Web Style Guide

Web Forms and FERPA


SMC has three “official” ways to gather information via an online form. Each is appropriate for different reasons. But only two (MS Forms via Office 365 and Dynamic Forms) allow for the collection of Personally Identifiable Information (PII) securely and in compliance with FERPA and HIPPA. In the wrong hands or through accidental exposure, notwithstanding well intended staff’s intended use for the data collected in a nonsecure manner, students and college employees’ information can cause serious harm. Staff and the college can be liable for any harm caused.

Omni CMS

A solid and easy to use form builder. Use for simple information gathering. This content can be emailed directly to a recipient's email address. Omni CMS is not approved for PII collection exceeding name and either an email address or phone number.

The following options are approved for the collection of Personally Identifiable Information (with limitations)

MS Forms via Office 365

Use for internal surveys and gathering information between SMC colleagues and students. By default, this is behind a password, and you need an SMC email address to access these forms. Asking for PII like Social Security Number and banking transactions is not appropriate, nor permitted.

Dynamic Forms

This is much more complex form builder that includes options like password protection, automatic input of saved information, and multiple pages, and the encryption of data. The big advantage for using Dynamic Forms is that it is secure for gathering personally identifiable information considered protected under FERPA or HIPPA. Use this option if you are gathering information from, or about, students when two or more of the following information is on your form:

  • Name/Email 
  • Student ID 
  • Address 
  • Birthday 
  • Phone Number
  • Any other personal identifying information.