This article contains important information about data security and the use of webforms.
Target audience: McGill Web site managers
In this article:
Site managers have a responsibility to protect the user data that they collect via forms on WMS sites. In particular, Personal Information (PI) and Personal Health Information (PHI) can only be collected under circumstances that adhere to government privacy regulations. Payment Card Industry (PCI) data (for example, anything involving credit or bank cards) cannot be collected under any circumstances.
On McGill websites, Personal Information (PI) can only be collected using Microsoft Forms. Exception: The file upload component in Microsoft Forms is currently only available on forms that require authentication, therefore, forms that collect PI or PHI (with consent) from the public will not be able to include attached files. In this case, WMS Webforms can be used on the condition that the submission be emailed to a McGill email address and expired from the database immediately.
PI includes information unique to the person. Examples include:
Personal Health Information (PHI) includes any information related to a person's health, and can only be collected with consent, using Microsoft Forms. To gather consent, the form must include a checkbox with a message that has been approved by legal services. If you are part of a unit or department that regularly collects health information, check to see if a standard message exists.
In most cases, webforms should require users to sign in (authenticate). Restrict the form by unchecking "anonymous user" from the Submission Access settings and select only the role(s) that should be allowed to submit the form. Note: the role "authenticated user" includes anyone with McGill credentials. (In some cases, a more targeted role can be chosen such as "McGill Staff and Faculty" if appropriate.)
The Email feature allows an email to be sent to one or more individuals when the form is submitted. Webform contents can be sent to McGill email address only.
To reduce risks associated with the collection and storing of certain types of sensitive data, Webform submissions automatically expire after 40 days. Site managers will need to manage this data outside the WMS, as well as manage the regular download of results, and take this into account for some configuration options (e.g., submission limits) for forms that will be active longer than 40 days. The expiration date is based on the time of submission.
Please see Viewing and downloading results of webform submissions in the WMS for instructions on how to download your form results and how to set a shorter retention period, including immediate expiration in the case of the collection of PII or PHI (with consent) from the public.