Using Docusign with PII and FERPA Protected Data
There are two methods to use when PII and FERPA protected data exist on a DocuSign object. Check the two options below to determine your best option.
Sender Responsibilities
As a DocuSign Sender requesting PII (Personally identifiable Information) or FERPA (Family Educational Rights and Privacy Act) data in a DocuSign envelope, you have a responsibility to protect this data upon its storage within DocuSign and to ensure only the appropriate parties have access to this envelope data.
This responsibility includes the assurance that appropriate masking or hiding of information that is considered PII or FERPA protected occurs when using DocuSign. This includes PII or FERPA protected data as part of an individual field such as Social Security Number or in combination with other Recipient data such as Full GID when in combination with Full Name.
Data Storage and FERPA
Restricted Data
| Data Type | OK | Not OK |
|---|---|---|
| Budget Information | ✔ | |
| Contracts | ✔ | |
| Course evaluations | ✔ | |
| Data classified as Public | ✔ | |
| Data classified as Restricted | ✔ | |
| Employee and student IDs/GIDs (even when combined with names) | ✔ | |
| Planning documents | ✔ | |
| Staff search committee notes | ✔ | |
| Student grades and records | ✔ | |
| Bank account numbers | ✔ | |
| Data classified as Confidential | ✔ | |
| Drivers License numbers | ✔ | |
| Passport Visa numbers | ✔ | |
| Payroll ACH numbers | ✔ | |
| Social Security numbers | ✔ | |
| Credit card numbers | X | |
| Research data subject to export controls | X | |
| International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) governed data | X | |
|
No Recipient Attachment tags are allowed in the envelope that would contain an image of a document with PII or FERPA data |
X |