Online forms are convenient for students and administrators and an important sustainability strategy in the effort to reduce the amount of paper used at McGill. From online concerts and event registrations, to students making requests related to their program of study, there are over 5900 active webforms in the WMS – That's a lot of information being gathered!
Following a data protection assessment the following changes are coming into effect:
- Webform submissions can be stored on the WMS for only 40 days, after which point they will expire. In order to make sure that you do not lose your data, you will need to download your webform results regularly. To find out how to download your results, and the options available when doing so, please see these instructions
Email confirmation messages that include the form responses can only be used on authenticated forms, to ensure they're only sent to McGill addresses. If your forms collect data from the public, or other off-campus email addresses, a generic confirmation message means that your user data won't be compromised and that your form won't be used as a spam gateway*. A generic confirmation message would be something like "We have received your form and will be in touch shortly".
Not all data is the same, and there are laws in place that require us to protect sensitive data including Personal Information (PI), and Personal Health Information (PHI). This article will discuss what you need to keep in mind when collecting PI or PHI. An additional data type: Payment Card Industry (PCI), includes financial information such as credit card numbers and cannot be collected under any circumstances on your website.
Data that is considered sensitive includes things like:
- numbers such as your SIN, Driver's license, and your McGill ID
- people's citizenship or immigration status
- confidential personal details like date of birth, or health questions
Beyond the obvious, it's important to be aware that otherwise mundane information, when collected together, can also be considered sensitive. Someone's name is pretty harmless on its own, but if you add a phone number, address and something else that can identify them, it gets trickier. CVs and résumés are a great example of this, as they often contain those mundane details along with a historical record of work and education.
For more information regarding the protection of user data please read Webform Security: Protecting user data.
Online Forms at McGill
Webforms is part of the WMS at McGill and is a great choice for forms that do not collect PI or PHI. It is an excellent choice for forms that target a specific group of people at McGill.
Microsoft Forms (using your McGill account) is the appropriate forms tool to use when collecting PI and PHI (with consent). It is also a great choice if you would like to store your results longer than 40 days.
Working with Personal Information (PI)
When designing a form, the first and best way to protect people's data is to not collect it. Why is each question being asked? If a detail isn't required, leaving it off the form will reduce the security risk if that data is compromised.
If PI must be collected in your form, Webforms is not appropriate. You should use Microsoft Forms.
Working with Personal Health Information (PHI)
If your form is collecting any personal health information you must include a checkbox for people to consent to its collection, using wording that has been approved by Legal Services. If you regularly work with health information, your unit may already have some wording prepared.
If PHI must be collected in your form, Webforms is not appropriate. You should use Microsoft Forms.
Requiring sign in protects user data
Just like with Webforms: If you are collecting data from McGill users using MS forms, the form should be set to require users to sign in. Note that MS Forms does not allow for the uploading of documents (e.g., CV, artist statement, photos) when collecting data from the public. In this case Webforms can be used but submissions (including attached files) must be emailed to a McGill email address and immediately expired from the WMS database (see the Submission expiry section in this KB article).
Which tool should you use?
|Non-sensitive, non-confidential data from McGill Users or the public||Webforms or MS Forms|
|McGill ID from McGill Users||
Webforms (with authentication and the use of a token only, not a fillable field)
|Sensitive or confidential data from McGill users||MS Forms|
|Sensitive or confidential data from the public with no file upload||
|Sensitive or confidential data from the public where they need to upload a file||Webforms (submissions must be emailed and immediately deleted from the WMS)|
Questions and Training
Questions about whether the data that you are collecting qualifies as sensitive can be directed to: itgovernance.its [at] mcgill.ca. Visit the McGill IT Website for more information about Cloud Services.
If you are working with MS Forms and would like assistance, you can book a Q&A session with a team of experts.
Keep an eye out for a new Webforms training course coming soon, or attend a WMS 302 lab.
And of course, if you have any questions, please don't hesitate to reach out to us.
*A spam gateway is common vulnerability on the internet, where bots can send advertising using a form. We can't let this happen or else all McGill email could be flagged as coming from spammers.