Pages Collecting PII without a Privacy Statement Link report

This report displays the pages collecting PII with forms but that do not have a privacy statement link. Use this list to determine if a website visitor might think the data collected by the form is personal. For those pages that do collect personal information, provide a link to a privacy statement on the page that is requesting the information.

Why it matters

Note: A Product Administrator must create an XRule specifically to collect privacy statement link information, otherwise the data will not appear in this report.

It is important that a website visitor can easily determine how data is going to be used when a website asks for information. A website's privacy policy will describe why data is being collected, who will be given access to the data and what types of rights the website visitor has regarding that data after it is submitted. Providing a link from a page that contains a form collecting personal data to the privacy policy governing that data is the best way of providing information to the user when they need it.

Remediation and best practices for using privacy statements

Make sure you have a link to your privacy statement on every web page.
Provide additional notice within the content of pages with active collection to further inform users of how their personal information will be protected.
Use the POST method on forms instead of the GET method.
Use a meaningful name for each form.
Use the https protocol on pages with forms.