Hi Joe
No legal background here, but I would encrypt where possible
1. Encryption removes some or the risk of personal details being
snagged by another (possible scenario - a user supplying details is
doing so in a public wi-fi area where either there is unencrypted
transmission or there is a man in the middle attack going on)
2. Much encryption is pretty easy to do these days, eg its easy to
turn SSL on if you are using Apache, this deals with the problem at 1
above, but means buying a certificate from a recognised authority if
your organisation is going to avoid that somewhat embarrassing browser
message 'security certificate not recognised'
3. I'm guessing encrypting packages of data to send via SMTP is a
bit harder and probably needs a bit of programatic help
4. I would doubt your question 4 is valid as expressed - a similar
example constructed for illustration: Other people possess heroin
therefore it is legal for Joe Bloggs to possess heroin - this is not
in any way compliant with existing law
5. Encryption saves the reputation of the IT Operations
Co-ordinator, or, rather, no encryption and bad luck may not do the IT
Operations Co-ordinator's reputation any good
regards
mark
On Thu, May 19, 2011 at 3:49 PM, Joe Sutton <[log in to unmask]> wrote:
>
>
> One of those times where I feel I know the answer but could do with some corroboration.
> Companies often have simple forms on their websites to make requests, give feedback, and a variety of other communication requests.
>
> In the case where such forms request personal data such as name, address, telephone number, email address, etc:-
> 1 is it necessary for the webpage to be secure with e.g. SSL certificates?
> 2 If the website is hosted and will then need to transmit that information on via SMTP, is it also necessary for this to be encrypted?
> 3 Can companies absolve themselves of any need to secure information submitted via an official web form with a disclaimer noting that anyone who submits information is submitting it in an insecure manner?
> 4 Can the fact that many other similar organisations operate in the same way be used as evidence that this method is legally compliant?
>
> No prizes for guessing my opinions on the above points.
> Cheers,
>
> Joe Sutton
> ICT Operations Coordinator
> Somer Housing Group
>
>
>
> -------------------------------------------------------------------------------------------
>
> Save Paper - Do you really need to print this e-mail?
>
> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Somer Housing Group or its member organisations. If you are not the intended recipient of this message, you are hereby notified that any further use of this message is prohibited and requested to notify the ICT department ([log in to unmask]) at Somer Housing Group immediately.
>
> Somer Housing Group incorporates Somer Community Housing Trust, Redland Housing Association, Shape Housing Association, and Somer Housing Group Ltd.
>
> Somer Community Housing Trust is a company limited by guarantee, registered in England and Wales, no. 3574882 Tenant Services Authority no. LH4209 Charity Commission no. 1074574
>
> Shape Housing Association is registered in England and Wales as an exempt charity with the Financial Services Authority, no. 24208R Tenant Services Authority no. LH3918 (Shape Housing Association was formerly known as Bath Self Help Housing Association)
>
> Somer Housing Group Limited is a company registered in England and Wales, no. 4302179 Tenant Services Authority no. LH4336.
>
> Registered offices: The Maltings, River Place, Lower Bristol Road, Bath, BA2 1EP Tel: +44 (0)1225 366000, email: [log in to unmask]
>
> Redland Housing Association Limited is registered in England and Wales as an exempt charity with the Financial Services Authority, no. 20903R Tenant Services Authority no. L0419
>
> Registered office: Holly House, Corbet Close, Lawrence Weston, Bristol, BS11 0TA Tel: +44 (0)117 9382700, email: [log in to unmask]
>
> -------------------------------------------------------------------------------------------
> ________________________________
>
> All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
>
> Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
>
> Leaving this list: send leave data-protection to [log in to unmask]
> Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
> To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
> To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]
>
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
>
> Any queries about sending or receiving messages please send to the list owner [log in to unmask]
>
> (Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
>
> ________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|