Seeking useful info on legal or regulatory compliance requirements for storage of US SSNs (in a SQL Server/ColdFusion payroll-related application). HIPAA and GLBA don't seem to apply, as this is outside both the healthcare space and the financial institution space, but if they did apply, that's along the lines of what I'm looking for. Or if SB1386 mandated how to handle private data, rather than just what to do with it after it's been *mis*handled, then I'd also want to know that.
This is not a tech question; am not seeking advice on encryption schemes or products, etc. I want to figure out what's required; there's time later to worry about how to implement it. Lastly, I'm not stingy with points or grades, but rush-rush posts consisting of not-super-relevant Googled URLs will earn neither. Thanks very much!