What's the best practice approach using Adobe Sign to sign documents containing PII?

Report · Mar 20, 2020

We face the following data security issue with using AdobeSign:

Our Company needs to send out several employment contracts containing sensitive Data (PII) for signature.

After both parties have signed the document, the contracts are sent unencrypted as an e-mail attachment to all involved parties. This process does not meet the GDPR requirements.

We found the possibility to protect the documents with passwords. But since it is necessary to enter these passwords every time you want to open the saved document afterward, this option is not practicable for us. We would have to store extensive lists with all these passwords for the employment contracts.

Under “Global Settings” I have the option to choose that no PDF copies are sent to the involved parties after signing. This sounds good at a first glimpse, but after trying this option, I noticed that the e-mail that informs the parties that signing is completed, contains a link to the document. Clicking on this link, the unencrypted signed document is fully visible to anyone who gets access to this e-mail and the link.

Therefore, this option does not work for our purposes to use AdobeSign for the signature of documents containing PII.

Is there any idea what’s the best practice approach using AdobeSign and still meeting the GPDR requirements? Maybe it is possible to password protect the link to the PDF instead of the PDF itself?

Report · Sep 27, 2021

Were you ever able to find an acceptable solution to this dilemna?

We are in the same boat...

Thanks.

Report · Sep 30, 2021

The link you mentinon can be protected by a login and since the last release can also be protect by the same 2 factor method if any was used.

the link itself can simply be exluded as well.

for the former option contact support, for the latter there's a setting in account settings.

Also check with your email admin, if encryption is support in your email setup, then the emails are send encrypted via tls 1.2

Report · Mar 17, 2022

Thanks for this information. I will refuse using Adobe Sign with documents that contain social security numbers, since it is so easy to accidentally distribute the document unencrypted. If by default all information is encrypted, I would be more enclined to use it.

Report · Oct 23, 2023

Hi yvonnef50815421,

Sorry, can I check with you which Adobe license are you using to access this Disable Attachment in the email notification, please?

Thank you

Adobe Community

What's the best practice approach using Adobe Sign to sign documents containing PII?