As any educational organization, we are in constant need to collect and archive signed documents. With the increased availability of eSignature technology at our University, the College of Education recognizes the need for some guidelines to help faculty and staff to navigate this process.
These recommendations apply to faculty and staff in the College of Education and reflect the administration’s expectations for document safety and privacy vigilance, as well as alignment with the University’s best practices in digital file storage.
A. Data (For original article, visit UW eSignatures page)
Understanding the kinds of data to be collected will have an impact in the safeguards you need to safely manage risks in your data workflows. The electronic signature process involves the collection of personal identifiable information and as such you are responsible of keeping it safe and secured during the whole process. Please remember the following data restrictions:
- HIPAA protected data and credit card data may not be processed via eSignature.
- Consent for the processing of Human Subjects data must follow Office of Research and Human Subjects guidance. (Title 21 CFR Part 11 is not supported)
UW Privacy Values and Principles Guidelines
When deciding what personal data to process via eSignatures, units and departments should follow UW Values and Principles for Privacy. If processing data using a centralized UW form, make sure you use the most current version of the form.
In an effort to minimize privacy risks, the below highly sensitive personal data types require additional data protections and may be governed by laws or regulations:
- Race and ethnicity
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Sex life or Sexual orientation
- Veteran status
- Disability data
- Criminal convictions
For assistance in assessing privacy impacts, please refer to the UW Privacy Office webpage.
Financial Transactions or Activities Guidelines
Documents that reflect or result in financial transactions or activities must not include any organizational or personal financial data, such as bank or credit/charge card account numbers, or other information protected by financial privacy rules and regulations. These documents are subject to a formal risk assessment by the College’s Finance Office.
Check if data collected needs further approval or risk assessment.
B. Retention policies
As you collect signatures and data, please remember to review the data retention policies associated with it. UW’s records Management Services is our official source of information regarding these, and their Retention Schedule should be used as the primary source of information.
C. File management
DocuSign is not a platform to save or archive forms/documents after they have been collected. Depending on the nature of the documents and information collected, you need to be vigilant for the safety and privacy of the data. Please include in your plans secure storage in one of the available cloud storage or Enterprise Document Management solutions.
Please do not hesitate in contacting our team if you have any questions regarding these recommendations.