|
|
F.S. 117.295117.295 Standards for electronic and online notarization; rulemaking authority.—(1) For purposes of this part, the Department of State may adopt rules necessary to implement the requirements of this chapter and to set standards for online notarization which include, but are not limited to:(a) Improvements in technology and methods of assuring the identity of principals and the security of an electronic record, including tamper-evident technologies in compliance with the standards adopted pursuant to s. 117.021 which apply to online notarizations. (b) Education requirements for online notaries public and the required terms of bonds and errors and omissions insurance, but not including the amounts of such bonds and insurance policies. (c) Identity proofing, credential analysis, unauthorized interception, remote presentation, audio-video communication technology, and retention of electronic journals and copies of audio-video communications recordings in a secure repository. (2) The Department of State shall:(a) Adopt forms, processes, and rules necessary to accept applications from and register online notaries public pursuant to s. 117.225. (b) Publish on its website a list containing each online notary public, the online notary public’s RON service providers from January 1, 2022, and thereafter, the effective dates during which the online notary public used each RON service provider, as identified pursuant to ss. 117.225(5) and 117.265(5)(b), any secure repositories to which the online notary public may have delegated his or her duties pursuant to s. 117.245(4) from January 1, 2022, and thereafter, and the effective dates of that delegation. (3) Until such time as the Department of State adopts rules setting standards that are equally or more protective, the following minimum standards shall apply to any online notarization performed by an online notary public of this state or his or her RON service provider:(a) Use of identity proofing by means of knowledge-based authentication which must have, at a minimum, the following security characteristics:1. The principal must be presented with five or more questions with a minimum of five possible answer choices per question. 2. Each question must be drawn from a third-party provider of public and proprietary data sources and be identifiable to the principal’s social security number or other identification information, or the principal’s identity and historical events records. 3. Responses to all questions must be made within a 2-minute time constraint. 4. The principal must answer a minimum of 80 percent of the questions correctly. 5. The principal may be offered one additional attempt in the event of a failed attempt. 6. During the second attempt, the principal may not be presented with more than three questions from the prior attempt. (b) Use of credential analysis using one or more commercially available automated software or hardware processes that are consistent with sound commercial practices; that aid the notary public in verifying the authenticity of the credential by analyzing the integrity of visual, physical, or cryptographic security features to indicate that the credential is not fraudulent or inappropriately modified; and that use information held or published by the issuing source or authoritative source, as available, to confirm the validity of credential details. The output of the credential analysis process must be provided to the online notary public performing the notarial act. (c) Use of audio-video communication technology in completing online notarizations that must meet the following requirements:1. The signal transmission must be reasonably secure from interception, access, or viewing by anyone other than the participants communicating. 2. The technology must provide sufficient audio clarity and video resolution to enable the notary to communicate with the principal and any witness, and to confirm the identity of the principal and any witness, as required, using the identification methods described in s. 117.265. (4)(a) A RON service provider must file a self-certification with the Department of State, on a form adopted by department rule, confirming that its audio-video communication technology and related processes, services, software, data storage, or other services provided to online notaries public for the purpose of directly facilitating their performance of online notarizations satisfy the requirements of this chapter and any rules adopted by the Department of State pursuant to this section. Each certification shall remain active for a period of 1 year after the date of filing. The Department of State must publish on its website a list of each RON service provider that has filed a self-certification, the date of filing of the self-certification, any secure repositories to which the RON service provider may have delegated its duties pursuant to s. 117.245(4) from January 1, 2022, and thereafter, and the effective dates of that delegation. (b) A RON service provider is deemed to have satisfied tamper-evident technology requirements by use of technology that renders any subsequent change or modification to the electronic record evident. (5) In addition to any coverage it elects to provide for individual online notaries public, maintenance of errors and omissions insurance coverage by a RON service provider in a total amount of at least $250,000 in the annual aggregate with respect to potential errors or omissions in or relating to the technology or processes provided by the RON service provider. An online notary public is not responsible for the security of the systems used by the principal or others to access the online notarization session. (6) A 2-hour in-person or online course addressing the duties, obligations, and technology requirements for serving as an online notary public offered by the Florida Land Title Association; the Real Property, Probate and Trust Law Section of the Florida Bar; the Florida Legal Education Association, Inc.; the Department of State; or a vendor approved by the Department of State shall satisfy the education requirements of s. 117.225(2). Each such provider shall make the in-person or online course generally available to all applicants. Regardless of membership in the provider’s organization, the provider shall charge each attendee the same cost for the course unless the course is provided in conjunction with a regularly scheduled meeting of the provider’s membership. (7) The rulemaking required under this section is exempt from s. 120.541(3). (8) A RON service provider may not use, sell, or offer to sell or transfer to another person for use or sale any personal information obtained under this part which identifies a principal, a witness, or a person named in a record presented for online notarization, except:(a) As necessary to facilitate performance of a notarial act; (b) To administer or process a record provided by or on behalf of a principal or the transaction of which the record is a part; (c) To detect fraud, identity theft, or other criminal activities; (d) In accordance with this part and the rules adopted pursuant to this part or any other applicable federal, state, or local law, or to comply with a lawful subpoena or court order or a lawful request from a law enforcement or regulatory agency; (e) To monitor and improve the audio-video communication technology and related processes, services, software, data storage, or other services offered by the RON service provider to online notaries public for the purpose of directly facilitating their performance of online notarizations; or (f) In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit of a RON service provider, or the dissolution, insolvency, or cessation of operations of a business or operating unit, if limited to such personal information held by that business or unit and any transferee agrees to comply with the restrictions set forth in this subsection. History.—s. 16, ch. 2019-71; s. 10, ch. 2021-137.
| |