Website without HTTPS: Privacy Guarantor sanctions a company

garante privacy sanziona sito web senza https

A website that does not provide an SSL certificate is liable to a penalty. This is according to the Garante della Privacy, which recently fined a company that had failed to implement adequate data protection systems.

Specifically, the regulator had found that HTTPS protocol was missing.

Table of Contents:
HTTPS: what is it all about?
The sanction of the Privacy Guarantor
SSL certificate types: choose the right one
Domain Validation (DV)
Organization Validation (OV)
Extended Validation (EV)
HTTPS: what is it all about?
Hypertext Transfer Protocol Secure is the secure version of HTTP, which is the main protocol used to transmit information from the client to the server.

The presence of HTTPS, in essence, goes to certify the website using the appropriate encryption protocol (SSL/TLS) to protect communications.

When information travels via HTTP, it is broken down into packets of data that can be easily intercepted by third parties (Man in the Middle) because it is sent in the clear, without encryption; with the secure protocol, the traffic is encrypted in such a way as to hide the information.

Even browsers themselves alert users who visit a website without HTTPS, and they do so by displaying the words “not secure” in the address bar.

The Privacy Guarantor’s sanction
It all started with a complaint to the Garante from a user, who reported the absence of encryption on a company website. In this case, the lack of an SSL certificate was highlighted in an area of the website where sensitive data such as authentication credentials, telephone contacts, tax codes, VAT numbers, biographical and billing data were passing through.

The user proceeded to forward two reports by PEC to the water utility company that was the owner of the domain and, given the lack of response, decided to contact the Privacy Guarantor. Following receipt of the complaint, the authority found that the company had failed to comply with the obligations under the Privacy Regulation regarding integrity and confidentiality in data processing, according to which the owner must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (such as encryption of personal data and that of protection from the design of the website).

The company in question was given a fine of 15,000 euros for failing to protect customer data registered on the restricted area of its website in a proper manner. The fine was imposed considering the volume of data processed, the number of users and the company’s collaborative approach.

Types of SSL certificate: choose the right one
Enabling HTTPS on your website requires obtaining an SSL from a certificate authority. There are different types of SSL certificates on the market, which we will look at in detail below.

Domain Validation (DV)
This type of SSL certifies the domain on some is activated. It then enables the HTTPS protocol and applies the lock icon in the address bar.

DV SSL certificates are the most basic and require a single step of verification by the domain holder. To finalize the validation, the latter must prove that he or she is indeed the domain holder, and to do so, one of the most practiced ways is to verify through the emails that are usually in the management of the website administrator (webmaster@, postmaster@).

Shellrent’s offering, thanks to its partnership with the Certificate Authority Sectigo, provides two SSL certificates to DV, the PositiveSSL and the SectigoSSL, which vary in level of assurance.

Learn about Domain Validation SSL certificates
Organization Validation (OV)
Organization Validation SSL certificates provide an additional layer of security by authenticating the identity and legitimacy of the company in question. This must prove that it is the owner of the domain name and, at the same time, that it is legally registered.

In this case, the validation is done through a few steps that include verifying the actual location of your business, the phone number and the ownership of the domain.

Learn about SSL Organization Validation certificates
Extended Validation (EV)
Extended Validation SSL certificates apply the highest level of reliability and is particularly suitable for those websites where personal and sensitive data is transiting, such as eCommerce.

The validation process is the most complex: the Certificate Authority will subject the company to extensive verification to certify its identity and trustworthiness.

Web crawlers: the best tools to scan websites

eCommerce checklist: what to do before opening an online shop

Digital Trend 2023: what to expect

Cloud grows and turns 25

The benefits of edge computing in data collection and analysis

The importance of Visual Content in marketing

The best domain extensions for an eCommerce

What is phishing and how to protect yourself

Shellrent’s Black Week arrives: 70% discounts on Hosting, Cloud and more

Website without HTTPS: Privacy Guarantor sanctions a company

Leave a Reply Cancel reply