronic commerce, the modes of communication used, the data formats used, payment methods used, and extent of electronic commerce activities.
2. Authentication of messages - this section addressed the procedures utilized by companies to verify the source of electronic messages that they received from outside the company.
3. Document integrity - this section addressed the procedures used by businesses to ensure that electronic messages have not been altered.
4. E-mail practices - this section asked whether companies have e-mail policies, whether they monitor employee e-mail, and how they handled the confidentiality of e-mail messages.
5. Electronic recordkeeping practices - this section examined the electronic recordkeeping practices of businesses, asking whether or not they store records in electronic form, whether they also keep corresponding paper records, how they ensure the authenticity of records, and the like.
6. Writing and signature requirements - this section focused on the electronic commerce response to the legal requirements that transactions be in writing and signed.

The survey did not attempt to measure the extent to which electronic commerce is used by businesses. Rather, it sought to focus on the practices employed by those businesses that do implement electronic commerce activities.

Surveys were mailed to members of the Electronic Commerce Division of the American Bar Association's Section of Science and Technology Law and members of the Law Department Management Committee of the American Corporate Counsel Association. Approximately 1700 surveys were mailed out and a total of 88 responses were received, representing a response rate slightly in excess of 5%. The response rate may be an indication that the extent to which electronic commerce has been implemented among businesses is relatively low. In addition, a low response rate from the ABA's Electronic Commerce Division can be attributed to the fact that many of the attorneys who are members of that Division are employed by law firms rather than corporations, and thus would not necessarily be in a position to respond to the survey.

A copy of the survey that was distributed, with the tabulated results incorporated, can be found below as Appendix A.

To the extent that any general trends can be gleamed from the results of this survey, the following points are noteworthy:

A. Electronic Purchase and Sale Activities

Among those businesses that sell products or services electronically, most were conducted over the Internet. Internet web sites accounted for 28% of sales activities and Internet e-mail accounted for 18% of sales activities. Private VANs and Direct Dial communications represented 14% and 11% respectively. The statistics for purchases were similar. 17% purchased products or services through Internet web sites, and 23% used Internet e-mail. Private VAN and Direct Dial purchases were 16% and 10% respectively.

Information relating to data formats indicates that approximately 20% use the fixed format electronic data interchange (EDI) messages, although the majority use free form e-mail communications or standard form contract (Clickwrap) transactions.

With respect to payment, the responses indicated that most payment is done the old fashion way -- i.e., credit is extended and a check is ultimately sent by mail. However, a rather significant segment of the responses indicated that credit card payments are used or that payments are made after the completion of the transaction via electronic funds transfer. There appears to be very few payments made at the time of the transaction in an electronic manner.

The extent to which electronic commerce is used for purchases and sales varied widely. In most cases, however, the percentages of a company's transactions that were conducted electronically was very low. Approximately 5% of the respondents reported that their electronic sales exceeded 50% of their total sales, and approximately 10% of the respondents reported that their electronic purchases exceeded 50% of their total purchases.

B. Authentication of Messages

How do businesses verify the source of electronic messages that they receive from outside of the company? The vast majority (69%) relied on a simple e-mail return address, and an additional 22% relied on a PIN number or password. Usage of more secure authentication techniques, including encryption and digital signatures, was relatively low. However, 14% of the respondents indicated that they did use digital signatures and digital certificates. Interestingly, use of digitized handwritten signatures was almost non-existent (3%).

C. Document Integrity

How do businesses verify that the messages they have received have not been altered? Based on the limited number of responses, the majority use simple techniques such as repeat back acknowledgments, some use digital signatures, and a large group appears to do nothing to verify document integrity. The same appears to be true for electronic messages sent by such businesses. When it comes to ensuring that messages stored on a company's computer system are not altered, however, it appears that the traditional methods (such as access security and passwords) are the procedures employed. However, only 23% of the respondents indicated the measures they take to ensure that messages stored on their computer systems are not altered.

