I've been involved in over a hundred Web-based surveys in the past several years... some on the commercial side of research (ie. market research), but most of my experience has been with academic researchers and Universities. Early on (1996 - 2001) we did not use encryption (SSL) technologies. Mostly because it usually required a special browser, or a large "plug-in" download for respondents. However, as Mark points out, most of the content of the surveys were not of concern either. More recently, since 2001, every survey we do use SSL technology. The great majority of browsers have it, so that is no longer an issue. AND, in many cases, other laws (more than just IRBs) are requiring it. Many of the studies I am involved in include health or healthcare topics... and some are even meant to do a quasi-diagnosis (ie. mental health) of respondents conditions. These topics are now covered by a federal law called "HIPPA - Health Insurance Portability and Accountability Act of 1996". There are similar regulations in other topic areas as well.