We face the following data security issue with using AdobeSign:
Our Company needs to send out several employment contracts containing sensitive Data (PII) for signature.
After both parties have signed the document, the contracts are sent unencrypted as an e-mail attachment to all involved parties. This process does not meet the GDPR requirements.
We found the possibility to protect the documents with passwords. But since it is necessary to enter these passwords every time you want to open the saved document afterward, this option is not practicable for us. We would have to store extensive lists with all these passwords for the employment contracts.
Under “Global Settings” I have the option to choose that no PDF copies are sent to the involved parties after signing. This sounds good at a first glimpse, but after trying this option, I noticed that the e-mail that informs the parties that signing is completed, contains a link to the document. Clicking on this link, the unencrypted signed document is fully visible to anyone who gets access to this e-mail and the link.
Therefore, this option does not work for our purposes to use AdobeSign for the signature of documents containing PII.
Is there any idea what’s the best practice approach using AdobeSign and still meeting the GPDR requirements? Maybe it is possible to password protect the link to the PDF instead of the PDF itself?