D. E-mail Practices

Approximately half of the respondents indicated that their company has a formal written e-mail or Internet policy. Nonetheless, a majority of the respondents indicated that they engaged in at least some monitoring of employee e-mail messages. The largest of this group (40%) indicated that they monitored e-mail messages only when violations of company policy or other problems were suspected. Some monitored specific employees suspected in engaging in inappropriate activities, and some monitored on a random basis. Only 5% of the respondents indicated that all e-mail traffic was monitored.

When it comes to the confidentiality of e-mail messages, 28% of the respondents indicated that they used encryption, while 45% of the respondents handled the issue simply by imposing restrictions on the type of information that can be sent via e-mail.

E. Electronic Recordkeeping Practices

With respect to the issue of electronic recordkeeping, the vast majority of the respondents (92%) indicated that they store records in electronic form, but most of them (78%) also keep corresponding paper records. Nonetheless, efforts to ensure the authenticity and integrity of electronically stored records seemed to be minimal, and often limited to things such as access control and periodic backups.

Almost 40% of the companies do address electronic record issues by virtue of record retention policies. Approximately 28% monitored compliance with their electronic record policies.

Professional organizations in which companies participated to benchmark best practices in electronic records management including the following: the Electronic Commerce Division of the Section of Science and Technology, ACCA, AIIM, and the Association of Records Managers and Administrators (ARMA).

F. Writing and Signature Requirements

Do you conduct electronic transactions that are subject to legal writing and signature requirements? Only 25% of the respondents indicated they were in this category. Of those, most indicated that the basis on which they felt the writing and signature requirements were satisfied was either statutory or case law, or they indicated that they proceeded without specific legal authorization.

G. Conclusions

While the foregoing results reflect merely a snapshot of electronic commerce practices, some general conclusions can be drawn. First, and perhaps foremost, the approach to electronic commerce utilized by most businesses does not appear to be the highly sophisticated approach being recommended by experts and the subject of several statutes and regulations. For example, issues such as the authenticity of communications and the integrity of messages do not appear to be receiving much attention. Most respondents appear to be simply engaging in basic electronic commercial activities, often retaining paper records of the transactions. But given that the amount and percentage of transactions that are engaged in electronically by each respondent's business, this reflects perhaps only initial experimentation with this approach to doing business.

ABA/ACCA

SURVEY OF ELECTRONIC COMMERCE PRACTICES

A. Electronic Purchase and Sales Activities

1. Does your company sell or purchase any products or services via electronic commerce? 49% Sell; 51% Purchase; 31% Neither.

Comments:

(a) Advertise services and communicate with clients or potential clients.

(b) No selling, but we do have a web page that provides general info.

No Response 19%

2. What mode(s) of communication does your company use for electronic sales and purchase transactions?

Sales	Purchases
14%	16%	Private VAN
18%	23%	Internet e-mail
28%	17%	Internet Web site
11%	10%	Direct dial
12%	2%	Other (please describe)__________________________

Comments:

(a) EDI (2)
(b) Video Auctions
(c) Using Internet to source and quote only
(d) FPT through the Internet
(e) None
(f) Not Applicable
(g) Mail
(h) Fax, letter or billing to customer
No response = 27%

3. What data format(s) does your company use to create contracts for electronic sales and purchase transactions?

Sales	Purchases
18%	19%	Electronic Data Interchange (EDI)
14%	29%	E-mail (Free form)
4%	17%	Standard form contract (Clickwrap)
4%	2%	Other (please describe) _______________________________

Comments:

(a) You click on a hyperlink on our web page.
(b) Don't know
(c) Telxon orders
(d) Web catalog/Domino merchant
(e) Secure sockets via web site processing
(f) Web form
(g) Proprietary
(h) Customer data formats
(i) Contract exists in hard copy individual orders are released at supplier web site
(j) Initial contract agreements are completed on paper forms
(j) Not applicable
No response = 31%

