The creation of good forms involves far more than simple HTML. There are four primary principles that should be followed when creating a form:

Usability / simplicity

Is the form easy to understand? (Put rather more bluntly: “Users are idiots”.) Making a form that is simple to comprehend and easy to fill out is not always a clear process for the designer.

Security

Does the form provide basic security measures that help protect our site? Placing a form on a website essentially opens a window to the world, allowing users to interact with the underpinnings of our site (often, a database). One of the primary ways control of a website is hijacked from the owner is through the manipulation and insertion of malformed form data. The addition of simple safeguards on form elements is the first and most basic level of protection against this form of abuse.

Privacy

The site should have clear answers to the following questions:

• Why should I give you, the site owner, the information asked for by this form? What do I get in exchange for doing so?

• What do you use the information for?

• Who do you give the information to, if anyone?

• How do I remove information from your site once I have submitted it? (Also known as an “opt-out” process)

Privacy statements are not yet legally required in Canada for non-government, non-banking websites, but they are a Very Good Idea. They are required for doing business in the EU, and for minors in the United States. They do not have to be written in legalese (and it is, in fact, an advantage if they are not: users appreciate clear, straightforward explanations.)

Accessibility

Can the form be easily used by those with different or limited abilities? (For example, by the blind, or those with poor motor-coordination skills).