Interestingly I could not find anything directly on point in the ICO Online Code of Practice but did find the following in his October 14 paper on the Internet of Things: " It will generally be appropriate to use an SSL / TLS connection whetre it is necessary to transmit any sensitive personal data, user login credentials, or unique identifiers".
And a great deal about configuring but not when to use in a May 2014 report on learning from mistakes.
As a follow up I did some quick research.
Online complaints forms in NHS seem quite rare. In the time available I found 4. Three were http and only one https
However I quickly found 12 inviting patient complaints by email - which my webteam points out is in theory as insecure as an http form.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|