It is crucial to safely handle collected data from webforms. The following information explains the best practices on the type of information (protected data) that should not be collected.

Protecting Data

Generally a webform should only ask for and collect information labeled by the University as “Public”. Public data is classified as data that is public, or published with no restrictions. Examples include published “white pages” directory information, maps, academic course descriptions, and news releases. By collecting public data it is crucial to protect the webform user’s privacy. Disclaimer: The Drupal/Sitenow service is HIPAA compliant and could potentally be used to collect higher level information. This could lead to privacy issues and is best to first consult the IT Security Office.

There are many regulations being put into place around data privacy. It is crucial to understand what data is being collected and how it is being used. The privacy information may need to be published at some point in order to maintain compliance. Please contact the Information Security and Policy Office or refer to the University privacy information for guidance.

For more information regarding precautions, policy, and the security of data, contact the IT Security Office at

Information Security

The overall sensitivity of institutional data encompasses not only its confidentiality, but also its integrity and availability. Many confidentiality obligations exist, such as those required for personal information and to meet contractual or regulatory requirements. Integrity, or trustworthiness, of institutional data must also be considered and aligned with institutional risk; that is, the impact on the institution should the data not be accurate. Availability relates to the impact on the institution’s ability to function if the institutional data is not reliably accessible to authorized users.

For more information regarding types of information, refer to

In this section

Open configuration options