This may not be the correct place to ask this question, but I can't find another forum that seems to match my question.
We have a web site which stores : user's name (which is not validated in any way, so we have lots of Donald Ducks and Mickey Mouses), e-mail address and mobile 'phone number for users. The data are used for sending traffic updates by e-mail and / or SMS.
Should we use HTTPS when the users log in to and set their messaging options in the site?
We don't use HTTPs at the moment because we think that the user data we store is not very sensitive and do not believe that it would be of any use to criminals.
Even if you don't expect it to be of use, you still gain the client's trust if you do use HTTPS. At some point they will be entering their email and phone number, they would really like it to be safe, am sure.
Whether or not to secure the traffic is up to you. As you have mentioned, it doesnt seem that it is critical for you to protect. HTTPS doesnt secure the data you store, it secures the data in transit. If HTTP traffic is capture on the network, it can be read in plain text. If you use the HTTPS protocol, the data is encrypted and cannot be read if captured.
The issue is exactly what pritaeas pointed out. There may be users that may not want to interact with your site if they feel their data is important to them and you are not safe guarding the data in transit.