Many web form processing systems allow you to save the form posts in a database. However, for security and compliance reasons, that is not really very secure. Of course, if your form processing and the database are in a secure, compliant environment (e.g. a HIPAA-compliant dedicated server), then the situation is better and it may be OK to have your form data saved unencrypted in your database.
However, as the person doing your compliance risk analysis will tell you, it is always better to have data encrypted at rest if you have a choice. That greatly reduces your risk of breach / compromise. The problem is: these web form processing systems and plugins will not encrypt your data for you and it is not easy to get a database that is itself fully encrypted.
Read the rest of this post »