Docusign logo

There are two methods to use when PII and FERPA protected data exist on a DocuSign object. Check the two options below to determine your best option.

Sender Responsibilities

As a DocuSign Sender requesting PII (Personally identifiable Information) or FERPA (Family Educational Rights and Privacy Act) data in a DocuSign envelope, you have a responsibility to protect this data upon its storage within DocuSign and to ensure only the appropriate parties have access to this envelope data.

This responsibility includes the assurance that appropriate masking or hiding of information that is considered PII or FERPA protected occurs when using DocuSign.  This includes PII or FERPA protected data as part of an individual field such as Social Security Number or in combination with other Recipient data such as Full GID when in combination with Full Name.

 Data Storage and FERPA

Restricted Data

Data Type OK Not OK
Budget Information     
Contracts   ✔   
Course evaluations  
Data classified as Public     
Data classified as Restricted  
Employee and student IDs/GIDs (even when combined with names)  
Planning documents      
Staff search committee notes   
Student grades and records  
Bank account numbers  
Data classified as Confidential  
Drivers License numbers  
Passport Visa numbers  
Payroll ACH numbers  
Social Security numbers  
Credit card numbers     X
Research data subject to export controls     X
International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) governed data     X

No Recipient Attachment tags are allowed in the envelope that would contain an image of a document with PII or FERPA data