Don't cache the page.
Do you mind elaborate a bit more?
I don't think seeing the information from "View Source" is an issue - the only information a user would be able to view is their own.
Now, transmitting to the company - THAT needs to be secure. As long as the data is being POSTED (not GET) from a form via SSL (httpS), it should be secure.
Unless, like Dan, I'm not understanding the question as you have put it.
I agree! I was thinking the same thing but not sure until someone said it. It's been moved to https and I also added Dan' suggestion. From the net I found the following and I think I'm done. Thank you everyone!
<cfheader name="expires" value="#now()#">
<cfheader name="pragma" value="no-cache">
<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">