If you manage a brocku.ca WordPress site that collects personal information through online forms, read this page carefully to ensure that your website complies with privacy laws and current Brock policies.
Brock University websites and digital platforms must be operated in accordance with the Freedom of Information and Protection of Privacy Act (FIPPA) as outlined in the Access to Information and Protection of Privacy policy. Any personal information requested via online forms must be collected in accordance with the Access to Information and Protection of Privacy Policy.
Data collected via online forms must be kept confidential and secure by the relevant website stakeholders, and purged from the website after 2 years. If data is exported, the corresponding data on the website should be purged immediately.
If copies of online submissions are sent to an email address, these should only be sent to an @brocku.ca email address, not to an email address that is external to Brock. Copies of online submissions sent to an email address are considered transitory records and should be deleted when they are no longer needed, no later than 2 years after being received.
A data retention strategy is necessary to ensure that personal information in WordPress is not kept indefinitely, which has several effects:
- It ensures that we comply with data protection & retention laws and policies in place at Brock
- It helps reduce our data footprint
- It decreases the resources required to operate the system
- It limits the amount of personal information that could be exposed in the event of a privacy breach
Yes, this is required to comply with Brock’s Access to Information and Protection of Privacy Policy. At this time we encourage all WordPress site owners to review their forms and ensure that data older than 2 years is purged from their website. We will soon be enforcing an automatic 2 year retention policy on all forms across the Brock website, but will provide advance notice and an opportunity to export all your existing data ahead of time before this comes into effect.
The maximum retention period for data is 2 years. Data collected via online forms that is older than 2 years must be deleted.
Data can be purged manually or automatically.
Manually: data can be manually purged by a designated website editor who is responsible for reviewing and deleting any information that has been in the system for more than 2 years. See below for instructions on how to manually delete form data.
Automatically: Data can be automatically purged by setting up a retention policy in GravityForms. Once configured, data that is older than 2 years (or less, if a shorter limit is specified) will be automatically & periodically deleted. See below for instructions on how to configure GravityForms for this purpose.
The implementation of the data retention strategy is the responsibility of each department or administrative unit that collect personal information through online forms on their Brock website.
Yes, if you are unsure how to proceed, have questions about making the changes outlined on this page to your WordPress website, or if you need assistance, please contact University Marketing & Communications.
Note: for other website or form platforms in use at Brock (SharePoint, Office 365, Qualtrics), please contact the ITS Helpdesk for assistance.
How to configure your WordPress forms (GravityForms) to automatically purge data
Important: if you need to retain access to old data, you should export all your form entries out of WordPress before following the steps below.
To automatically purge form entries after 2 years (or less), follow these steps.
- Go to Forms > Form name > Settings > Personal Data
- Under Retention Policy, select “Delete entries permanently automatically”.
- In the “Number of days to retain entries before trashing/deleting” field, enter 730 (2 years) or less.
- Click Save Settings.
See docs.gravityforms.com/personal-data-settings for more information.
How to manually delete entries from a WordPress form
We strongly recommend setting up a retention policy for your forms (see above) so that data can be purged automatically. However if you need to manually delete some entries, you can follow the steps below.
- Go to forms and hover over the form name, click on Entries
- Check the box next to the entries you would like to delete. (You can select all entries by clicking the checkbox at the top of the listing)
- At the top of the listing, click the drop down box called “Bulk Actions” and select “Trash”
- Click apply next to the drop down box.
How to export your form entries from WordPress
To export your form entries from WordPress to a CSV or Excel format, follow these steps.
- Go to Forms > Import/Export
- Under the tab Export Entries, select the form you wish to export from the drop down menu.
- Select the fields you would like to export, or check the Select All box at the top.
- You can also select a date range if needed below the entry list.
- Click Download Export File.
See docs.gravityforms.com/exporting-form-entries for more information.