DocuSign Logo

Sender Responsibilities

As a DocuSign Sender requesting PII (Personally identifiable Information) or FERPA (Family Educational Rights and Privacy Act) data in a DocuSign envelope, you have a responsibility to protect this data upon its storage within DocuSign and to ensure only the appropriate parties have access to this envelope data.

This responsibility includes the assurance that appropriate masking or hiding of information that is considered PII or FERPA protected occurs when using DocuSign.  This includes PII or FERPA protected data as part of an individual field such as Social Security Number or in combination with other Recipient data such as Full GID when in combination with Full Name.

The Sender responsibilities are outlined under the three methods of collecting PII or FERPA data within DocuSign.

When utilizing either the DocuSign application or any DocuSign integrations (Outlook or Word) the creator or initiator of an envelope, the individual selecting “Send an Envelope”, is considered the “Sender” of that envelope.   The “Sender” is responsible for using the “Hide text with asterisks” feature on any Text field added to the document that may request PII or FERPA protected data.

Templates can be created by any DocuSign User with the appropriate permission. Templates can also be shared between DocuSign Users.  When you select the “Use Template” option you are initiating an envelope and you become the envelope “Sender”. Depending on the steps taken and permissions granted to DocuSign Users the Template may be restricted to modification. As a “Sender” you are responsible for ensuring that the “Hide text with asterisks” feature is enabled on any Text field added to the document that may request PII or FERPA protected data. This may require testing the appropriate text fields to ensure data is masked with astericks or contacting the Template owner to ensure PII or FERPA requested data is protected.

Powerforms are created based off a DocuSign Template. The Template owner is converted to be the default DocuSign Powerform “Sender”.  The Powerform owner or a DocuSign Admin are allowed to change the “Sender” of a Powerform as required.  When using a DocuSign Powerform with PII or FERPA protected data, if astericks do not appear in the field that should be protected, upon tabbing or selecting another field, then the Powerform owner should be contacted to ensure appropriate safeguards are in place on the Powerform.

 

exclamation iconThe DocuSign “Attachment Tag” should never be provided on a document if the intent is to request an image or file that contains PII or FERPA protected information. Attachments added via the Attachment tag, by a recipient, cannot have PII or FERPA data masked within the attached image or file.

Hiding Text and Form Data

DocuSign articles outlining the process for Data Masking PII and FERPA as well as how to see this masked data.

 

Data Storage and FERPA

 

Restricted Data

Data Type OK Not OK
Budget Information  
Contracts  
Course evaluations  
Data classified as Public  
Data classified as Restricted  
Employee and student IDs/GIDs (even when combined with names)  
Planning documents  
Staff search committee notes  
Student grades and records  
Bank account numbers  
Data classified as Confidential  
Drivers License numbers  
Passport Visa numbers  
Payroll ACH numbers  
Social Security numbers  
Credit card numbers   X
Research data subject to export controls   X
International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) governed data   X
No Recipient Attachment tags are allowed in the envelope that would contain an image of a document with PII or FERPA data   X

 

 

For further information or questions please contact:


Technology Assistance Center
G100
(406) 771-4440
helpdesk@gfcmsu.edu


Technology Assistance Center
G100
406-771-4440
helpdesk@gfcmsu.edu

edit