97. Information Technology Act and HR – Digital Signatures and Secure Systems, What HR Must Understand

Digital Signatures and Secure Systems in the Workplace

As HR practitioners, we are now operating in a workplace that is increasingly digital. Processes that were once paper-based, such as employment documentation, agreements, and approvals, are now handled electronically. One of the key elements that enables this shift is the concept of digital signatures.

At a practical level, organisations have started using digital signatures widely because they are faster and more efficient. They also signal that the organisation is moving towards a more digitally enabled way of working. However, it is important to understand what a digital signature actually is under the Information Technology Act and how it differs from what is commonly assumed.

What a Digital Signature Actually Means

A digital signature is not simply anything that appears as a signature on a document. It is not a scanned image of a signature, and it is not a typed name. A valid digital signature must follow a system defined under the Information Technology Act.

This means that a digital signature is created through a recognised and authorised process, and it can be verified. It establishes two things clearly—who has signed the document and that the document has not been altered after it was signed.

Once a document is digitally signed, its contents remain fixed. This is what makes it an original digital document. The integrity of that document is preserved, and it can be relied upon without requiring additional proof that the content has not been changed.

Why Not Every Signature Is a Valid Digital Signature

In practice, many forms of “signatures” are used in organisations, but not all of them are legally recognised as digital signatures. A scanned signature pasted into a document does not qualify. Similarly, typing a name or writing “approved” in an email is not the same as a digital signature.

A valid digital signature must go through an authorised system that allows it to be verified under the law. Without this, the document cannot be treated as a digitally signed original.

This distinction becomes important when documents need to be relied upon for formal or legal purposes.

When HR Should Use Digital Signatures

HR practitioners need to understand when a digital signature is actually required and when a simpler form of acceptance may be sufficient.

In many situations, an email exchange can establish acceptance. For example, when an offer is made through email and the recipient replies agreeing to the terms, that communication may be considered valid acceptance. In such cases, the focus is on the clarity of the offer and the response.

However, there are documents where a higher level of certainty is required. Employment letters, for example, may need to be relied upon over time and may be required as stronger evidence. In such cases, using a digital signature helps establish authenticity and prevents disputes about whether the document has been altered.

This is where HR must differentiate between acceptance and execution. Not every situation requires a digital signature, but where it does, it must be used correctly.

Understanding Reasonable Security Practices

Another concept that is equally important in the digital workplace is that of reasonable security practices and secure systems. Organisations are expected to have safeguards in place to protect their systems and data.

This expectation goes beyond simply having technology infrastructure. It includes ensuring that security is part of how systems are used and managed within the organisation.

Organisations must be able to demonstrate that they have put appropriate safeguards in place. This includes having systems, processes, and policies that are designed to protect data and prevent misuse.

Why Security Is Not Just About Technology

A common perception is that cybersecurity is the responsibility of IT teams. While IT plays a critical role in setting up systems and controls, security is not limited to technology alone.

Security also depends on how employees use systems. How access is granted, how credentials are handled, and how policies are followed all play a role in maintaining secure systems.

This means that cybersecurity is not just about protecting devices or networks. It also involves protecting the information stored within those systems and ensuring that only authorised individuals can access it.

The HR Role in Governing Digital Behaviour

From an HR perspective, the responsibility is to ensure that employee conduct aligns with the security requirements of the organisation. This includes defining how systems should be accessed, how credentials should be used, and how policies should be followed.

HR must ensure that employees understand these expectations clearly. This is not limited to issuing policies. It requires creating awareness, providing training, and ensuring that behaviour is aligned with organisational standards.

Where required, mechanisms must also exist to identify misconduct and take appropriate action. This ensures that policies are not just documented, but are actively enforced.

Why Due Diligence Matters

An important aspect of security under the IT Act is the ability of the organisation to demonstrate due diligence. If an incident occurs, the organisation must be able to show that it had systems and safeguards in place, and that it had taken reasonable steps to prevent the incident.

If such systems exist and are implemented, the organisation is in a position to explain that the incident occurred despite safeguards. However, if systems are absent or poorly implemented, the organisation may not be able to justify its position.

From a HR standpoint, this reinforces the need to ensure that policies, processes, and training programmes are not just created but actively implemented.

Embedding Security and Governance in HR Practices

Technology governance in a digital workplace is not achieved by systems alone. It requires alignment between systems and behaviour.

HR plays a central role in this alignment. By integrating security expectations into HR policies, defining clear standards of conduct, and ensuring consistent implementation, HR enables organisations to function securely and responsibly in a digital environment.

This is not about shifting responsibility from IT to HR. It is about recognising that while IT enables systems, HR ensures that those systems are used appropriately by employees. Both functions must work together to ensure that the organisation remains compliant, secure, and accountable.