diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 71dcaa44f..2537e0135 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -11,6 +11,7 @@
  - fixed #11038: My Carousel Broke
  - fixed ExpireIncompleteSurveyResponses workflow sending one email per asset revision
  - fixed #10994: Gallery: Problems with uploading ZIP-archives
+ - fixed #11032: The Thingy form field "otherThingy" not checking for privilege
 
 7.8.0
  - upgraded YUI to 2.8.0r4
diff --git a/lib/WebGUI/Asset/Wobject/Thingy.pm b/lib/WebGUI/Asset/Wobject/Thingy.pm
index c8a9e1d1c..733ca8098 100644
--- a/lib/WebGUI/Asset/Wobject/Thingy.pm
+++ b/lib/WebGUI/Asset/Wobject/Thingy.pm
@@ -965,9 +965,9 @@ sub getFormPlugin {
 
     my %param;
     my $session = $self->session;
-    my $db = $session->db;
-    my $dbh = $db->dbh;
-    my $i18n = WebGUI::International->new($session,"Asset_Thingy");
+    my $db      = $session->db;
+    my $dbh     = $db->dbh;
+    my $i18n    = WebGUI::International->new($session,"Asset_Thingy");
 
     $param{name} = "field_".$data->{fieldId};
     my $name = $param{name};
@@ -989,7 +989,7 @@ sub getFormPlugin {
 
     if ( WebGUI::Utility::isIn( $data->{fieldType}, qw(SelectList CheckList SelectBox Attachments) ) ) {
         my @values;
-        if ( $useFormPostData && $self->session->form->param($name) ) {
+        if ( $useFormPostData && $session->form->param($name) ) {
             $param{ value } = [ $session->form->process( $name, $data->{fieldType} ) ];
         }
         elsif ( $data->{ value } ) {
@@ -1000,7 +1000,7 @@ sub getFormPlugin {
             $param{value} = \@values;
         }
     }
-    elsif ( $useFormPostData && $self->session->form->param($name) ) {
+    elsif ( $useFormPostData && $session->form->param($name) ) {
         $param{value} = $session->form->process( $name, $data->{fieldType} );
     }
 
@@ -1045,10 +1045,16 @@ sub getFormPlugin {
         my $errorMessage = $self->badOtherThing($tableName, $fieldName);
         return $errorMessage if $errorMessage;
 
-        $options = $db->buildHashRef('select thingDataId, '
+        my $sth = $session->db->read('select thingDataId, '
             .$dbh->quote_identifier($fieldName)
             .' from '.$dbh->quote_identifier($tableName));
     
+        while (my $result = $sth->hashRef){
+            if ($self->canViewThingData($otherThingId,$result->{thingDataId})){
+                $options->{$result->{thingDataId}} = $result->{$fieldName}
+            }
+        }
+ 
         my $value = $data->{value} || $data->{defaultValue};
         ($param{value}) = $db->quickArray('select '
             .$dbh->quote_identifier($fieldName)
diff --git a/t/Asset/Wobject/Thingy.t b/t/Asset/Wobject/Thingy.t
index 42120ff54..e13b38123 100644
--- a/t/Asset/Wobject/Thingy.t
+++ b/t/Asset/Wobject/Thingy.t
@@ -16,7 +16,7 @@ use lib "$FindBin::Bin/../../lib";
 
 use WebGUI::Test;
 use WebGUI::Session;
-use Test::More tests => 22; # increment this value for each test you create
+use Test::More tests => 26; # increment this value for each test you create
 use Test::Deep;
 use JSON;
 use WebGUI::Asset::Wobject::Thingy;
@@ -300,11 +300,19 @@ cmp_deeply(
 
 ($newThingDataId,$errors) = $thingy->editThingDataSave($thingId,'new',{"field_".$fieldId => 'second test value'});
 
+#################################################################
+#
+# maxEntriesPerUser
+#
+#################################################################
+
 my %otherThingProperties = %thingProperties;
 $otherThingProperties{maxEntriesPerUser} = 1;
 $otherThingProperties{editTemplateId   } = $templateId;
 my $otherThingId = $thingy->addThing(\%otherThingProperties, 0); 
-my $otherFieldId = $thingy->addField(\%fieldProperties, 0);
+my %otherFieldProperties = %fieldProperties;
+$otherFieldProperties{thingId} = $otherThingId;
+my $otherFieldId = $thingy->addField(\%otherFieldProperties, 0);
 ok( ! $thingy->hasEnteredMaxPerUser($otherThingId), 'hasEnteredMaxPerUser: returns false with no data entered');
 
 my @edit_thing_form_fields = qw/form_start form_end form_submit field_loop/;
@@ -327,7 +335,7 @@ my @edit_thing_form_fields = qw/form_start form_end form_submit field_loop/;
 }
 
 $thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'other test value'} );
-ok( $thingy->hasEnteredMaxPerUser($otherThingId), '... returns true with one row entered, and maxEntriesPerUser=1');
+ok( $thingy->hasEnteredMaxPerUser($otherThingId), 'hasEnteredMaxPerUser returns true with one row entered, and maxEntriesPerUser=1');
 
 {
     WebGUI::Test->mockAssetId($templateId, $templateMock);
@@ -343,3 +351,50 @@ ok( $thingy->hasEnteredMaxPerUser($otherThingId), '... returns true with one row
         'thing edit form variables do not exist, because max entries was reached'
     );
 }
+
+#################################################################
+#
+# deleteThing
+#
+#################################################################
+
+$thingy->deleteThing($otherThingId);
+my $count;
+$count = $session->db->quickScalar('select count(*) from Thingy_things where thingId=?',[$otherThingId]);
+is($count, 0, 'deleteThing: clears thing from Thingy_things');
+$count = $session->db->quickScalar('select count(*) from Thingy_fields where thingId=?',[$otherThingId]);
+is($count, 0, '... clears thing from Thingy_fields');
+my $table = $session->db->dbh->table_info(undef, undef, 'Thingy_'.$otherThingId)->fetchrow_hashref();
+is($table, undef, '... drops thing specific table');
+
+#################################################################
+#
+# thing data permissions, getFormPlugin
+#
+#################################################################
+
+%otherThingProperties                = %thingProperties;
+$otherThingProperties{'groupIdView'} = 3;
+$otherThingId                        = $thingy->addThing(\%otherThingProperties, 0); 
+%otherFieldProperties                = %fieldProperties;
+$otherFieldProperties{thingId}       = $otherThingId;
+$otherFieldId                        = $thingy->addField(\%otherFieldProperties, 0);
+$thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'value 1'} );
+$thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'value 2'} );
+$thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'value 3'} );
+
+my $andy = WebGUI::User->create($session);
+WebGUI::Test->usersToDelete($andy);
+$session->user({userId => $andy->userId});
+
+my $form = $thingy->getFormPlugin({
+    name                => 'fakeFormForTesting',
+    fieldType           => 'otherThing_'.$otherThingId,
+    fieldInOtherThingId => $otherFieldId,
+});
+
+cmp_deeply(
+    $form->get('options'),
+    {},
+    'getFormPlugin: form has no data since the user does not have viewing privileges'
+);