(1) When a person uses an electronic signature device to create the person's electronic signature, the code or mechanism must be unique to that person at the time the signature is created.
(2) An authorized signatory may not allow another person to use the electronic signature device unique to his or her electronic signature.
(3) A signatory shall protect his or her electronic signature device from use by any other person and shall report to the department staff member designated in the rule, permit, or license, within one business day of discovery, any evidence that the security of the device has been compromised.