Forms Best Practices

Data security concerns the protection of data from accidental or intentional but unauthorized modification, destruction or disclosure of the data you have collected on your site from site visitors. Web Express forms offer site owners several safeguards to limit accessibility to form submission data. The form manager role is an add-on role created to help site owners manage who has access to creating, editing and viewing forms and form data. General good practice, however, goes beyond just the assignment of a form manager on a site. Stringent processes should be put in place to ensure data entrusted to you is managed securely.

Why is Data Security important?

We often become desensitized to the data that we handle in our everyday job. However, somewhere at the University, someone is handling your information, whether it be your email, your physical address, or your employment data, etc. Think about how you want your data handled and use those same measures for handling the data of your site visitors. With identity theft due to the loss of online data a major concern these days, we need to better protect sensitive data stored in electronic form, particularly the personal information that students, employees and others associated with the university have placed under our trust.

Ways of securing your data include:

  • restrict the number of site maintainers who have access to forms. Keep access to particular forms to those individuals who need the content to perform university business.
  • collect the minimum amount of data needed to conduct university business.
  • evaluate what submission data is appropriate to be sent via email.
  • purging of data after collection

Data Storage Consideration

As often as not, information stored in webforms on your site is no longer relevant to current work after four months. Form Managers need to set up processes to manage the data that has been entrusted to them. 

  • Delete all form submissions after four months and if you are collecting more sensitive information, delete form submissions with more frequency, two weeks to a month.
  • Delete all unused forms and the associated data
  • If a form is used periodically on a site, set the form status to closed when not in use.

Data Sharing via email

Web Express forms allow form managers to set up form submission notifications. By default, notification emails include all the form data. Form Managers need to consider what form data is appropriate to be transmitted via e-mail and alter submission email notifications to ensure responsible handling of their submission data. 

Form Permissions

Assign other users to edit and access submissions who need the data directly for their work.  It is best to limit access to form data to the few people who need the data. Reassign form ownership when a form manager will no longer be editing your site

Final Considerations

Before creating your form you will need to think about what personal information is being collected, why you need this, what you are going to do with it, how it will be stored, for how long, and who else will have access to the information.  If you take better control of the sensitive personal information under your care, you can reduce the risk of data breaches.