4. What type of payment methods does your company use for electronic sales and purchase transactions?

Sales	Purchases
34%	36%	Credit - check by mail
19%	18%	Credit - payment by electronic funds transfer
23%	25%	Credit card payment at time of sale
4%	4%	Electronic check at time of sale
8%	11%	Electronic fund transfer at time of sale (credit/debit)
3%	1%	Other (please describe) _______________________________

Comments:

(a) Subscription accounts
(b) Purchases - electronic funds transfer at time of invoice sales - check by mail.
(c) Electronic information given to customers - purchase is by personal meeting/regular mail
(d) Purchase order
(e) Banks
(f) Electronic bill presentment and payment receipt
(g) Not applicable
No responses = 32%

5. What percentage of your transactions are made electronically?

25% (responded) sales; 36% (responded) purchases.

Sales					Purchases
0%	=	(12%)			0%	=	(0%)
0-1%	=	(0%)			0-1%	=	(1%)
1%	=	(2%)			1%	=	(8%)
2%	=	(0%)			2%	=	(2%)
3%	=	(1%)			3%	=	(0%)
5%	=	(11%)			5%	=	(7%)
5-10%	=	(1%)			5-10%	=	(3%)
6%	=	(1%)			6%	=	(0%)
10%	=	(1%)			10%	=	(2%)
11%	=	(1%)			11%	=	(0%)
15%	=	(2%)			15%	=	(1%)
25%	=	(2%)			25%	=	(0%)
30%	=	(1%)			30%	=	(2%)
37%	=	(0%)			37%	=	(1%)
40%	=	(0%)			40%	=	(1%)
45%	=	(0%)			45%	=	(1%)
50%	=	(1%)			50%	=	(2%)
55%	=	(0%)			55%	=	(1%)
70%	=	(1%)			70%	=	(0%)
75%	=	(2%)			75%	=	(1%)
80%	=	(0%)			80%	=	(2%)
85%	=	(0%)			85%	=	(1%)
95%	=	(1%)			95%	=	(0%)
98%	=	(0%)			98%	=	(1%)

Comments

(a) Customers must call 1-800 number with credit card info so not 100% electronic.
(b) Proprietary
(c) EDI transactions
(d) Not applicable
No response = 33%

6. What dollar volume of your transactions are made electronically?

30% (responded) sales; 35% (responded) purchases.

Sales					Purchases
$ 0	=	(8%)			$ 0	=	(7%)
$1,000	=	(1%)			$1,000	=	(1%)
$2,000	=	(0%)			$2,000	=	(1%)
$5,000	=	(0%)			$5,000	=	(1%)
$5-10,000	=	(0%)			$5-10,000	=	(1%)
$10,000	=	(0%)			$10,000	=	(1%)
$12,000	=	(1%)			$12,000	=	(1%)
$50,000	=	(0%)			$50,000	=	(2%)
$90,000	=	(0%)			$90,000	=	(1%)
$100,000	=	(1%)			$100,000	=	(1%)
$500,000	=	(0%)			$500,000	=	(5%)
$1 Mil	=	(1%)			$1 Mil	=	(1%)
$3 Mil	=	(0%)			$3 Mil	=	(1%)
$5 Mil	=	(1%)			$5 Mil	=	(0%)
$7 Mil	=	(1%)			$7 Mil	=	(0%)
$10 Mil	=	(2%)			$10 Mil	=	(0%)
$20 Mil	=	(0%)			$20 Mil	=	(1%)
$24 Mil	=	(1%)			$24 Mil	=	(0%)
$50 Mil	=	(1%)			$50 Mil	=	(0%)
$60 Mil	=	(0%)			$60 Mil	=	(1%)
$168 Mil	=	(1%)			$168 Mil	=	(0%)
$400 Mil	=	(1%)			$400 Mil	=	(0%)
$600 Mil	=	(1%)			$600 Mil	=	(1%)
$1 Bil	=	(1%)			$1 Bil	=	(1%)
$5 Bil	=	(1%)			$5 Bil	=	(0%)
$6 Bil	=	(0%)			$6 Bil	=	(1%)

