In order to manage the process of filling out forms, ViaForms stores the information from forms into the ViaForms secure database. While this requirement introduces the risk of private information being accessible to the wrong people, this paper will discuss how ETI has designed ViaForms to minimize that risk to an acceptable and manageable level.

Securing Data In Transit – How Form Data Is Transmitted

When a user fills out a form and clicks either the Save, Submit or Sign buttons on the form, the data from the form is sent to the ViaForms application via 256-bit SSL (Secure Sockets Layer) using HTTP Post commands. This method of transmission is the standard methodology used by web browsers to securely send and receive data.

Securing Data At Rest - How Form Data Is Stored

When a user clicks a button that sends the form data to the ViaForms application, that data is comprised of individual form fields and information about those fields. Once received, that data is stored in the ViaForms database with two unique design features:

1. Each field on the form, as represented by a single data element (e.g. first name, address line 1, state, etc.) is encrypted with its own unique key.
2. The data is not stored in a relational manner.

Ultimately, these measures mean that if someone were to break through our security measures (firewalls, database login security, etc.) they would then have to break encryption field by field only to then have to find a way to relate the data together so it made sense. Unlike the hackers who steal an entire database of credit card info, rich with credit card numbers and information needed to use those cards (i.e. name, address, etc.), there is no way for a hacker to make sense of the form data even if all the security was breached.
There is another security feature that is inherent to this design: how does anybody know if the stored data is valuable or even valid?
Because forms vary in purpose, the number of data elements and stage of completion, it's impossible to know if the data is valid. The data in ViaForms is that of a saved form, a work in progress that may or may not be a completed, authorized transaction record. Thus, there is little to no value in the data stored in ViaForms and no means for the user of that data to know if the data is even valid.

How Long Data Is Stored

The actual time in which a record in ViaForms is stored is 180 days or less. Our application is not intended to be the final system of record and therefore customers must move their final documents and data into their own system, not to rely on ViaForms for an indefinite storage solution. By default ViaForms purges all records that are over 180 days. Depending on user settings, usage and other use cases, data may be purged much sooner than that.

File Attachments

ViaForms enables users to attach external PDFs and image files to forms to be part of the final package. These attachments are stored encrypted and require passwords to access. By default these attachments have a short life-span in the ViaForms system that is far less than the 180 days (the actual time amount is purposefully not disclosed for security reasons).