Data collection

How to Use Google Forms With Hidden PII Safely

Do you use Google Forms to gather information? Maybe you’re creating a survey or signing people up for an event. It’s easy to use and super convenient. But what happens when your form captures hidden personal data — like names, emails, or even IDs — that people don’t see?

That’s called hidden Personally Identifiable Information (PII). And if you’re not careful, it can get shared in ways you didn’t mean!

Let’s make this simple. Here’s how to use Google Forms safely when hidden PII is involved. And don’t worry, we’ll keep it light and fun!

🎯 Wait, What Is Hidden PII?

In short, it’s personal information someone didn’t knowingly give but still ends up in your form. You might add it using:

  • URL parameters
  • Prefilled responses
  • Custom scripts

Google Forms doesn’t show that data to users, but it still ends up in your spreadsheet responses. Sounds sneaky, right? But it’s not always bad — it depends on what you’re doing with it.

Top 10 Questions to Include in Your Data Collection Survey

🚦 First Rule: Know Your Audience

If you’re sending the form inside your organization (like employees or students), and everyone understands what’s being collected, that’s fine. But if you’re sending the form to the public, you need to be extra cautious.

Always ask yourself:

  • Is the hidden data sensitive?
  • Would someone be upset if they knew it was collected?
  • Am I storing it in a safe place?

If any answer leaves you unsure, it’s time to rethink your approach.

🔐 Best Tips for Keeping Hidden PII Safe

1. Use Google Workspace Accounts

If your form includes hidden emails or IDs, make sure responses are saved in a Google Workspace account. Personal Gmail accounts have lower protection and sharing security.

2. Don’t Let Just Anyone Edit

By default, Google gives editing access to whoever you invite. That means they can view form settings — and secrets. Limit editing access to just the people who need it.

3. Disable “Share with Link”

Leaving your form results open to anyone with the link? That’s a hacker’s playground. Set more private permissions!

Here’s how:

  1. Go to the Google Sheet with your form responses.
  2. Click “Share”.
  3. Under “General access”, select Restricted.

4. Don’t Save Hidden Data in the Cloud (Unless It’s Secure)

Are your results syncing to another service like Zapier, Google Data Studio, or Sheets in a shared drive? Hidden PII travels with it! Make sure these tools are secure and only used by authorized people.

5. Encrypt If You Can

This might sound complicated, but even basic encryption helps.

For example, instead of sending an email address as is, you can turn it into a unique ID. That way, if your form leaks, no one knows who’s who.

Original: john.doe@email.com

Hidden: user_18327

You keep that ID mapped to the email privately, away from the form.

👀 How to Use Prefilled Links Wisely

Google Forms lets you prefill answers using links. You’ve probably seen one before:

https://forms.google.com/xyz?email=john.doe@email.com

That email might be hidden in the form, but beware! The info is visible in the link, which means:

  • Anyone who clicks the link can see it
  • Browsers might save it in history
  • Servers can log the URL

What to do instead? Generate short, anonymous codes that link to each person in your own system. A link could look something like:

https://forms.google.com/xyz?code=AB4X2

That “code” would tie back to their email in your database. Safe and clean!

🎩 Tricks With Hidden Fields (Script Magic!)

Want users to never see certain fields but still collect their values? You can use a little script magic with form notifications or Sheets formulas.

Here’s a fun trick:

  1. In your sheet, create a column called “User ID from Link”
  2. Use a script to pull the hidden code from the URL
  3. Match it to your internal system — but don’t display it anywhere in the form!

That way, you can identify someone without ever asking for a name or email in the form itself.

🧼 Think Like a Data Janitor

You collect hidden PII. Great! But what do you do with it afterward?

Please clean it!

  • Delete old data that’s no longer needed
  • Store backup files somewhere safe
  • Encrypt or anonymize anything sensitive

Think like a janitor… with a cape. You’re cleaning up to keep your users safe.

📝 Write a Quick Privacy Note

You don’t need a lawyer. Just be transparent. Add a line at the top or end of your form:

This form might collect technical data (like ID or code) that helps us identify responses. We respect your privacy and won’t share this info.

That kind of honesty goes a long way. Trust matters!

🚫 What NOT to Do

  • Don’t share the response sheet with everyone
  • Don’t bury PII in columns and forget it exists
  • Don’t send prefilled emails in open chat channels or social media

You might not mean any harm, but oversharing is risky. Google Forms is powerful — treat it like a responsibility.

🏁 Final Thoughts

Google Forms is an amazing tool. With just a few clicks, you can gather insights, organize events, or run contests. Adding hidden PII can make your forms even smarter — but it also makes them more sensitive.

Rule of thumb: If you wouldn’t want your own name added secretly to a form, don’t do it to someone else.

So go ahead — build beautiful, safe forms. Just do it with care, clarity, and a little bit of encryption magic!

✨ Safe forms = happy users!

Lucas Anderson
Lucas Anderson

I'm Lucas Anderson, an IT consultant and blogger. Specializing in digital transformation and enterprise tech solutions, I write to help businesses leverage technology effectively.

Articles: 261