Should I email contents of a https form submission

Question

I am building an online registration form for a voluntary organisation in the UK and am considering data security measures.

The form will be served up over https and there may be an optional payment fee involved. We are using Stripe.js to handle PCI compliance so we never see credit card details.

One thing I would like to do from an end user point of view is to provide a copy of the submitted application form to the user for their own records. However, with email being an inherently insecure protocol, I am wondering if I should be doing this even though it is common place.

The form itself will take basic personal details, name, email ,address and date of birth details as well as some checkboxes where they agree to conditions of membership. This is a one time submission to the user so we will not be asking for or storing a user name or password.

Is it 'appropriate', considering data protection principle 7 to send the complete submission details (minus credit card details obviously) back to the user, in a formatted PDF file by email?

One option is offering to send it PGP encrypted. – Natanael Dec 10 '15 at 08:29 — Natanael, Dec 10 '15 at 08:29

tarleb · Accepted Answer · 2015-12-09T15:43:07.123

I'd advice against sending all that information in an email. Mail-storage is probably not the problem, but SMTP is terribly insecure (not encrypted, usually easily MITMed even if there is TLS support available).

If you are set on sending a confirmation mail, leave out sensitive information like the person's date of birth. IANAL (nor do I live in Britain), but I'd argue that, while all of this is personal data, the date of birth is the most sensitive as it can be used to cause actual harm. It is frequently used as in security questions.

Re-display all details on the confirmation page visible after the form has been submitted and allow the user to download it in PDF format.

Ignore regulations for a moment and look at it from a user point-of-view: entering private data requires a certain amount of trust into the entity receiving the data. Users are more likely to trust you if they have reason to believe that their data is kept save. Offering a form over https is a decent indicator that data won't carelessly be flung around the internet. Sending the same data back to the user through an potentially unencrypted connection (i.e. email), allowing for passive eavesdropping, immediately breaks that trust. I've seen instances of this happening and users were not happy about it.

I suppose this question was prompted by my not understanding what constitutes personal / sensitive data. Is DOB sensitive but a name not? I like the point in your last paragraph. I am using a tool to do this, not custom coding, so am somewhat bound by it's features but have now settled on not sending the PDF (and giving user print functionality just prior to form submission). — brianilland, Dec 10 '15 at 14:25

score 2 · Answer 2 · answered Dec 09 '15 at 13:23

2

You can offer the user a download of that PDF from the site, perhaps, on the next page after they've submitted the form.

That way, it will only be transmitted by the same (HTTPS) channel used to send the same data in.

Edit - sorry I see there is already an answer saying the same thing :)

answered Dec 09 '15 at 13:23

Mark Koek

1,311
1
8
16

Good advice stays good, redundant or not. +1 – tarleb Dec 09 '15 at 14:25

Should I email contents of a https form submission

2 Answers2