Comments

(a) Not available
(b) Proprietary
(c) Not applicable
No response = 39%

7. Where are the customers and suppliers located that you sell to and buy from electronically?

Suppliers	Customers
51%	51%	United States
16%	20%	Canada
9%	16%	Europe
3%	5%	Asia
3%	7%	Africa
2%	6%	Australia

No response = 27%

Comments

None

B. Authentication of Messages

1. How do you verify the source of electronic messages that you receive from outside the company?

69%	E-mail return address
22%	PIN or password
3%	Digitized handwritten signature (e.g., a digital image of a signature)
11%	Encryption
12%	Digital signature (i.e., a form of signature created using public key encryption)
11%	SSL certificate
8%	Other (please describe) __________________________________

Comments:

(a) Fax confirmation
(b) Novell Binview
(c) Unknown
(d) Direct contact with sender
(e) If I know them
(f) Depends on what it is for
(g) Lotus Notes has public key/private key encryptions. Servers are cross-certified with trusted Lotus Notes certificate.
(h) Not available
(i) Bank verifies
No response = 15%

2. Do you use digital certificates? 14% Yes; 74% No.

No response = 14%

Comments

(a) Not available

3. If you use digital certificates, who issues them?

8% My company creates and issues the certificates

5% My company issues the certificates, using the outsourced services of a certification authority

8% Outside certification authority

3% Don't know

No response = 83%

Comments

No Comments

C. Document Integrity

1. How do you verify that the messages you receive have not been altered?

29% Repeat back acknowledgment

11% Digital signatures

17% Other (please describe) __________________________________

Comments

(a) Don't
(b) We don't
(c) None
(d) Don't, should
(e) Direct contact
(f) No procedure for verification
(g) Each internet e-mail received within Lotus Notes, is "stamped" with all IP addresses where it passed through en route from sender to receiver.
(h) Acknowledgment reports sent context of message
(i) Functional acknowledgment/comparison of message with physical inventory.
(j) No verification process exists at this time.
(k) 40K version of encryption
(l) Not applicable
No response = 35%

2. How do you ensure the messages that you send have not been altered?

25% Repeat back acknowledgment

10% Digital signatures

20% Other (please describe) ________________________________

Comments:

(a) We don't
(b) None
(c) Don't, should
(d) Don't usually
(e) Direct contact
(f) Within Lotus Notes encryption features are available but do not use.
(g) Proprietary
(h) Not applicable
(i) Functional acknowledgment
(j) SSL encryption
No response = 34%

3. How do you ensure that the messages stored on your computer system are not altered? 23% (responded)

Comments:

(a) Don't
(b) No need, we use an electronic order form via an ISP.
(c) Date stamping and edit identifying with docs open.
(d) We don't
(e) I have sole control
(f) No check done
(g) Back-ups, etc.
(h) Encrypted keys
(I) Password/physical access control and digital signatures, secure hash and timestamp (SURETY)
(j) Programming by information systems group (IS)
(k) Firewalls
(l) Standard security levels
(m) Keep my figures we send at all times
(n) E-mail protected by voice encryption and password
(o) Limited access
(p) Access security
(q) Unknown
(r) E-mail system security
(s) Audit controls and file permission restrictions
(t) Password protection required to alter a message
(u) E-mail system capabilities (internal mail only)
(v) Password protected
(w) Firewall
(x) Nothing in place per se.
(y) Programmatic edit checks
(z) Firewalls
(aa) Messages are indexed and logged to our corporate file automatically upon receipt.
(bb) Firewall, passwords; backup
(cc) Physical and software security
(dd) PIN password
(ee) Various security and backup methods
(ff) Read Only access
(gg) PIN Password
(hh) Security
(ii) Lotus Notes mail boxes are secured with passwords, Ids also. Servers are secured in a locked monitored data center or similar location in our regional offices. Servers secured with Ids, passwords also.
(jj) Firewall
No response = 51%

