Privacy

   Composer This topic is related to Transact Composer.  |   Form Builder |  v4.3 & Higher   This feature is related to v4.3 and higher.

General Overview

Privacy of information has, for us, 3 major concerns:

  1. That only appropriate information is temporarily retained and then submitted
  2. That the submission is sent securely to the server
  3. That submitted information is retained securely


Only the first of these is the concern of form designers using Composer.

Privacy Concerns with Hidden Fields

Many organizations have strict data privacy policies. A common policy is that the organization should never collect data that the end-user is not aware of. This can be an issue in the following example:
The end user indicates that they would like to include insurance for a spouse by clicking the "Insure my spouse" checkbox.
The form displays an optional section, where the spouse's details are collected.
The end-user later decides not to insure their spouse, and unchecks the "Insure my spouse" checkbox. The Spouse section is hidden.
The end user is now submitting private information about their spouse, that is not required, but has been captured in fields that are no longer visible. This can be viewed as a privacy breach.
Here are two ways of solving this problem:

Clear Hidden Data on Submit

The standard Composer Submit button has a property named "Clear Hidden Data on Submit". This is checked by default. If this property is selected, the form will automatically clear the values of any fields that are hidden when the form is submitted.
Note: The Submit button also has a property named "Clear Non-editable Data on Submit". This is rarely turned on, but is available if required.

Overriding

Sometimes it is necessary to preserve the data in an invisible field even though the user can't see it. For example, there may be a calculated field that is used purely for internal purposes, or there may be fields that are used to communicate information between the form the Transaction Manager.
You may override the usual Clear Hidden Data on Submit behavior on the Submit button by selecting the Preserve If Not Visible option in the Data Clearing Policy property on the Data tab.
Note: There is a special Composer field named "Data Field". This is just a regular Text Field, but is invisible by default, and has Data Clearing Policy set to Preserve. It is intended to store (and submit) internal data rather than user-visible data.

Clear Data when Hidden

Another option it to clear the data as soon as the field is made invisible. This is controlled by an advanced policy property in the Rules area. In most cases this is set to false. The same policy also exists for Read-only fields, although the need for this is rare.
There are pros and cons to this approach:
Pro: It is quite obvious to the end-user that their hidden data is cleared, because if they re-show the data, it will be cleared.
Transact Composer User Guide and ReferencePrivacy

Con: If the user accidentally hides a field or section they have already entered information into, that information will be lost, to their annoyance.
Note: If a field is hidden implicitly (for example, because it is on a wizard page that is currently hidden), the data will not be cleared.

When to Clear Data

The decision whether to clear data from fields on their first hiding or on submission of the form, is a policy decision for each organization.
In both cases, privacy is maintained.
Clear-on-submit generally provides a better user experience.
Clear-on-hide provides a more obvious demonstration to the end-user that their private data will be removed.
Composer's defaults focus on user experience, and so hidden fields clear on submit by default. You may change these defaults in your organization or in a particular form if desired. Please contact Avoka for details on how to set this up in your style-sheets.