Quite simply, what is the criteria a website must meet for it to need SSL certificate?
Website is not ecommerce but will take user information, contact details and event information.
Even if not technically required does SSL just provide users with added 'trust' in the site?
Cheers
Whenever you cannot trust the wire - Whenever there is a chance of somebody snooping in to whatever is being sent over the wire (network hub, MITM vulnerability etc.) and whatever is being sent on the wire may contain stuff which at least a small subsection of your customer base will not like anyone to have access to.
Use SSL when you are collecting sensitive information from your users, which (IMO) includes contact details. Personally I try and avoid submitting personal details about myself over an unencrypted channel.
In the end it's a judgement call. However, if you're collecting addresses, phone numbers, bank details, or anything that can be physically traced back to the user I'd recommend using SSL.
Obviously this only applies if your transport method is insecure (which the Internet, by definition, is). If you're running your website over an already-secure channel (like an internal network, where you trust your users, then there's not much point).
However, if you do decide to use SSL, make sure you get a valid, signed certificate! SSL without a signed certificate is kind of pointless, since it means your end users cannot trust the authenticity of the certificate. This unfortunately costs money, which is why many small websites don't bother.
SSL is all about trust - the certificates are signed by a "trusted" authority, so users can be sure that they are dealing with the proper certificate holders (as opposed to someone performing a man-in-the-middle attack). Obviously this trust is not ultimate - but it's an added step to providing a safe data channel for user information.
I would want to use SSL for any area of any website where personal information is being transmitted e.g. Login, Registration, Account Settings, Contact Details, User Information.
Take a look at the data being shown and ask yourself if you would want to leave that information posted around about you without any protection - go from there.
Interestingly, SSL combines two components of security, they are:
Typically people use SSL because it encrypts the sending of data to the server. This is important if you are taking passwords, but critically important if you are taking credit card information. For this purpose, generally people have SSL for only that page. This isn't perfect, because the non-secure page you land at may have been spoofed, hence your already at the wrong site, so it doesn't really matter if it's encrypted.
Which brings us to ...
The identification component of SSL is also interesting. PayPal, for example, like their certificates because it is supposed to "prove" that PayPal bought it. Sadly, users don't care or notice this, despite some improvements in browser UI's.
Rarely is it necessary, or worthwhile, to get a certificate for identification (of the server), and IMHO, the two components of SSL should be separated (but that's another story :p). But some may argue that it is useful. I'm not one of those people.