D. E-mail Practices

1. Does your company have a formal written e-mail or Internet policy? 51% Yes 36% No.

Comments

(a) Six surveyors answered yes and attached copy of policy
(b) One surveyor answered no and attached copy of draft statement
(c) Developing one currently
(d) Policy is considered confidential
No response = 3%

2. Does your company monitor employee e-mail?

5% All messages monitored

18% Messages monitored on a random basis

40% Messages monitored only when violations of policy or other problems are suspected

17% Messages monitored only for specific employees suspected of engaging in inappropriate activities

26% No monitoring

Comments:

(a) Unknown
(b) Not applicable
(c) No monitoring, but policy states "may monitor to ensure the company's legitimate business interest and the proper utilization of its property". But no monitoring has occurred
(d) All e-mail is checked for viruses prior to delivery.
(e) Messages monitored when business needs arise.

No response = 6%

3. How does your company handle confidentiality of e-mail messages (both internal and external)?

28% Encryption

45% Restrictions on what can be sent via e-mail

24% Other (please describe)__________________________________

Comments:

(a) Nothing
(b) None, should
(c) No policy
(d) I'm a solo practitioner
(e) No procedures at present
(f) E-mail policy only
(g) Not applicable
(h) No problems yet. Sensitive materials are not on E-mail
(i) Office of General Counsel has disclaimer form
(j) Unknown
(k) Lotus Notes feature available
(l) All Lotus Notes environment are secured with Ids, passwords, emphasis
on regular password maintenance. Plans to force password changes every
90 days.
(m) Internet and computer policy
(n) Through policy
(o) Encryption within company. Tried NetDox - it did not work well. We had
difficulty getting others to use NetDox, plus the hardware requirements
were onerous.
(p) Policy and we tell employees to expect e-mails not to be confidential.
(q) None - confidential information is not provided via e-mail at this time.
(r) External encryption
(s) Restricted access for security e-mails externally.
(t) Personal Integrity

No response = 20%

E. Electronic Recordkeeping Practices

1. Do you store records in electronic form? 92% Yes; 7% No.

Comments:

No comments

No response = 2%

2. Do you also keep corresponding paper records? 78% Yes; 11% No.

Comments

(a) Sometimes
(b) Confidential HR documents only
(c) For certain things
(d) Unknown
(e) Usually
(f) Generally not
(g) In some cases
(h) Depends

No response = 7%

3. How do you ensure the authenticity of the records? 61% (responded)

Comments:

(a) Normal course of business. Systems documentation, training procedures are kept and followed
(b) Placing reputable people in charge
(c) Don't
(d) Written record
(e) Sole practitioner - maintaining records
(f) Through a QA process within workflow
(g) No updates on images of legal documents (invoices, credit memos, etc.)
(h) Protected by restricted access to computer by voice verification and password
(i) Don't know
(j) Read on images others are not contractual in
(k) We don't
(l) Optical imaging
(m) Encrypted key codes
(n) Physical/password access control and digital signatures
(o) Periodic backup/security levels
(p) Creator checks it
(q) Unknown
(r) I have sole contact
(s) Passwords
(t) Not sure
(u) Check electronic records against written confirmation
(v) Not applicable
(w) Trust
(x) Guess
(y) The network is secure and has identification and redundancy built in.
(z) Individual departments have their own methods of ensuring authenticity and integrity.
(aa) Don't
(bb) Control procedures
(cc) Eventually with audits
(dd) Signatures, employer approvals, etc. are on the electronic image of source documents.
(ee) By using the records
(ff) Responsibility is placed on dept/indiv generating the record; records information center provides awareness training, forms, etc., periodic audits of procedures and operational standards.
(gg) Limit access to database by passwords.
(hh) Password protected with change history and audited.
(ii) Password protection
(jj) File system security
(kk) We don't
(ll) Password protection
(mm) Knowing our customers

