Sensitive Data 


In this Article
Related Articles

About Sensitive Data

If you are collecting sensitive data in your form, you can use FormAssembly's Sensitive Data Feature to indicate which specific fields contain that data. This is useful for compliance with the GDPR, HIPAA, or forms collecting payment information. Learn more about FormAssembly's security.

When you mark a field as sensitive, you can choose what type of data you are collecting:

  • Credit Card Information (Credit Card Number and CVV Code)
  • General Sensitive Data
  • Password
  • Personally Identifiable Information (PII)
  • Protected Health Information (PHI) (Only available on Compliance Cloud)

Banking data, account numbers, passport numbers, and social security numbers are not required to be marked sensitive. This data will show in your responses.

FormAssembly only stores sensitive data that is not credit card information. Cardholder data is not stored on our servers, and you must use a payment connector when collecting payment information, so that cardholder data is processed securely through an approved payment gateway. Only the last 4 digits of a Credit Card Number will be stored and viewable in the response data within FormAssembly, e.g., xxxxxxxx1234. CVV code data is never stored.

When you map fields marked as sensitive data in your connectors, the sensitive data will be sent as-is (unmasked), with the exception of credit card information.

When credit card and CVV code fields are added to a form and then mapped in a payment connector, those fields will automatically mark as sensitive due to their connection with a payment connector.


Mark fields as Sensitive

You can add Sensitive Data settings in the Form Builder:

  1. Select the question that will be used to collect sensitive data.
  2. Click on the Options button in the editing toolbar.
  3. In the Field Properties sidebar, click the Sensitive Data section.
  4. In the Sensitive Data Type drop-down menu, choose the option for your field.

You will see a flag on the Form Builder canvas labeled "Sensitive" next to any field marked as Sensitive:

Any cardholder data that is marked as Sensitive will be masked by default in your responses and in any connectors you may be using. All other types of sensitive data will not be masked on Professional, Premier, and Enterprise Cloud accounts. Learn more about sensitive data management on Compliance Cloud.

Please Note: Forms upgraded to Form Builder 5.0 with sensitive fields cannot be downgraded through the URL, as new sensitive data settings are only supported in Form Builder 5.0. If necessary, please restore an earlier revision using an older Form Builder version.

Personally Identifiable Information (PII)

You can mark certain fields as collecting Personally Identifiable Information (PII).

PII is any information that can be used to identify an individual, such as a name, email address, social security numbers, or driver's license number.

Unlike credit card data fields, fields that are marked as containing PII will be saved in your responses as submitted. They will not be masked in the response data. 

NOTE: This option is available in Form Builder 5.0. Please upgrade your form to utilize this feature.


General Sensitive Data

There may be certain fields you wish to mark as containing sensitive data, even if they are not PII, PHI, or credit card information.

For any information you would like to mark as sensitive that does not fall into another category, you can use the "General Sensitive Data" category.

Unlike credit card data fields, fields that are marked as containing General Sensitive Data will be saved in your responses as submitted. They will not be masked in the response data. 

NOTE: This option is available in Form Builder 5.0. Please upgrade your form to utilize this feature.


Password Sensitive Data

Adding a password field will now automatically mark the field as sensitive. Passwords will be masked for respondents on the Review page. Learn more about enabling Review Before Submit.

NOTE: This option is available in Form Builder 5.0. Please upgrade your form to utilize this feature.


Protected Health Information for Enterprise Compliance Cloud


You can mark certain fields as collecting Protected Health Information (PHI).

For Compliance Cloud, this feature enhances data governance and security. Administrators will now have control over which users can create and edit forms collecting specific types of sensitive data, and which users can view and edit responses with specific sensitive data types.

NOTE: This option is available in Form Builder 5.0. Please upgrade your form to utilize this feature.


Respondent Data Relationship Classification

For every field marked as sensitive, you have the option to define the respondent data relationship classification.

