Hi all In this day and age, you should encrypt everything, not just forms. We do for anything we implement. Yes there is an initial handshake to get https going, but after that the overheads are remarkably low. Eg from five years ago In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy *no additional machines and no special hardware*. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that. https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy *no additional machines* and *no special hardware*. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy *no additional machines* and *no special hardware*. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that. See also https://https.cio.gov/everything/ for general motivation mark Mark van Harmelen phone +44 7830 212 464 skype markvanharmelen On Thu, Sep 24, 2015 at 7:28 PM, Chris Spray <[log in to unmask]> wrote: > Hi, If it is any help, our security team/policy requires that we use https > for all data input forms on our web pages, sensitive data or not. > > Chris > > -----Original Message----- > From: This list is for those interested in Data Protection issues [mailto: > [log in to unmask]] On Behalf Of Phil Bradshaw > Sent: 24 September 2015 17:01 > To: [log in to unmask] > Subject: [data-protection] Online complaints > > Early Friday question - getting in first > > If an organisation is dealing with sensitive issues e.g. health, social > services is it acceptable to have an online complaint form which uses > standard http protocol rather than https ? > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > All archives of messages are stored permanently and are > available to the world wide web community at large at > http://www.jiscmail.ac.uk/lists/data-protection.html > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] All user commands > can be found at http://www.jiscmail.ac.uk/help/commandref.htm > Any queries about sending or receiving messages please send to the list > owner > [log in to unmask] > Full help Desk - please email [log in to unmask] describing your > needs > To receive these emails in HTML format send the command: > SET data-protection HTML to [log in to unmask] > (all commands go to [log in to unmask] not the list please) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 2015.0.6140 / Virus Database: 4419/10688 - Release Date: 09/23/15 > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > All archives of messages are stored permanently and are > available to the world wide web community at large at > http://www.jiscmail.ac.uk/lists/data-protection.html > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at > http://www.jiscmail.ac.uk/help/commandref.htm > Any queries about sending or receiving messages please send to the list > owner > [log in to unmask] > Full help Desk - please email [log in to unmask] describing your > needs > To receive these emails in HTML format send the command: > SET data-protection HTML to [log in to unmask] > (all commands go to [log in to unmask] not the list please) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^