Is your website ethical? Recently I was discussing website encryption (SSL) with a mental health professional, and she brought up the subject of ethics. She said "as a professional, I am responsible for my client's privacy, and that includes when they are on my website." She's right.
Whenever someone is using your website, they are entitled to privacy. But unless your website is encrypted, their connection is not private. Let me explain.
An unsecured website opens the user to what's called "a man in the middle attack." This can occur whenever your website visitor shares a WiFi network with anyone else. This could be at home, in a coffee shop, at an airport or a bus station. Or at work. Anyone with a little skill can see what website she's on and see what she's seeing. What if the "spy" is the husband of a battered wife, or a teenage son or daughter. What if the company he's working for sees that he's seeking help for alcohol or drug addiction? Can you imagine the implications?
The fact is that anyone using your website has the right to an expectation of privacy, and it's your ethical responsibility to provide it. Whether or not they're filling out a contact form is irrelevant in this context. Granted, according to HIPAA, names, email addresses and phone numbers all fall under the category of Identifiers and are to be protected, but this shouldn't be the only factor in your decision to encrypt. It's making the decision to protect the privacy of your website users. And the sooner the better.
What's involved in encrypting your website? Here are the steps: (1) Purchase an SSL Certificate from an approved vendor (SSL stands for Secure Socket Layer). These can usually be had for less than $100/year, and in some cases are actually free. (2) Ask your website host to install the certificate on your website. (3) Check to see that your website has the green padlock in the browser window (it's green on Google chrome, possibly a different color on another browser. (4) If you have a certificate but not the padlock, or if the padlock is gray, your website is not secure and you will need to go through it line by line to find the cause. (5) Finally, re-index your website with Google and other search engines, as they distinguish between https and http.
Don't have the technical skills or the time to do this? Hire a professional. The key is to get it done. Your website visitors expect privacy and it's up to you to make sure they have it.
(To learn more about website encryption, visit www.webxdesign.us/https_solution.)