Here is helpful information about best practices, data collection, and e-Signatures for forms.
- Have at least 2 owners (in case someone is out of the office, leaves the Univ., etc.) who can edit the form and access the submissions.
- For Office 365 Forms, it's recommended to create a group form; this allows all members of a group to access and manage the form. To do this, first create a group with at least 2 people --- be sure to use the web version of Outlook. Then create a group form.
- Use only accessible form fields.
- See sample O365 form and Google form. (Inaccessible form fields are identified on these sample forms.)
- Qualtrics sample form – Not available at this time. Details about accessibility issues are available at Penn State’s site: Qualtrics Survey Tool.
- If you have questions about the accessibility of a form, please contact me so that I can review the form before it’s made available to the public.
- Test the form once you have final draft.
- Have someone test the form that does not have access permissions.
- Ensure that email notifications are sent/received (if using).
- Download data to see if it’s in a format that you can use.
If the form allows multiple responses for a question, be aware of the following:- Depending upon the form software, multiple responses may be in a single cell or entered into separate cells. See the examples below:
Multiple Responses in Separate Columns Option A Option B Option C X X X X X Multiple Responses in Single Column Responses Option A Option A,Option C Option B,Option C - You may need to change question type or work with the data in Excel to get it into the desired format.
- Depending upon the form software, multiple responses may be in a single cell or entered into separate cells. See the examples below:
Data Collection
- Per University policy, DO NOT collect PII (Personal Identifiable Information), such as:
- Social Security #, Driver’s License #, Credit Card #, Bank Account #
- Birth Date
- State ID cards
- Passport #, Military ID #, Tribal ID #
- User ID/email address combined with passwords or security questions/answers
- Digital Signatures
- Biometric Data (fingerprints, retina images, DNA profile)
- Protected Health Information
- The nine-digit PSU ID can be collected on a form and included in the body of an email message IF:
- The web form resides on a server that is compliant with the requirements for Moderate/Level 2 data under AD95.
- The Office 365 and Google suites meet these requirements.
- FERPA data is generally classified as Level 2 unless there is PII involved (SSNs, Drivers' License Numbers, etc.).
- Questions may be directed to the Penn State Privacy Office ([email protected]).
- University policies (including data retention):
- Permitted Storage (Acceptable locations for data storage)
- AD95 - Information Assurance and IT Security
- AD53 – Privacy
- University Privacy Office (Data, PII, credit cards, etc. Includes email address if you have any questions.)
- University Information Security Office (Privacy, policies, data classification, etc.)
- AD35 - University Archives and Record Management (retention, archives, etc.)
- General Records Retention Schedule
- Web Privacy Statement
- AD96 - Acceptable Use of University Information Resources