Secure every method of collecting data—whether over the phone, by mail, through email, via web forms, or from affiliates or other third parties—against snooping and data theft. Follow established practices, such as ensuring that any communication carrying potentially sensitive information is encrypted and secure, to protect your users’ data in transit.
Since 2010, tech giants including Google, Yahoo, Twitter, Reddit, Microsoft, and Facebook have received applause for encrypting user connections by default via HTTPS. By moving to HTTPS-by-default, the sites help protect users from monitoring by governments and bad actors. Privacy advocates welcomed Facebook’s move to HTTPS as a “huge step forward” while emphasizing that Yahoo’s move to encrypt its mail servers was “better late than never.”