Control Inventory report

This report displays an inventory of form controls found during a content scan to help you determine where privacy choices are being offered (opt-in or opt-out). A form control is a component of a form such as a data collection field.

Why it matters

Many websites permit visitors express their privacy preferences with user choice components such as check box and radio buttons. You can use the report data to help you ensure these form controls use proper data collection practices, and that their pages follow your corporate guidelines.

One of the key fair information principles is to provide individuals with the ability to control how their personal information is used. Trust will be eroded if their information is passed to third parties without their knowledge and consent or if they receive 'surprise' communications from you that are unwanted. Using pre-populated fields on opt-out forms might make your organization in contravention of privacy legislation in certain jurisdictions.

Remediation and best practices for using pre-populated forms

  • Make sure you have a link to your privacy statement on every web page, especially on pages with forms that collect personally identifiable information (PII).
  • Provide choice, through the form of an opt-in or opt-out mechanism, for any use of personal information other than required to the provision of the service being provided, other than the primary purpose for which it was provided. Common examples of such secondary uses include sharing with third parties or using to send marketing communications for example registering for a newsletter. In certain jurisdictions, this practice might make you noncompliant with their privacy legislation.
  • Do not pre-check contact boxes (default is 'unknown').
  • Use the POST method on forms instead of the GET method. When a web page is programmed using the POST method, only the submitted information is sent to the server delivering the page content. A form using the GET method to submit data does not submit the data in a secure manner. If you must use the GET method, carefully review any of your web pages where forms are being submitted and verify that the referrer URLs of the images and links on that page are not unintentionally transmitting personal information.
  • Use a meaningful name for each control and form.