Question
What are the ITS recommended guidelines for storing and collecting data in Adobe Sign?
Answer
BGSU has issued a number of Data Protection and Records Management guidelines in order to limit the risk and unauthorized access of routine business documentation and sensitive information. These policies outline how University employees may collect, store, process, and transmit data and documentation.
Use cases in Adobe Sign can include all forms of data:
- Public (Ie: BGSU directory info, course description, enrollment stats)
- Limited Access (Ie: BGSU ID numbers, proprietary BGSU info, research data)
- Restricted (Ie: SSN, driver license number, PHI)
Adobe Sign uses multifactor authentication, allowing the application to handle both Public and Limited Access data. However, due to the sensitive nature of Restricted data, Adobe Sign cannot retain documents that include Restricted data elements.
The recommended business process for using Adobe Sign for any documents containing Restricted data elements is below:
- Discuss the use case and process with a member of the ITS Security team.
- Restrict access to the document in Adobe Sign and the document workflow.
- Develop a method of securely sending documents to a permanent and approved document storage system (Ie: OnBase).
- Documents must be purged from Adobe Sign within 7 days.
- Follow University guidelines for document retention using the approved document storage system.
View the ITS Data Protection webpage.
Visit the BGSU Records Management website.
For additional assistance, please contact Information Technology Services at 419-372-0999 or through chat.