- TomWeisAsked on September 30, 2016 at 07:19 PM
- BorisAnswered on October 01, 2016 at 02:34 AM
Phishing. You agree that Company may terminate your JotForm Service immediately if a form's purpose is found to be deceptively obtaining: sensitive credit card information, social security numbers, user login credentials, or other sensitive personal information. All these activities are considered as Phishing and any account along with the violating forms will be suspended immediately.
Collecting Sensitive Information. You may not use the JotForm to collect certain types of sensitive information, including but not limited to credit card information and any type of login credentials. You may collect some sensitive information such as social security numbers or driver’s license numbers, but you are required to use best security practices of JotForm including SSL and Encrypted Forms features. You are solely responsible for compliance with any data protection and privacy laws and rules applicable to the sensitive information.
Collection of SSN itself is not illegal. According to this site https://www.privacyrights.org/consumer-guides/my-social-security-number-how-secure-it in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.
However, some states in the USA have imposed restrictions on a business soliciting SSN's. Online form builders, including JotForm, have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms will mention SSNs are considered as a Phishing activity.
Therefore, when you do request SSNs, chances are that our automated phishing detector will flag the form(s) and suspend the account. If this happens you'll have to contact support to whitelist the form and reactivate the account, explaining the purposes of the form(s).
However, we recognize that there are businesses that require a Social Security number for legitimate purposes, here are some:
• Insurance companies
• Credit card companies, lenders, and any other company receiving a credit application from you
• The three main credit reporting agencies: TransUnion, Equifax, and Experian
• Any company that sells products or services that require notification to the IRS, including:
• Investment advisors
• Real estate purchases
• Financial transactions over $10,000, such as automobile purchases; and other financial transactions
Nevertheless, you must know that since we do store the information in your account, anyone with access to your account would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue.
So, having all this in mind, we encourage you to also collect consent from your users to provide you with their SSN. This will ensure that your users willingly provided their SSN to you, and so that in case your forms get suspended by our automatic tools, our team can review the forms and re-enable them quicker.
You can do this by adding a textual agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.
Here are some widgets you can add to the form (signature fields):