A new report by RiskIQ found that over a year after the European Union’s General Data Protection Regulation (GDPR) went into effect, 11.5% of websites still fail to properly secure the way they collect personally identifiable information (PII) from users. Progress is being made however, since the number was 27% in last year’s report.
Common insecure data collection practices involve the use of HTTP instead of the secure version of this protocol, HTTPS; the collection of clear text data; and the reliance on misconfigured certificates. Fabian Libeau of RiskIQ believes that while “[t]his research shows that organizations are continuing to make progress in ensuring that personal data entered online is collected in a secure manner,” the identified shortcomings “[serve] to highlight that there is more to be done.”