Hello, @Rob 

Welcome to the DocuSign Community!

Are DocuSign envelopes encrypted?
Yes. DocuSign protects your highly confidential information by encrypting and making every document tamper-evident. Authentication options help prove that signers are who they say they are at the time of signing, helping ensure your documents have non-repudiation in a court of law.

Besides the encryption used in the envelopes, you can, for example, add a Text Field in a document, named it as SSN, use the validation rule for SSN fields and format it to Hide Text with asterisks. On this manner, other recipients will not see the SSN value only the sender can get this information.

BTW, due the high security implemented by DocuSign, the USA government agencies utilize DocuSign.

I hope that helps,

Alexandre 

@Rob I would suggest a few items as there can be Security related weaknesses in any process. 

1. If using any PII or FERPA protected data it would be important not to send an attachment with a completion notification.
2. If attachments are enabled in the completion notification then I would recommend using the feature for “hiding data with astericks” on the field properties where the SSN/ID is being entered.

Remember emails can be forwarded, or compromised and if the field data is protected by using the astericks or sending no attachments in the notification, then it makes it that more secure.

Where can email attachments be disabled?

@Alexandre.Augusto and @David.Schmitz, we are trying to protect SSN data but have not figured out an effective and efficient way of doing that. We have tried:

1. Use “Hiding data with asterisk” field - unsuccessful because we cannot find how to then access the SSN data, which we do need.
2. Disable “Attach documents to completion email” - unsuccessful because A) this disables attachments across all of our user accounts and templates because they are all associated with our one DocuSign umbrella account. It was recommended to us that we might be able to setup a sub-account, which we have reached out to DocuSign Support about. And, even if this we disable attachments for just select envelopes it will still only be marginally more secure and is not really a viable solution.

Can you educate me on how to access the hidden SSN data mentioned in #1 or recommend  other approaches?

Thank you.

@lg125689 Here is info on the “Form Data” option which is how masked data is viewed.

https://support.docusign.com/s/document-item?language=en_US&bundleId=oeq1643226594604&topicId=fsi1578456281795.html&_LANG=enus

Secondarily we have a secondary DocuSign Account, a sub account we dedicate to PII and FERA data and have the attachments turned off. Users are added to and directed to use this sub account when sending an envelope with any PII or FERPA data and this allows the setting to impact the sub account and then we have attachments on for the main account. You would need to speak with DocuSign to see if this secondary account option is available to you.