Over the last couple of years, Google has pushed for websites to move to the https protocol and encrypt any data that they transmit. This began with higher ranking for websites running under HTTPS rather than HTTP. In January this year, pressure was increased, by marking any e-commerce or membership website as insecure if they did not encrypt their data using an SSL certificate. From this October, this month, any website that includes a form or search box will be marked as insecure in the web browser Chrome.
It is obvious why encrypting data like credit card information or login details is important. However, Google argues, that any data your website transmits should now be encrypted. This data can include users filling in a form or using the search box on your website. Encrypting this data ensures that the privacy of your website visitors is protected.
Google are not the only ones pushing for better data protection and security. On 25 May 2018, next year, new EU data protection legislation comes into law. This makes it a lot clearer what data companies need to protect. If this data has been breached, you will only have 72 hours to let people know their data might have been compromised. It also reinforces peoples right to demand you hand over any personal data you collect, along with their right to demand you delete it.
It has never been more important to consider how you are securing any data your website collects and ensure you understand your legal and ethical responsibility in the storage of that data.
In future posts I will look at some of this in more detail, but here are some resources to help you start thinking about these issues:
EU Portal for the GDPR legislation: In particular this useful overview of the key points
Google article: Next Steps Toward More Connection Security
How to Move a WordPress Website from HTTP to HTTPS/SSL