Websites without secure transmission of personal data – DPP 4 – security of personal data
Background
The PCPD examined around 660 local websites from various sectors which involved the collection of personal data, to evaluate whether the data users concerned provided sufficient security measures for personal data transmitted through their websites. Subsequently, the PCPD initiated compliance checks against 68 of those data users who did not enable Secure Sockets Layer (SSL) or other technical means on their websites to encrypt the data transmitted.
The compliance actions revealed that most of the problematic data users involved were either not aware of the need of security during personal data transmission through Internet or they did not have sufficient knowledge of information technology to make their websites secure.
Remedial Measures
With the PCPD’s advice, the 68 data users had implemented SSL encryption on their websites in order to protect the transmitted personal data against unauthorised interception or access. In view of the positive outcome, the PCPD will continue to carry out similar exercises.
(Uploaded in July 2022)