Use of personal code in e-signature: what should you know?

Have you ever noticed that e-signature metadata always contains a person’s personal code? Why is it there and why a personal code is not your secret and private information? For all the answers read this blog post.

In Lithuania, people still tend to believe that a personal code is a private information and revealing it is a very bad thing. Thus, we sometimes get a question whether it’s possible to avoid showing personal codes in e-signature metadata. For example, sometimes public institutions don’t want that because employees sign documents and send them to citizens in this case revealing their personal data for the public because of work activities.

Well, the truth is, it’s not possible to hide personal codes from e-signature certificates and thus metadata. Law of the Republic of Lithuania on Electronic Identification and Trust Services for Electronic Transactions states that “The code of a person who has been issued the certificate for electronic signature may be used in the certificate for electronic signature as an additional specific attribute, where it is needed for the intended purpose of the certificate. The use of the code of a person who has been issued the certificate for electronic signature or the absence thereof shall not affect the interoperability and recognition of electronic signatures.”

This means that Trust Service Providers that issue e-signature certificates have decided that this information is necessary in order to identify a person. Why? Using only person’s name and surname it’s impossible to identify a person unambiguously and impeccably as there are a lot of persons with the same name and surname. Therefore, the only non-misleading data is a personal code; and on the internet, personal code being used in a qualified certificate equates with persons’ passport. In addition, all the information systems developed by both private and public sectors are built in a way that personal codes are used as unique identifiers of people and so the codes are a must in e-signature certificates.

By the way, in most of other European countries a personal code is public information. E.g., in Iceland, it’s an identifier of a person just like a name and a surname. It is important to know that a personal code is not a valuable information on its own, it’s not possible to use it for fraud or anything else, so there is no need to be afraid to reveal it.

In case you’re a legal person and you don’t want personal codes of people signing documents to be visible, there is a solution for you — you can use e-seal in your organisation. E-seal certificate is issued only to legal persons rather than private ones, so there is no personal information in metadata, only the information of a company or organisation. E-seals are used to ensure the origin and integrity of documents or data. Read more about e-seals here.