Security issues with collecting info such as SSN and drivers license #s

Forum|Forum|5 years ago
February 25, 2021
2 replies
3606 views

I would like to complete a PDF form that is fillable by a respondent. The form is intended to acquire information and permission by the respondent in order for my client to run a credit and background check on the respondent before they can begin volunteering for our organization. So, we are looking for some pretty specific pieces of information, such as social security number, driver's license number, et cetera. My concern is how to safely transmit that personal information using a fillable PDF form while maintaining security for the respondent. I have been reading through skads of questions and answers but am still not clear about a process. I know encryption is one element, but don't have an overall picture.

I want to create culpable let form, have respondent complete it and return to me while maintaining security.

Thank you.

PDF forms

This topic has been closed for replies.

T

Test Screen Name

Legend

You MUST submit to a secure web server, and make sure this info is at NO TIME emailed. In many countries this is a legal obligation with very severe penalties. The server needs to be set up by an experienced specialist, a professional up to date with all the latest security issues. You cannot do this yourself, and the cost would be significant, but it is a legal obligation. Given that, there is no reason at all to use a PDF form, you might as well use an HTML form, and you will find many more professionals in this area. You might indeed find a commercial processor, but check their credentials and security policies carefully.

E

ekoenig61Author

Participating Frequently

Yes - I stepped in when I learned they were thinking of just using fillable PDFs. Won't an HTML form have similar security issues??

T

Test Screen Name

Legend

Absolutely, HTML forms have the potential to have the same security issues, which is why I argue so strongly the solution must be created by a professional specialist. One of the big attractions of PDF forms is that it's easy to have them send an email - but this is exactly why they are a bad idea.

To be secure you need at least

- a web server under secure control

- https (not http) submit

- a secure script or app running on the server to get the information

Now, what we sometimes see is that the secure info is then emailed on - but that's just as bad. So, the server needs a secure way for authorized people to connect and get hold of the info that was submitted. This in turn needs to be securely handled - not (for example) just pasted into a spreadsheet.

You need a complete solution; people only see the form part as relevant, but it's the whole process and business practices that matter.

Bernd Alheit

Community Expert

How want you transmit the information?

E

ekoenig61Author

Participating Frequently

My staffperson just wants to use "a fillable PDF" so I think the answer is we don't know the best way. Respondents would be offsite obviously. I would think we would send the fillable pdf by email to the respondent and ask them to fill it out and return. Respondents will generally not be high-tech folks. I am also open to putting something out there online for folks to access with a URL we send to them. Largest concern is exposing their information.

Bernd Alheit

Community Expert

Email is not secure. The users should submit the filled PDF form to a server.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded