Supervisor: contact must https with sensitive data

Mar

26

2016

The Authority for Personal Data has announced in a letter to the Royal Dutch Society for Physiotherapy know that if there are special personal data through a contact form, it must have a secure https connection.

personal authority The clarification followed a demand from the KNGF about the security of such forms. Thus, there is thus often BSN and sent medical records, which to note are as sensitive data. This is sensitive data that may have a major impact on privacy.

A spokesman for the Authority Personal confirmed to Tweakers that the security requirement is not only applicable in this case, but also have a broader application. For example, also applies to companies and government organizations that if they process sensitive data via a web application, it must be secured via a https connection. The obligation to provide adequate protection stems from the Data Protection Act. This would for example, municipalities are required to meet this requirement, but it recently appeared yet not always the case is.

Earlier this month, the regulator also gave the opinion that the support of the obsolete SSLv2 may lead to violation of the law. Before that it was known that websites can therefore be vulnerable to the so-called Drown’ attack.

Viewing:-110

In: Technology & Gadgets Asked By: [15771 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »