Description: Where and when the different types of form security are used with a short description.
What is form security?
Anyone who handles their medical documents, files their taxes, or simply inputs sensitive information about their child’s education knows that the forms you are filling out hold a lot of sensitive and personal data. It’s stressful enough obtaining or simply filling out those forms, you don’t want to have to worry about your personal information going public; that’s where form security comes in. There are different kinds of form security like; Personal Identifiable Information (PII), Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Payment card industry compliance (PCI), etc., but all these types of form security help do one main thing, protect your private information. Depending on where you are in your life, you may or may not have heard of all these form security types, so let’s give a brief explanation of some of the more important ones to help give a better understanding of where and when they are used.
PII
Starting simple, PII, or Personal Identifiable Information, is categorized as any information about a person that can be used to identify them. This includes a person’s name, address, social security or phone number, and even your age in specific scenarios. All this information can be used against you if given to the wrong person with some clever hackers using simply the phone number of an individual to make targeted attacks on their accounts and online presence. Important places like government databases use PII often to protect your more sensitive data, but many websites also use PII in their system when they ask you to sign in or apply for an item. A good rule of thumb for developers is if you are asking for any identifying information from your users, it is best to implement PII protections.
HIPAA
The Health Insurance Portability and Accountability Act, HIPAA for short, is geared towards, as the name would suggest, protecting both your recent and past medical records. It prevents anyone from being able to obtain any medical information from your doctors and nurse without your knowledge or consent, with the only exception being if the patient needs emergency medical treatment. Common in any medical field, HIPAA laws must be adhered to whenever someone is receiving or inputting any sensitive medical information about a person, or else they can face fines of $100 to $50,000 per violation.
FERPA
Family Educational Rights and Privacy Act is probably the less known if even the less thought of type of form security. FERPA is what gives parents the right to access their child or children’s educational records like where they were taught, by whom, and what education they received while attending that school. Maybe I’m the only one but when I first heard about FERPA, I honestly didn’t see the entire practical need for it, aside from protecting the location of children, but FERPA is a very useful and needed form of protection against those trying to get your personal information. A lot of information has to be given to schools to provide the best education and atmosphere for the students learning there. They are given important medical records and hold sensitive information about the student like their name and address, so just like HIPAA and PII, FERPA is used to protect any sensitive information about a student, including their academic records.
PCI
Payment card industry compliance protects your information with every swipe of your card. Credit cards, debit cards, and ATM cards, all hold one thing; money, and I am certain that your funds are something you want protected and secured. You may not see them in play, but PCI compliance is everywhere. The gas station, the grocery store, the mall, all these places are dealing with your private information. Following the PCI DSS, Payment Card Industry Data Security Standard, ensures that cardholder information is used, stored, and transmitted safely. Organizations found to be in breach of PCI DSS could be fined $5,000 to $100,000 per month (roughly £4,000 to £80,000 in GBP) by payment providers, according to the PCI Compliance Guide.
