Introduction: FORM SECURITY
Form security. The forms I’m talking about specifically in this blog are forms that are used to collect information in an organized and intelligent manner. These can range from a Google Form to a tax form. On your website, you’re likely to have a contact form or if you run an e-commerce business, an order form.
So obviously, you need to keep these forms secure. If your form isn’t encrypted, that means that a third party could possibly intercept any and all information you or your audience/customers enter in the form. Unless you’re a five-year-old, you’d know that this is actually terrible. If you or your customers had their PII stolen, it’s a huge mess that the creator of the form has to fix.
Personally Identifiable Information (PII)
Taking into account forms, you need to know what PII is. What is PII? Well as it says in the header, your PII is your personally identifiable information. This can range from anywhere like your name, phone number, bank details, and any other information that could be used to identify you online.
Health Insurance Portability and Accountability Act (HIPAA)
Now you may not use HIPAA in an e-commerce business, but if you sell anything medical or are creating a form for a medical agency, you need to know what it is. HIPPA, or Health Insurance Portability and Accountability Act of 1996, was an act enacted and signed by the United States government back in ’96. To summarize the act, it’s a rule that essentially says that a patient’s medical information can’t be shared without the patient’s knowledge or consent.
What does this mean for you, a web developer? It means that if you’re hired to make a HIPAA-compliant form, you have to make sure the form is secure so that the information is not easily leaked (and so you don’t get sued). This means making sure the form is encrypted and has some sort of security program to make sure the data is safe both in your database and as it’s being entered.
Family Educational Rights and Privacy Act (FERPA)
Next up for what you should consider when you’re thinking form security, FERPA. The Family Educational Rights and Privacy Act of 1974 is an act that states that the parent or guardian of a student has the right to access the child’s educational records (at least until the child becomes a legal adult).
What does this mean for your forms and what you should be doing in terms of security? This is similar to HIPAA, but it basically just means you should be doing your best to make sure any education-based forms are secure and keep the privacy of the student as a priority.
Payment card industry compliance (PCI)
