Webforms

Website administrators can build webforms to collect information. This information is very carefully governed to protect both the privacy of the respondent and the security of the data.

Related information

• What kind of form do I need?
• Support
• Training

Purpose and audience

The purpose of a webform is to collect necessary information from the university community or the public in order to carry out a specific request, such as a request for information or to sign up for an event.

Software for collecting information

USNH Enterprise Technology & Services (ET&S) is responsible for the operation of webforms.

Getting an account

With the approval of the site owner or web manager, USNH staff with active user IDs and USNH email accounts who have responsibility for collecting information via a website for their school, department, office, or program may become a webform editor. A webform editor creates, edits and manages webforms and form submissions.

Use the USNH IT Accounts Management system to request an webforms account. Once you are logged in:

1. Click on Add.
2. Under Employee Resources, click on Request Access for Yourself.
3. Fill out the information requested in Step 1 and click Next.
4. Select Communication and Collaboration.
5. Select Website access and click Next at the bottom of the form.
6. Fill out the rest of the form, use the description area to request webforms access, and submit the form.

Information protection and classification

All USNH employees have an important role in ensuring the protection of information the university has a duty to protect. Federal laws, state regulations and university system policies require that you protect information about others. This includes information collected about people not affiliated with the university system, on behalf of the university system.

Before you can protect information, you must understand what type of information you are handling. USNH policy identifies three types of information:   

• Restricted: Protection by law or standard; examples include SSNs, academic or medical records, credit card numbers
  • The UNH Research office offers online and in-person HIPAA training designed to assist members of the USNH community with acquiring a basic understanding of HIPAA
• Sensitive: Protection by university policy or contract; examples include passwords, intellectual property, student directory
• Public: Information approved by USNH data stewards to be available to the general public, for example, campus maps, your salary

Using webforms to collect information

Webform information is transmitted via email and stored in the same location as website content. Therefore, it is inadequate protection for any information classified as restricted and most information classified as sensitive.

Examples of information that can be included:

• Public information  
  • First and last name
  • Contact information
  • Address
  • Phone
  • Questions/comments/feedback
• Sensitive information  
  • USNH ID #

If you need to collect other information classified as sensitive or any information classified as restricted, contact ET&S to discuss potential information collection and storage options that ensure compliance with USNH policy and regulatory requirements.

Processing collected information

Collected information should be downloaded and deleted from Drupal immediately, if possible, and kept in Drupal no longer than 30 days maximum. Data kept in Drupal longer than 30 days may be automatically deleted by ET&S.

Support

For more information, please contact ET&S.

Training

Training for Drupal webforms may be offered periodically through the Teaching and Learning Technologies training calendar.

Responsibility for usage

Users are responsible for collecting and protecting information in accordance with all USNH policies. Failure to protect information can have serious consequences:

• Harm to individuals whose privacy is breached, such as identity theft
• Financial and reputational damage to the university system
• Personal risk if a data breach happens while you are not following policy and law

Information protection is governed by federal laws, state regulations, and USNH policies, including:

• HIPAA (Health Insurance Portability and Accountability Act)
• FERPA (Family Educational Rights and Privacy Act)
• CJIS (Criminal Justice Information Services)
• New Hampshire RSA 359-c20 - Governs information security breach notification requirements
• Red Flags Rule - Requires detection, reporting, and prevention of identity theft
• PCI-DSS Standard - Governs credit card transaction processing protections
• UNH Online Policy Manual
• PSU Online Policy Manual
• KSC Online Policy Manual
• USNH Online Policy Manual

Violations

Although USNH ET&S does not monitor or regularly review website content, it reserves the right to remove at any time any content that it considers in violation of this standard or any other USNH policies.

If inappropriate or inaccurate activity is discovered, ET&S will contact the account user to discuss the issue. If the site or content owner cannot be contacted or is no longer at USNH, that content will be administered by ET&S and can be removed if deemed inaccurate or inappropriate. When content is obviously unacceptable, ET&S will immediately remove the content prior to contacting the site owner. Unacceptable usage also may cause access to form creation tools to be suspended.

Reports regarding inappropriate content may be sent to ET&S.