8.4 Electronic Records and Security
Key Takeaways
- An electronic journal is mandatory for every electronic notarial act and must be tamper-evident and secure
- RON audio-video recordings must be retained for a minimum of 10 years after the act
- Records must remain accessible to the notary, the Secretary of State, courts, and law enforcement under proper process
- Third-party or platform storage is permitted if it meets NC security standards and preserves notary access
- The 10-year retention duty survives the end of the notary's commission and requires a custody plan
The Electronic Journal
Every electronic notarial act in North Carolina must be entered in an electronic journal — the digital counterpart to the paper journal required of commissioned notaries. It must be tamper-evident (alterations are detectable), secured against unauthorized access, and capture the same substantive entries as a paper record. Unlike a paper journal, which a notary might keep as a single bound book, the electronic journal is typically maintained within the notary's approved platform, with each entry time-stamped automatically.
The journal is the notary's sole property and under the notary's exclusive control; it must not be surrendered to an employer or client, and entries must never be backdated, altered, or deleted, because tamper-evident technology would flag any such change.
| Entry Element | Description |
|---|---|
| Date and time | When the act occurred |
| Type of act | Acknowledgment, jurat/oath, verification |
| Document description | What was notarized |
| Signer information | Name and address |
| Identification method | Credential analysis, KBA, ID type |
| Fee charged | Amount collected |
| RON session identifier | Links the entry to the recording |
RON Recordings and the 10-Year Rule
For every RON session, the entire audio-video recording must be preserved. The retention period is a minimum of 10 years after the date of the remote act — a number the exam loves to test against distractors like 1, 5, or 7 years. The recording must be clear enough to identify the participants and stored in tamper-evident form.
| Record Type | Minimum Retention |
|---|---|
| Electronic journal | 10 years |
| RON audio-video recording | 10 years |
| Copies of notarized electronic documents | 10 years (recommended) |
Security Controls
North Carolina expects defense-in-depth around electronic records:
| Control | Purpose |
|---|---|
| Tamper-evident technology | Detect any post-notarization alteration |
| Access controls | Limit who can open the journal and recordings |
| Encryption | Protect data in transit and at rest |
| Backups | Prevent loss from hardware failure |
| Audit trails | Log every access and change |
Who May Access the Records
Records are confidential but must be produced under proper legal process:
| Requester | Condition |
|---|---|
| The notary | At any time (custodian) |
| Secretary of State | For investigation or audit |
| Courts | By subpoena or court order |
| Law enforcement | With proper legal process |
| Signer/parties | Upon reasonable request, per policy |
A worked scenario: two years after a RON closing, a litigant subpoenas the recording. Because the 10-year clock has not run, you must produce it; if you had deleted it at year one, you would be in violation.
Why Records Matter So Much for RON
In a paper notarization, the signer's ink signature and the notary's wet stamp are themselves the evidence. In a remote act, the recording and journal are the evidence — they are how a court later reconstructs whether the signer appeared, was identified, and acted voluntarily. This is why North Carolina makes the electronic journal mandatory (paper notaries are encouraged but not always required to keep a journal for every act, whereas the electronic journal is required for every electronic act) and why the audio-video recording cannot be skipped or shortened.
If you lose a RON recording, you have effectively destroyed the only proof the session ever happened, which is treated as a serious compliance failure.
Practical Security Checklist
Notaries are not expected to be cybersecurity engineers, but they must exercise reasonable care:
- Use strong, unique passwords and multi-factor authentication on the notary platform.
- Never share login credentials or your electronic signature/seal with staff.
- Confirm the platform encrypts records and offers reliable backups.
- Keep your own list of acts so you can locate a record even if a vendor relationship ends.
- Promptly report any suspected breach of your records to the Secretary of State.
The overarching principle: outsourcing the storage does not outsource the responsibility. If a vendor mishandles your records, the duty to preserve and produce them still rests on you. For that reason, before signing with a platform, confirm in writing how long it retains recordings, how you regain copies if you change vendors, and what happens to the data if the company shuts down.
Third-Party and Platform Storage
A licensed RON platform or third-party repository may hold the records on your behalf, but only if the storage meets NC security standards and you, the notary, retain the ability to access the records. Outsourcing storage does not outsource your legal duty.
Survival of the Retention Duty
When your commission ends — by expiration, resignation, or revocation — the 10-year retention obligation continues. You must arrange custody (a successor custodian or compliant repository) and notify the Secretary of State where the records are kept so they remain available for lawful requests.
Exam Focus
- Electronic journal is mandatory and tamper-evident.
- RON recordings: 10-year minimum retention.
- Third-party storage allowed if secure and accessible.
- Retention duty survives the end of the commission.
For how long must North Carolina RON audio-video recordings be retained?
May a licensed RON platform or third party store a notary's electronic records?