In accordance with the GDPR, it's helpful to label the respondent data relationship. This will allow you to define if the person filling out the form is completing the form for themselves, if they are completing it for a third party person, or if it is unknown.

  • Unspecified: It is unknown which party this field is collecting data about. For compliance purposes, you may classify this field as either First Party or Third Party.

  • First Party: This field will be collecting data about the person filling out this form.

  • Third Party: This field will be collecting data about someone other than the person filling out this form.


Using the Save and Resume Feature

If a user saves and resumes a form, the fields that have been marked as "Credit Card Number" or "CVV Code" will be cleared. The previous information that the user entered into the field will no longer be available.

PII, PHI, and General Sensitive Data can be resumed with the stored values displaying, like other fields.


Form Moderation

All new FormAssembly forms on Professional and Premier plans go through a moderation process to ensure they are collecting appropriate information that will be used in an ethical and legal manner.

By marking fields that collect credit card information or banking information as Sensitive Data, your form will help allow for a faster moderation experience, which will help get your form up and running as quickly as possible.


Sensitive Data Management on Compliance Cloud


User Role Permissions

For enhanced data governance and security, Compliance Cloud administrators can manage who can collect or view and edit responses containing sensitive data. These controls are available through the Admin Dashboard. Learn more about managing user role permissions.


Masked Reports and Responses


Sensitive data will be locked (masked) by default within responses and reports, and only accessible for specified lengths of time.

Sensitive data will also be secured and redacted in response aliases across Thank You pages, email notifications, and auto-responders. Individual field aliases, however, will pass sensitive data unmasked, so you can use them in calculations and formulas.

Please Note:  Uploaded files are locked through the unlock/lock functionality on Compliance Cloud. They cannot be retrieved through the links listed in the responses until you unlock the responses.

Locked (Masked) Data:

Unlocked Data:

Logging Access to Sensitive Data

When data has been unlocked, a log entry will show with the date, time, and the person that unlocked and accessed the data.


Unlock a Report

  • Requires password (except for Single Sign-On)
  • Requires permissions to view sensitive data
  • Specify unlocking time (will lock automatically after time expires)
  • Unlocks the entire report (ALL responses for a form)
  • If the form is shared, you cannot unlock the report for another user

When you click on Responses, sensitive data is redacted for security.  If your administrator gives you permissions to view sensitive data, you can unlock the report.

You will only be able to view the sensitive data types you have access to. dFor example, if the form collects PII and PHI, but you only have access to view PII, the PHI data will remain masked when you unlock the report.

Walkthrough

  1. Click Responses
  2. Click on Unlock report
  3. A popup box will appear so you can choose the amount of time you'd like the report unlocked for.
  4. Choose the amount of time you'd like to unlock the report.
  5. Click Unlock
  6. Once the time you have set for the report to be shown has expired, the field will be redacted once again when viewing the report.

Unlock a Response

  • Requires password (except for Single Sign-On)
  • Requires permissions to view sensitive data
  • Specify unlocking time (will lock automatically after time expires)
  • Unlocks a single response, not the entire report
  • If the form is shared, you cannot unlock the response for another user

When you click on Responses, sensitive data is redacted for security. If your administrator gives you permissions to view sensitive data, you can unlock the response.

You will only be able to view the sensitive data types you have access to. For example, if the form collects PII and PHI, but you only have access to view PII, the PHI data will remain masked when you unlock the report. 

When you unlock and view a response, your access is recorded in the response Log Entries.

Walkthrough

  1. Click Responses
  2. Click on the response you want to unlock
  3. Click the Unlock button
  4. A pop up with options will show
  5. To unlock just this response, choose Just this response from the Unlock dropdown.  You can also unlock the whole form from here by choosing The whole form.
  6. After you have chosen the above options, you will then need to enter your password and click Unlock.
  7. It will then show in your report as unlocked so you can view the data.
  8. Once the time you have set for the data to be shown has expired, the field will be redacted once again.


Terms of Service · Privacy Policy