Learn more
We're choc-full of suprises, and have heaps more to share with you.
Statamic Add-ons
We make add-ons for Statamic that help developers all around the world.
Our blog

Do we really need to store all this information?

By Michael Scruse
Published October 9th, 2024

In the digital age, data is the new currency. Businesses strive to capture as much information as possible from their website visitors, often through forms that collect data like names, emails, phone numbers, and sometimes even more sensitive details. However, as data breaches become more common, it’s time to ask a critical question: Do we really need to store all this information?

The Risk of Storing Sensitive Data

Every time you store sensitive information on your website, you assume the responsibility of keeping that data safe. This isn’t just about maintaining trust with your users; it’s also about adhering to privacy regulations like the GDPR, CCPA, or Australia’s Privacy Act. Failure to protect user data can lead to severe penalties, not to mention the reputational damage that comes with a breach.

Consider the following risks:

Data Breaches: Storing sensitive information like addresses, phone numbers, or financial details makes your website a target for cybercriminals. If your website or server is compromised, the attackers gain access to this data, potentially leading to identity theft or financial loss for your users.

Regulatory Penalties: If your website stores user data, it must comply with relevant data protection regulations. Even a small oversight—like failing to securely store or delete data after it’s no longer needed—can result in significant fines. By minimising the amount of data stored, you reduce the chances of violating these laws.

Increased Costs for Security Measures: The more data you collect and store, the more you’ll need to invest in robust security measures like encryption, secure servers, and regular audits. While these are necessary to protect any data you store, the costs can quickly add up, especially for small businesses and non-profits.

Do You Really Need to Store That Data?

Many businesses collect and store data without fully understanding whether they need to. For example, do you need to keep a user’s name and email address after they’ve filled out a contact form, or is it enough to forward that information directly to your inbox? Here are a few questions to consider:

What is the purpose of collecting this data? Think critically about why you’re collecting each piece of information. If you’re using it to respond to a user’s enquiry, do you really need to store it permanently?

How long do you need to keep it? For many interactions, like contact form submissions or newsletter sign-ups, storing the data beyond a few days or weeks might not be necessary. Consider deleting submissions after a certain period or after they’ve been processed.

Alternatives to Storing Data

The good news is that there are plenty of ways to collect data without storing it directly on your website:

Email Notifications: For simple contact forms or enquiries, configure your form to send submissions directly to an email inbox instead of storing them in a database. This way, the data isn’t stored on your website’s server, reducing the risk of exposure if your website is compromised.

Third-Party Integrations: Use third-party services like CRM platforms or payment gateways to handle sensitive data. This shifts the burden of data security to providers that specialise in protecting information and have robust systems in place.

Temporary Storage: If you do need to store data for processing, consider storing it temporarily. Use automated scripts to delete data after a set time frame, such as 30 days, reducing the window in which sensitive information is vulnerable. For new sites development by Mity we have our very own Statamic add-on that will clear out your form submissions and any related file attachments for you. This can be configured based on your own requirements.

Privacy and User Trust

Beyond the technical considerations, there’s an important trust factor at play. Users are becoming increasingly aware of how their data is collected and used, and they prefer to interact with websites that respect their privacy. By minimising the amount of data you store, you send a message to your users: We respect your privacy and take your security seriously.

This trust can translate into stronger relationships with your customers, increased loyalty, and even positive word-of-mouth. In contrast, a data breach—no matter how small—can permanently damage that trust and turn away potential customers or supporters.

The decision to store sensitive information should never be taken lightly. By critically assessing whether you need to store data, and for how long, you can better protect your users’ privacy while reducing your own security burden. Remember, not every form submission needs to live on your server indefinitely. In many cases, less is more when it comes to data storage—less risk, less hassle, and more peace of mind for you and your users.

Michael Scruse
The author

Michael Scruse

Michael brings his technical, web and sales expertise to every project, backed by over 30 years’ experience in the IT industry.

Michael is also a qualified chef, although cooking is now in a domestic kitchen. Michael is a bit of a history buff and is currently researching his own family history.

Need some wow?
Contact us.