forms with sensitive info

  • Profile Image
    dandaponte
    Asked on June 15, 2020 at 12:03 PM

    Hello,


    I just signed up for jotform. I'd like to create a form that could include sensitive (DOB's and SSN's).


    What is the security protocol used?

  • Profile Image
    Sam_G
    Answered on June 15, 2020 at 01:19 PM

    Hi Dandaponte,

    Thank you for contacting Support.

    Yes, it is possible to ask for such information; however, most online form builders, including Jotform, are being used for identity theft. We go to great lengths to prevent this. That is why our Terms mention that SSNs are considered a Phishing activity.

    When you do request SSNs,  chances are that our automated phishing detector will flag the form(s)  and suspend the account.  If this happens you must contact support to whitelist the form and reactivate the account, explaining the purposes of the form(s).

    We know there are businesses that require a Social Security number for legitimate purposes, here are some:

    1. Insurance companies

    2. Credit card companies, lenders, and any other company receiving a credit application from you

    3. The three main credit reporting agencies: TransUnion, Equifax, and Experian

    4. Any company that sells products or services that require notification to the IRS, including:

    - Investment advisors

    - Banks

    -Real estate purchases

    Nevertheless, you must know that since we do store the information in your account, anyone with access to it would also have access to social security numbers. So, in the event of a security breach of your account, this could be an issue.

    So, having this in mind, we encourage you to follow this recommendation:

    Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.

    Here are some widgets you can add to the form (signature fields):

    https://www.jotform.com/widgets/search/signature

    You can also add this Terms of use widget (for the agreement)

    https://www.jotform.com/widgets/terms-and-condition

    In conclusion:  If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list above and if you follow the recommendations; then all this will surely make your forms not to be considered as guilty violating our Terms of Use.

    Please, let us know if you have any questions. 

  • Profile Image
    dandaponte
    Answered on June 15, 2020 at 02:28 PM
    Thank you. I will update our forms to not include this information
    ...