3 Web Form Design Pitfalls to Eliminate

In Part 1, we went through Alexander’s horrible web form. In Part 2, we showed you 7 common web form design mistakes to avoid. Now, let’s examine bad processes in web form design.

Bad processes = awful management.

Bad processes are back-end. They face whoever builds and owns the web form — and whoever collects and manages the data. Stakeholders, IT, developers, administrators, creatives — that’s you!
Bad processes make it hard to get the work done and maintain standards across your department or your organization. Bad processes pit stakeholders against IT, due to miscommunication and different expectations.
Bad processes in web form design block workflow and increase liability. They're inconsistent, time-consuming, divisive, and dangerous.
And, worst of all, bad processes can mean security threats.
So let’s explore how you can identify and eliminate the bad processes.

1. Bottlenecks

You’re probably all too familiar with administrative bottlenecks. They happen all the time, they drain your resources, and they stop you from getting things done. Instead of working on what matters most, you’re stuck dealing with problems such as:

  • Double entry. If you have paper forms, someone’s got to transcribe them. Or if your online forms aren’t hooked up to your database, someone has to copy and paste the data for each new submission, over and over again. And every time, you run the risk of introducing a new typo or error, so your data accuracy could suffer.
  • Reliance on IT. You need to make a few changes, but you’ve been waiting forever (and you’ll continue to wait!) because the IT team has tons of other stuff to do. You have no clue how to make the changes yourself, since the code is quite complex. Meanwhile, the clock is ticking and the deadlines are creeping ever closer. You need your forms done yesterday.

Here’s how you can prevent these bottlenecks.

  • Integrate your forms. Your forms should be plugged directly into your information system, so the data’s exactly where you need it — right away.
  • Empower stakeholders. Give them the ability to review and edit forms. No more waiting on IT!
  • Make changes easy. Since your needs will change and grow with your organization, flexibility is key. You should be able to iterate quickly and effortlessly.

2. Security

When you’re dealing with people’s data, your respondents trust you to keep it safe. It’s important that you follow best practices and maintain the highest standards to ensure the security of your data.

  • Avoid ad hoc development. A handcrafted web form that’s tailored for one specific purpose is not a scalable solution. It’s best to use an agile system rather than reinventing the wheel each time.
  • Avoid rogue form creators. Take care that there aren’t any vigilantes setting up home-brewed forms to collect sensitive information.
  • Centralize form creation and data collection.
  • Make sure your developers are familiar with data sanitization, XSS, CSRF, OWASP Top 10.
  • Use TLS 1.2. be sure to stay well-informed and current with the latest issues and vulnerabilities. For instance, two major security bugs (Heartbleed and POODLE) were discovered last year.

3. Non-Compliance

Compliance with data privacy laws and policies is essential to good web form design. These processes are all about what kinds of data you collect, and what happens to the data after you collect it.

  • Know your compliance requirements. They’ll depend on what types of data you collect and where your organization is located. For example, you may need to comply with FERPA, HIPAA, Section 508c, PCI, or state laws.
  • Don’t collect data that you don’t need. With every question you ask, it’s necessary to think about why you need the answer, how you’ll use the information, and whether it’s consistent with respondent expectations and data privacy laws.
  • Don’t store data longer than you have to. You shouldn’t hold onto data indefinitely, especially if you’re safeguarding sensitive information. Your organization may have specific data retention policies.
  • Control who accesses the data. Don’t share passwords, keep track of who has access to what, and limit access by default. Because data privacy is critical, access should be on a need-to-know basis.
For more information on web form security and data privacy, check out our guide for Best Practices in Web Form Security and see how FormAssembly can help!

Don’t just collect data — leverage it.