No response = 36%

4. How do you ensure the integrity of the records? 44% (responded)

Comments

(a) Following systems processes and procedures
(b) Placing reputable people in charge
(c) Don't
(d) Written record
(e) Sole practitioner maintaining records
(f) Confirm that an update was made to Oracle and the document can be retrieved/updated
(g) Periodic tests of backup/recovery procedures
(h) Access control
(i) Secure storage
(j) No sensitive records are kept electronically
(k) We don't
(l) Optical imaging
(m) Backups
(n) Physical/password access control and digital signatures
(o) Periodic backup/security levels
(p) Creator checks it
(q) Unknown
(r) I have sole control
(s) Passwords
(t) Not sure
(u) check electronic records against written confirmations
(v) Safekeeping
(w) Reference checking
(x) Guess
(y) Firewalls, written record
(z) Backups
(aa) We rely on the private network integrity
(bb) Don't
(cc) Control procedures
(dd) No checking - double in paper form sent to tax authority
(ee) We quality check each electronic document image we file and keep multiple copies on magnetic and optical disk in two locations. We also back up our database nightly and store it in an off-site archived facility.
(ff) By using the records.
(gg) Outside contractor is responsible for account integrity.
(hh) Responsibility is placed on dept/indiv generating the record; records information center provides awareness training, forms, etc., periodic audits of procedures and operational standards.
(ii) Daily audits
(jj) Password protected with change history and audited.
(kk) Comparison to the paper record if a question arises.

No response = 56%

5. Do your company's record retention policies address electronic records? 39% Yes; 43% No. If so, how?

Comments:

(a) Four surveyors responded to question with yes and attached statements or policies.
(b) Three surveyors responded to question with no and attached statements or policies.
(c) Transcripts are stored electronically for certain period of time
(d) Policy statement/controller's manual
(e) Program not yet formalized
(f) We use ACT and a backup system to manage our communication and documents
(g) No policy
(h) Confused and inconsistent enforcement
(i) They are specifically treated in our policies
(j) Developing policy currently
(k) Personal decision
(l) Back up records kept 1 month and destroyed - no other records kept electronically
(m) All mainframe and server files backed up and retained according to specific approval requirements.
(n) Purge dated
(o) Proprietary
(p) Varies within the record, deleted after a period of time.
(q) Off-site storage of electronic media backup copies.

No response = 18%

6. Does your company monitor compliance with its electronic records retention policies? 28% Yes; 47% No.

Comments:

(a) Unknown
(b) Not yet
(c) Unnecessary
> (d) Still implementing
(e) On a department by department basis.

No response = 25%

If so, is enforcement managed by your:

1% Human Resources organization
9% Compliance office
14% Legal Department
30% Other, please identify.

Comments:

(a) MIS Dept.
(b) Finance /ISD
(c) Administrator
(d) Records Department
(e) Internet audit
(f) Tax Dept. and MIS
(g) Finance
(h) Education Dept.
(I) Each department must enforce
(j) Internal audit and IS
(k) IS
(l) Ball is dropped
(m) IS
(n) Upper management
(o) Me
(p) TD
(q) President
(r) MIS/IT
(s) Records retention officer, auditing, corporate services division
(t) Records management
(u) IT Dept.
(v) Internal audit
(w) Administration
(x) Internal audits

No response = 47%

7. Does the system that your company uses for e-mail automatically delete messages after a defined period of time? 50 % Yes; 41% No.

Comments:

(a) 28 days
(b) 120 days
(c) Under review to establish a limit
(d) Just starting to do this and limit space for e-mails to be stored or held.
(e) Deletes deleted messages once a week - does not delete messages that are saved.

No response = 10%

8. Does your company provide records training to employees, consultants and others authorized to use its e-mail systems? 43% Yes; 50% No.

