What it does
Your university can collect the following sensitive data fields as part of a student’s application when you add them in Web Form Builder:
Student.religionStudent.sexort(sexual orientation)Student.country_of_birthStudent.free_school_mealsStudent.passport_no
Once submitted by the student, these data are stored in the Applications module and automatically updated on the student's record in the central Student Database.
This functionality is particularly useful for Admissions Teams managing specific workflows, such as those within the “International Applications” module occurrence.
How access is managed
Sensitive data is tightly controlled and only accessible where needed:
Officers assigned to the relevant module occurrence (e.g. “International Applications”) can view the entire application, including any of the sensitive fields.
Users in other areas of your Student CRM are automatically restricted from viewing these fields.
To view sensitive data, a user must have the “View Sensitive” permission enabled in their User Preferences.
This ensures sensitive personal information is kept confidential and only visible to the right people.
Why extra care is needed
Some of the information collected via this feature is classified as Special Category Data under UK GDPR. That means it requires enhanced security and restricted access due to its potential impact on an individual’s rights and freedoms.
Care must be taken to:
Limit visibility to only those who require it
Avoid exporting or sharing this data without purpose and permission
Ensure appropriate consent and legal basis are in place for collection and use
By using this feature responsibly, your institution helps protect applicants' privacy while maintaining compliance with data protection laws.
Need to check access?
Admins can go to Settings > Users > Preferences to toggle the “View Sensitive” setting on or off for individual users.
FAQs
Q: Who can see the sensitive fields after a student submits them?
A: There are two ways users may see the sensitive data, depending on their role and permissions:
Application Form View: Admissions Officers working within the relevant module occurrence (e.g. “International Applications”) can view all submitted data, including sensitive fields, by opening the original application form.
Student Record View: Any user with the “View Sensitive” permission enabled in their User Preferences can also see these fields in the Student Record Card in the Student Database, under the ‘Sensitive’ subtab.
Q: Can these fields be hidden from other departments?
A: Yes. Other university users without the sensitive data permission will not see these fields in the Student Database, even if they view the same student record.
Q: What happens if a user without permission tries to view a sensitive field?
A: The data will be masked and not visible. Users without permission have no access to the field’s content.
Q: Is the collection of this data optional?
A: Yes. Universities choose which of these six fields to include on their application forms.
Q: Where do the answer choices for Religion and Sexual Orientation come from?
A: The options for both Student.religion and Student.sexort fields are based on the official HESA (Higher Education Statistics Agency) categories. These ensure consistency with sector-wide reporting and compliance standards.
You can choose to hide any of the default HESA values from the dropdown menu on your webform, and you can also add custom values to reflect your institution’s specific needs or terminology.
Q: Where can I see the sensitive data we have collected?
A: When viewing any application, click the three dots (‘More Options’) menu and select ‘View Application’ to see the original application form with the data entered by the student.