Legalities Around Data Encryption: Social Security Number

  • Profile Image
    Jrlicht
    Asked on January 03, 2020 at 09:38 PM

    Hi,


    If you have the time I have a quick question... I understand that Jotform is secured via SSL.  Can you point me in the right direction regarding the security of data transfers from Jotform?


    My workflow currently looks like Jotform --> Zapier --> Copper.com.


    I can't encrypt the data transfer from Jotform because Zapier doesn't currently have the functionality to decrypt the data.

    Do you know what other users do with secure information (Specifically Social Security Numbers)?  Any information you can provide me would be helpful.  Thank you.

  • Profile Image
    AshtonP
    Answered on January 04, 2020 at 12:32 AM

    Can you point me in the right direction regarding the security of data transfers from Jotform?

    Jotform has a very powerful cloud of servers whose storage is encrypted and provides security protection against malicious attacks like SQL injection and denial of service (DDOS) attacks. All of our SSL certificates support high-grade 256-bit encryption. Our forms embed codes and the default links we provide are 100% using the HTTPS protocol (SSL)  by default. Therefore, the data transmissions from the person who submits the information to our servers are done in an encrypted manner.

    I would suggest you check this guide as well.

    https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

    Here is a guide on how to receive SSL submissions: http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions

    If you want your form user to know that their data will be sent securely, you can add enable security certificate seal in your form. Here is a guide which you can refer:  http://www.jotform.com/help/131-Enabling-Security-Certificate-Seal-on-Secure-Forms

    I can't encrypt the data transfer from Jotform because Zapier doesn't currently have the functionality to decrypt the data. Do you know what other users do with secure information (Specifically Social Security Numbers)?  Any information you can provide me would be helpful.  Thank you.

    I would like you to visit the following thread to know more about securing sensitive information:

    Thread link: https://www.jotform.com/answers/579678-Securely-transmitting-form-data

    I hope this helps. Please let us know if you need any additional assistance.

  • Profile Image
    Jrlicht
    Answered on January 04, 2020 at 06:50 PM
    Hi,
    Thank you for this information. I read through the links you provided.
    The part about adding a security certificate seal was very helpful, thank
    you. I still have a remaining question.
    My question is pertaining to Server to Server transfers from Jotform -->
    Zapier --> Copper. I understand that the data transfer from the end user
    to Jotform server is secure.
    For server - to - server transfers, my issue is that although I can encrypt
    the data transfer from Jotform, the receiving platforms don't have an easy
    way to decrypt the information.
    We are assuming that the authentication tokens are encrypted, so that data
    should be encrypted, but we are unsure.
    Based on the forums, there are a number of other use cases that are running
    into this issue. Do you see any security issues with collecting sensitive
    data like social security numbers, then subsequently transferring that data
    via Zapier?
    Thanks.
    ...
  • Profile Image
    AshtonP
    Answered on January 04, 2020 at 10:06 PM

    Thank you for giving us more clarification on the issue!

    My question is pertaining to Server to Server transfers from Jotform --> Zapier --> Copper.

    Unfortunately, there is no solution for this.

    For server - to - server transfers, my issue is that although I can encrypt the data transfer from Jotform, the receiving platforms don't have an easy way to decrypt the information.

    When encryption is enabled, the data is already encrypted before it is sent to the Jotform server. So when the form is integrated with any apps, they'd get the encrypted data and there's no way to decrypt it since the encryption key is only stored in your browser locally.

    Do you see any security issues with collecting sensitive data like social security numbers, then subsequently transferring that data via Zapier?

    While you can create the integration to Zapier and send the data to it, please note that the data is encrypted on the side of the user submitting the form. Therefore, the same encrypted data will be passed to your integrations.

    As such, the data itself is rather useless on the integration end since you will not be able to use it, unless, you have a way to decrypt the data on the side of that integration. This may be possible using some services, but this is not something we cover.

    Hope this helps!

    Let us know if you need any additional assistance.

  • Profile Image
    AshtonP
    Answered on January 05, 2020 at 12:04 AM

    I suggest you also refer this thread below if in case it helps you:

    Thread link: https://www.jotform.com/answers/1755528-How-to-Decrypt-Encrypted-Forms-through-API

    Regards.