Formstack is a web form management tool that allows for the quick and easy creation of standards-compliant and accessible web forms. In an effort to meet compliance with federal regulations, the following guidelines have been established for the use of Formstack at MDC. These guidelines outline the basics of what information should and should not be collected via web forms.
MDC designates the following as "directory information," which is permitted for collection on forms:
Do not collect information you do not need. Additionally, try not to collect information that is already available to you in another system, such as PeopleSoft.
If you are sending form data to an email address, that address must end in mdc.edu. Ideally, submissions should be directed to a Shared Mailbox where multiple people have access. To request a Shared Mailbox, please contact IT.
If the information you are collecting will be sent to or shared with a third party, you must include a clear statement on the form indicating with whom the information will be shared.
The file upload feature must not be used on forms. This feature is disabled to prevent the collection of unsecure or sensitive documents and to minimize security risks.
FERPA is a federal law that protects the privacy of student education records such as grades, transcripts, disciplinary records, contact information, and class schedules. All educational institutions that receive federal funding must comply with FERPA. Find out more about FERPA guidelines.
HIPAA is a law designed to provide privacy standards to protect patients' medical records and other health information. Formstack is not HIPAA certified. This means that no patient-related health information should be collected by any form managed with Formstack.