E-signature Keys: Storage and Destruction Rules

Media outlet Deals has published clarifications on the handling of employees’ personal qualified electronic signature (QES) keys. This issue is relevant for state institutions as well as private businesses actively using electronic document management and qualified electronic trust services.

According to Resolution of the Cabinet of Ministers of Ukraine No. 749 and the Law of Ukraine “On Electronic Trust Services,” the personal key of an electronic signature belonging to an employee who is dismissed or transferred to another position is not subject to storage by the institution. Instead, such a key must be destroyed using a method that makes its recovery impossible. The responsibility for organizing the use of electronic trust services within a state institution lies with its head or a designated department/employee.

It is important to distinguish between personal keys and public key certificates. The permanent storage of all issued qualified public key certificates is the responsibility of qualified electronic trust service providers (formerly Accreditation Centers of Certification Keys). The list of typical documents, approved by Order of the Ministry of Justice of Ukraine No. 578/5, confirms that it is the QES/ES certificates that are stored permanently, but this applies to service providers, not directly to enterprises.

This information is valuable for Ukrainian businesses and the Intecracy Group audience for several reasons:

• Ensuring Legal Compliance: Understanding these regulations helps businesses adhere to legal requirements regarding electronic document management and data protection.
• Enhancing Data Security: Proper destruction of personal keys minimizes the risks of unauthorized access and misuse of electronic signatures after an employee’s departure.
• Optimizing Internal Processes: Clearly defining procedures for handling QES/ES keys simplifies HR processes and interactions with electronic services.

Source: Deals

Source: Deals