We all need to gather information from site visitors from time to time, whether it's an email address or phone number. But did you know that University, state, and federal laws prohibits us from collecting restrictive/sensitive information, such as social security number, credit card information, or financial account information?
Sensitive personal information cannot be collected on your website via forms and should not be gathered via email either. Neither methods are secure and can lead to personal and financial information being compromised. Plus, it can get you and the University into a lot of trouble.
If you need to collect such information, please reach out to the IT security officer, Charles Broome.
If you have a form on your site right now that collects this type of information, unpublish it and reach out to Charles to find out how you should properly collect such data. Web ambassadors who violate the rules will have their privileges revoked and they, along with their supervisors, will face penalties enforced by policy and laws violated by the data types.
Sounds harsh, we know, but it’s the law.
Read more about the IT security policy and pay special attention to the “Application Service Providers” policy. You can also take a minute to learn more about the University's guidelines for classification of data.