Supervisor: contact must https with sensitive data




The Authority for Personal Data has announced in a letter to the Royal Dutch Society for Physiotherapy know that if there are special personal data through a contact form, it must have a secure https connection.

personal authority The clarification followed a demand from the KNGF about the security of such forms. Thus, there is thus often BSN and sent medical records, which to note are as sensitive data. This is sensitive data that may have a major impact on privacy.

A spokesman for the Authority Personal confirmed to Tweakers that the security requirement is not only applicable in this case, but also have a broader application. For example, also applies to companies and government organizations that if they process sensitive data via a web application, it must be secured via a https connection. The obligation to provide adequate protection stems from the Data Protection Act. This would for example, municipalities are required to meet this requirement, but it recently appeared yet not always the case is.

Earlier this month, the regulator also gave the opinion that the support of the obsolete SSLv2 may lead to violation of the law. Before that it was known that websites can therefore be vulnerable to the so-called Drown’ attack.


In: A Technology & Gadgets Asked By: [20314 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]