Title

Electronic Signatures (DocuSign)

Description

This report reviews the privacy implications of The Federal Bridge Corporation Limited’s (FBCL) use of DocuSign for electronic signatures on documents such as contracts, invoices, MOUs, and offer letters.

Why a privacy impact assessment was completed

The tool replaces a less secure Adobe function, aiming to improve document validity, authority, and traceability. FBCL seeks to reduce fraud risks through certified, trackable signatures and efficient workflows.

Personal information involved will primarily relate to HR documents, though the assessment covers all standard document types. As required by federal privacy policies and the Treasury Board Secretariat, FBCL conducted this Privacy Impact Assessment (PIA) to ensure compliance and enhance data security.

Additional information

During the PIA two privacy risks were identified, these included:

  • Specify and identify specific retention time controls.
  • Validate technological safeguards for the proposed application.

To mitigate this risk the following has been implemented:

  • Since DocuSign is not the main information management tool, it is recommended that FBCL create and implement a process to ensure that all signed documents within DocuSign are downloaded and saved to an accepted corporate tool like GCDocs and Dayforce. Signed HR related documents will be removed from e-signature upon completion, while other signed documents will be removed within 6 months reducing the risk to exposure.
  • Since protection of personal information is a priority for FBCL, the data collected while at rest in the DocuSign application must be properly secured. It is recommended that FBCL provide evidence of adequate technological safeguards from DocuSign.

Related personal information banks

The following are the related personal information banks for this PIA:

  • HR- Staffing FBCL PSE 902;
  • Contract Files FBCL PPU 015;
  • Financial Files FBCL PPU 020; and,
  • Professional Services Contract FBCL PSU 912.

For more information about this privacy impact assessment

Remi Paquette

FBCL’s Privacy Officer

rpaquette@federalbridge.ca (613) 366-5074 x120