Jump to content

Collecting, Securing & Processing multiple forms of personal information. Where to start?


n0sleeves
 Share

Recommended Posts

A company approached me wanting to convert their paper-based ways of collecting customer information into electronic. Reason being they want to instead use a tablet (in office) and have them fill out everything electronically in order to prevent readability / processing errors and also offer the ability to fill out on their website.

The type of information such a company needs from their client is pretty intense and detailed. Customers are filling out multiple documents disclosing  personal information, not only about themselves, but also about the defendant - everything from vehicle registration, address / work history to personal identity to the fullest extent) - things like social security numbers, etc.  It seems there isn't a sensitive data question not being asked.  Not only that but they are also disclosing credit card info (for payment). It's pretty monumental in terms of data.

I never accepted the project and said I'll look into what's possible but out of curiosity and being the curious type I am, I have already built a mobile-responsive / electronic version of their entire 200+ question form(s), complete with task completion status, page summary, auto-complete, validation, terms of service. It's damn beautiful but that was the easy. Even though I like getting my feet wet, I am wondering if I should continue or if it's even worth the headaches, not to mention the technical hurdles.

The questions I am wondering are numerous (and for understandable reasons). I guess the top would be:

  • I know all this data has to be encrypted and secured to the highest extent. I don't know what's involved or how deep it can get. I do know the risks and the laws governing storage of such sensitive data and also the penalties for the company if it gets stolen. So I'm hesitant to even take on this task for that reason alone; especially since I'm still very much a PHP / programming beginner (although devoted). I don't want to major f*** up ^_^

     
  • I was thinking storage would be on the web host instead of some sort of in-office database? An online back-end would have to be created to retrieve information so that the company then could process it (they wanted it as a pdf). They need some way to retrieve the data.

     
  • They need to be able to charge / have access to the  credit card again at a later date so integration with a payment processor needs to be implemented, correct?

I am asking more what direction / route / study material I should look into (first steps) more than specific procedures because I understand it's very involved. If I can't tackle this now, I would like to learn so I can accomplish this in the future because building, integrating and deploying things of this nature is where I would like to go.

Just curious on your thoughts.

Thanks everyone ^-^

Link to comment
Share on other sites

Good question.

Security is not something I have ever had to obsess over so I will leave it to others to reply to that but it does sound like a very interesting project.

A general question would be, is there already a tool out there that serves the purpose well? A database driven one, even offline software like Filemaker which could perhaps be integrated. Or there might be a framework out there with security at the forefront.

Sorry not that helpful an answer I'm sure but it's an interesting question and though it deserved at least a response :D

  • Like 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...