Making sure that confidential web form submissions are private
Request Type:
Bug Fix
Issue/Request:
Hi. I am creating an electronic application for a program that our department will be starting this year using a webform and the form submissions should be confidential. I read a thread about webform submissions showing up on Google searches but the proposed solution (to check the Private check box on the form fields) makes the form fields themselves disappear from the display. I need the form to be visible to anyone so applicants can enter the data, but not the results of the submission of the form. How can I make sure that this happens? Thanks, Victoria.
Hi Victoria,
The Private checkbox will allow people with Results Access the ability to see the field. That means anyone who can see the field will be able to see all the results and I don’t think that’s what you want. What you can do is require that people CAS in that would provide some protection, but that’s it. You can’t provide protection for “anonymous” users because that would make the form open to everyone.
Normally we don’t recommend sending confidential information in a Webform or storing it on a YaleSite. Are these the only fields that you plan to capture?
OK thanks. The entire application form should truly be available to anonymous users to input their data, so the suggestion to use a CAS login won’t work for us. Does Yale have a recommendation for a secure site for hosting confidential electronic applications? I feel like this must come up all the time!
I will escalate this to another department who can hopefully help. The form fields are not searchable but apparently the files are and there is no way to protect them at this point (the solution in that post was wrong because the field would only be available for people with results access).
OK thanks. This is good to know.
Hi Victoria,
I figured this out. What you have to do is
The Upload destination option ONLY shows up if you have the Private Files setup in the first step.
Thanks so much!! :)