In this article, we will review regulations for sensitive personally identifiable information, such as a credit card numbers, and the responsibilities of Documoto customers if you request and store this type of information within the Documoto application.
- Sensitive Personally Identifiable Information
- Web Application Services Agreement (WASA)
- Alternative Suggestions
Sensitive Personally Identifiable Information
Regulations such as the European Union's General Data Protection Regulation (GDPR) and various US regulations at the federal and state level set rules and liabilities for businesses that control or process Personally Identifiable Information (PII). There can be substantial business liability for exposing PII outside its intended use.
Sensitive PII is a type of personally identifiable information with even higher protection requirements. Sensitive PII includes information such as: social security number, birthplace, and financial information including credit card number(s).
Web Application Services Agreement (WASA)
Documoto takes steps to secure your content, including utilizing encryption between our servers and your users, yet there is always the possibility of a breach or security failure exposing information. Our Web Application Services Agreement makes it clear that you own all your content. It is the customer's choice to decide what information to collect and how to use it. This includes information collected from placed orders. However, we highly recommend that you do not use Documoto to request or store sensitive PII.
Below are a few alternative suggestions we can make:
- Customer could obtain enough customer information via the order to contact the order placer to securely obtain credit card information over the phone, or by emailing a secure method for paying via credit card (such as PayPal, Square, Stripe or some other similar service).
- Customer could add a label on the order submission form that credit card payments will be processed after order submission, and that the order placer will receive an email or call requesting payment.
- Customer could implement an eCommerce system with a payment processing solution included (such as Shopify, a Documoto eCommerce partner) that integrates to Documoto.