Collecting sensitive information: Do I have to use a secure form?

  • Profile Image
    Asked on October 27, 2014 at 01:59 PM

    I have been asked to look at whether a client MUST to have an SSL form.

    He is an accountant and wants to collect sensitive data such as dates of birth, addresses and National Insurance numbers all on the same form.  I have advised that he would have to subscribe to you higher packages as he would have to have SSL submissions.

    I am assuming that if he did have a secure form then you would be happy for him to collect such data.

    Can you advise what action you would take if he collected this type of data without your higher package and he did not use a secure form.  Would you remove his account from your systems?

    Many thanks

  • Profile Image
    Answered on October 27, 2014 at 04:31 PM

    As stated in our Terms

    "If a form is created or JotForm is found to be used to: Obtain credit cards sensitive information, get social security numbers, show content with child pornography. Or if a form was made to steal user login credentials. All these activities are considered as Phishing and any account along with the guilty forms will be suspended immediatel"

    In light of that Date Births are not considered by our Terms. On regards to National Insurance numbers, is this the same as Social Security numbers?  While SSN numbers are not considered "illegal" per se, they are still sensitive and we might consider suspending an account if we determine the form shows a suspicious activity.

  • Profile Image
    Answered on October 27, 2014 at 04:54 PM

    I think you may have mis-understood the question.  This is not a phishing form.  He is asking clients to fill in data so that they can carry out work on their behalf.

    He is not obtaining information illegally or stealing it.Nor is he using it to sell illegal material.  We would not allow such activities to take part on sites we have any connection with.

    NI numbers are similar to Social Security Numbers.  Again these are provided with the consent of the person submitting the information to enable the company to submit details for tax purposes.

    The form would have the content as shwn here.

    I have advised that you would insist on the upgraded account for security measures.  I am simply wanting to verify if this is the case.



  • Profile Image
    Answered on October 27, 2014 at 06:04 PM

    Free accounts are exclusively monitored by our phishing filter, which automatically suspends any account at the moment it finds anything suspicious. In this way it is better to have a paid plan, as they have form reviewers assigned to check phishing forms and only after confirmation they are suspended. 

    The case of using secure forms to collect sensitive data:

    There is some legislation that is different from country to country and it is up to the user to comply with his country's laws on this matter (i.e. HIPPA regulation). On our side if we consider that the form has suspicious activity the account will be suspended.

    If you wish you can show us later the form or let us know the form's content so we can analyse it specifically. Nevertheless the form should state terms and conditions for collecting the information.

    Let us know if we can assist you further.