Welcome to WebmasterWorld Guest from 220.127.116.11
The ad rep dropped by here a bit ago with THREE pages of hand drawn form fields for me to program up.. So a little past what I had related to the advertising account rep.. BUT WAIT.. that isn't all!.. The form is for a loan application and contains.. names, home addresses, and (gasp) social security numbers amongst the fields they are wanting to have sent to an email box.
So if it was only because of the scope creep I would want to renegotiate.. but add in the potential disaster that level of information being sent through an unprotected email can cause.. and I better chat with them.. or have them sign something..
Anybody.. what should I tell them?.. I know there are ways to better do a secure email transmission but not within their already over extended scope.. Should I draft a liability waiver and have them sign it?
Several years back a slimy lawyer was trying to start a class action lawsuit against all sites that asked for a SSN without an SSL page.
Anybody.. what should I tell them?..
I think you already know . . . the same thing you would tell them if they were asking for credit card info to be emailed.
This does open a good question though, if a client is adamant about an insecure practice and presses a provider to do it the way they want, what is the provider's liability?
So far I've escaped this nut by providing a very convincing argument about the right way to do it.
By all means, make an application form, but make sure the user knows in advance what info they require to have ready.
Sometimes, a simple enquiry form is best.