On 3 Nov 2010, at 00:22, Todd Richards wrote: > The problem that I have is that the form contains areas for date of birth, > social security numbers, financial information (mostly about amounts rather > than banking numbers), etc. I know you're not quite dealing with payment card data, but PCI compliance is best practise for anything you'd consider sensitive: https://www.pcisecuritystandards.org/security_standards/why_comply.php (and my definition of sensitive includes the legal one, and extends to 'anything the submitter might reasonably expect you to keep confidential') Cheers Martin -- > Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter > http://dspam.nuclearelephant.com/