Starting in Early April 2020, all mailforms in CMS will be disabled. You should not create any additional forms in CMS and you should migrate any existing forms to a different service, such as Qualtrics.
Before you create or modify a mailform in CMS, please be aware that the CMS mailform intended purpose is for basic email communication, not for collecting sensitive information. We frequently see authors making the mistake of collecting sensitive information using CMS mailforms.
As a reminder, the following types of information must not be collected using a CMS mail form:
- NDSU ID number (when also soliciting the individual's name)
- Driver's license number
- Social security number
- Credit card / payment information
- Insurance information
- Health information (doctor visits, vaccination status, etc.)
- Non-public student or employee record information (includes GPA, course registrations, and anything else that is not directory information per NDUS 1912.2)
- Any other sensitive information
If you know of a CMS mailform that collects sensitive information on a page you maintain, please update the form to either stop collecting the sensitive information or to use a secure and approved collection method.
NDSU Qualtrics is approved to collect several of these sensitive data points (NDSU ID #, non-public student record information, and birthdate), provided you do not configure Qualtrics to send email receipts of the visitor's submission to include the above data points. Qualtrics surveys can be embedded into CMS pages.
If you have a business need to collect some of the above data points and you are not sure if Qualtrics is approved for your intended purpose—or if you are uncertain whether any data you intend to collect is considered sensitive—please contact IT Security to identify a secure method for data collection. Non-NDSU services (Weebly, Survey Monkey, etc.) are not approved for this purpose.
The following types of information are OK to collect using a CMS mail form:
- Student or employee's name
- Phone number
- Email address
- Other directory information unless withheld by the individual, such as address, major, office address (see NDUS 1912.2 for directory information details)
- Comments or feedback; however, you should discourage the submitter from including any sensitive information in circumstances where the submitter is likely to include it given the context (such as a feedback form about financial aid risks the student including sensitive financial aid details unless you remind the visitor NOT to submit that sensitive information through this insecure channel)
For more information, please contact:
IT Security Officer
IT Help Desk