Collecting Sensitive Personal Information

Assuming the information is voluntarily provided by someone with permission to share it and there are no legal prohibitions in your jurisdiction, there are no technical or security constraints that prohibit you from storing sensitive personally identifiable information (PII) in MotorsportReg. 

However, that doesn't mean you should collect it!

There are several downsides to collecting and storing sensitive details in your organization's database regardless of the digital and physical security techniques that we employ to keep your data safe:

  • Accidental disclosure - a well-intentioned person unintentionally shares information via a cut/paste mistake, a screenshot or video recording, or attaching the wrong spreadsheet to an email
  • Accidental, malicious disclosure - an authorized user has their device hacked or unwittingly discloses their username and password to a malicious third party who uses the data for fraudulent purposes.
  • Intentional, non-malicious disclosure - a misunderstanding of what constitutes sensitive data, or sharing the data with someone believing they are authorized to access it
  • Intentional, malicious disclosure - all users with administrative access may view, and therefore copy, some or all of the sensitive details stored. These "inside jobs" could be for a single user or your entire database.

It is also possible that MotorsportReg could be compromised. We work very hard to ensure it doesn't, including complying with rigorous security standards such as PCI DSS, but it is a risk for every computer connected to the Internet. See more from RadarFirst about compromises.

We recognize that you require data in order to operate and we encourage you to collect anything that is necessary. If you do choose to store sensitive PII, you and your organization are responsible for securing it from the above risks outside of the platform compromise.

Your responsibilities, at a minimum, should include:

  • Regularly review your staff access list to remove anyone who should no longer have access 
  • Ensure you have a data security policy for your staff informing them of what is expected of them

Also be aware that asking for sensitive details may make prospective attendees uncomfortable, lowering registration rates or creating extra work for you to answer questions. Countless studies have proven that the less you ask for on a web form, the more people complete the process. 

For more reading, including how a simple selfie of a vaccination card can lead to more serious consequences, please read How Cybercriminals Can Leverage Your Vaccination Card Selfie

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us