Comments:

(a) No one else authorizes
(b) Not applicable
(c) Not formally but informally from time to time.

No response = 7%

9. Does your company use digital certificates to document employees' reports regarding compliance with conflict of interest, insider trading rules and other company policies? 6% Yes; 84% No.

Comments:

(a) Unknown

No response = 10%

10. In what professional organizations, standard setting bodies and other industry groups does your company participate to benchmark best practices in electronic records management? 45% (responded).

Comments:

(a) None
(b) Not applicable
(c) Unknown
(d) State of Arizona-G/TA
(e) ABA Science and Technology Electronic Commerce Division
(f) Almost none - ABA/ISC
(g) ARMA
(h) Don't know - assume we do - 1.5 has responsibility for records - I'm sure they have policies and standards
(i) Filenet or Aiim
(j) ACCA
(k) Don't know
(l) None that I know of
(m) ASFE, ASCE, ACEC, ACIL, ASTM
(n) Our records manager has MIS background - Association of Records Managers and Administrators (ARMA), EED - Electronic Evidence Discovery Inc. (Seattle, WA)
(o) ABA Information Security Committee
(p) LPM, Computer Law Association, Sci Tech; IBA
(q) ARMA and several others
(r) ARMA, AIIMm ANSI, the Garter Group
(s) AIIM and its affiliates, ARMA
(t) Our IT B.P. is on a board with Automotive manufacturers and one regarding Y2K problem.
(u) ARMA, AIIM
(v) None that I know of
(w) All available
(x) ABA
(y) Development corporations beta test of the product called Domino dpc for electronic document management to ensure compliance with the open document management (ODMA) standards.

No response = 45%

F. Writing and Signature Requirements

1. Do you conduct electronic transactions that are subject to legal writing and signature requirements? 25% Yes; 67% No.

Comments:

(a) Not yet
(b) Not online

No response = 10%

2. If so, what is the basis for your satisfaction of the writing requirement?

8% Electronic records and electronic signatures are authorized by statute in appropriate jurisdiction
13% We rely on case law
9% We proceed without specific legal authorization
3% Other (please describe)______________________

Comments:

(a) Digital Signature Guidelines
(b) EDI transactions pursuant to contract
(c) Master agreements which establish EDI requirements

No response = 3%

G. Comments

1. Use of digital signatures and S/MIME secure e-mail has just begun, and is expected to grow.
2. MIS, merchandising and finance do not involve the legal department in most of these matters so the answers are unknown and cannot easily be obtained. Company prefers that legal department offer advice and involvement only when specifically asked by management.
3. We have no procedures at present. We are looking for guidance, etc. in this area.
4. Some legal opinions are transferred electronically. In that case they are read-only. We're looking into encryption programs for the law department and the firms we deal with.
5. Although insurance is a highly regulated industry, there is very little statutory, regulatory, or case law in Colorado on this issue.
6. Some information unknown - sorry.
7. This questionnaire is too cryptic to elicit meaningful information. All companies use a wide variety of communication/record systems. They also differ from department to department. Is a fax electronic or hard copy. When it is scanned to a record disk does it become electronic. Every finance department uses electronics - they also use hard copy. Internal communications on LAN are more common - the first steps toward electronic commerce. The U.S. Government has dictated electronic commerce - but very, very little of our products fall into this. Do we do electronic commerce - probably not. If purchasing orders over the phone and pays with credit cards - is this electronic? Maybe my company is so far behind I have difficulty with most of these questions - and we are considered "high tech". We're probably high tech in product but not in business practices.

H. Optional Background Information

1. Name of Company:

2. Type of Business:

3. Public or Private:

4. Size of company (annual sales volume):

5. Name and contact information of person responding:

PLEASE RETURN THE COMPLETED SURVEY TO:

Shawn Kaminski
American Bar Association
321 North Clark Street
Chicago, Illinois 60611
Fax: 312/988-6797