Forms can be used to collect all sorts of information about end users - even personal information that’s important to keep secured. It’s important not only to be aware of the features Forms uses to keep information secure, but also to think about what sorts of information you request and store. This article will walk you through some best practices for how to follow best practices when collecting sensitive data with a form.
In this Article
- Securing personal information
- HTTPS encryption and data protection
- Utilize third party systems
- Legal considerations and data privacy regulations
- More best practices for data privacy with forms
Securing personal information
Although it's easy to capture personal information such as a Social Security number (SSN), storing that data may expose your school to significant legal responsibilities and liabilities, depending on where it's located.
HTTPS encryption and data protection
Data to and from Finalsite is protected by standard HTTPS encryption. For highly sensitive data like credit card information or SSNs, it is best to use dedicated, secure connections. Finalsite ensures this by routing users through a highly secured connection for transactions, returning them to Finalsite once the process is complete.
Utilize third party systems
Schools should use dedicated systems for any data that can be associated with individual users, such as financial information, admission information, and so on. Finalsite does not support the collection of personally identifiable or financial information via forms, even over a secure HTTPS connection.
Forms are not HIPAA Compliant
Finalsite forms are not HIPAA compliant and should never be used to collect health information as well as SSNs or banking information. Even though the connection between the end user and the server is secured, storing such information after it has been collected may present serious issues.
Legal considerations and data privacy regulations
Here are some best practices and considerations to follow with regard to compliance with legal and data privacy regulations:
- Obtain accurate information from a local attorney about restrictions and consequences related to collecting and storing sensitive information.
- Higher education institutions in the United States must comply with data security regulations under The Family Educational Rights and Privacy Act (FERPA).
- Schools in other countries may operate under similar laws.
- Individual US states have their own laws regarding the collection of personally identifiable information.
More best practices for data privacy with forms
- Ask your administration for district and school data privacy policies. Most schools already have dedicated systems in place due to existing data-privacy regulations.
- Slight adjustments in procedures may be needed to keep private information secure.
- If collecting SSNs on admission applications, the Admission office should have data-privacy procedures as part of their workflow.
- Avoid complicating matters by not using the website for sensitive information.
- Keep web forms free of sensitive information to avoid restrictive data-storage regulations.
- Use unique, random identifiers to track user files instead of SSNs.
- Request unique identifiers on web forms rather than SSNs whenever possible.
Comments
Please Sign in to leave a comment if you don't see the comment box below.