Act 7
Electronic Signatures Act
2011
59. Duty of subscriber to keep private key secure.
By accepting a certificate issued by a certification service provider,
the subscriber named in the certificate assumes a duty to exercise
reasonable care to retain control of the private key and prevent its
disclosure to any person not authorised to create the subscriber’s
digital signature.
60. Property in private key.
A private key is the personal property of the subscriber who rightfully
holds it.
61. Fiduciary duty of a certification service provider.
Where a certification service provider holds the private key corresponding
to a public key listed in a certificate which it has issued, the certification
service provider shall hold the private key as a fiduciary of the subscriber
named in the certificate and may use that private key only with the
subscriber’s prior written approval, unless the subscriber expressly and in
writing grants the private key to the licensed certification service provider
and expressly and in writing permits the licensed certification service
provider to hold the private key according to other terms.
62. Suspension of certificate by certification service provider.
(1) Unless the certification service provider and the subscriber
agree otherwise, the licensed certification service provider, which
issued a certificate, which is not a transactional certificate, shall
suspend the certificate for a period not exceeding forty-eight hours—
(a) upon request by a person identifying himself as the subscriber
named in the certificate or as a person in a position likely to
know of a compromise of the security of a subscriber’s private
key, such as an agent, business associate, employee or member
of the immediate family of the subscriber; or
(b) by order of the Controller under section 35.
(2) The certification service provider shall take reasonable
measures to check the identity or agency of the person requesting
suspension.
39