Evan Cutler
asked on
Storing Social Security Numbers
Greetings,
I'm being asked to create a web-faced database storing PII and Privacy Act 1974 (same coverage?) information such as Social Security Numbers (SSN's).
I firmly believe (as with everyone else) that SSN's should not be stored in the clear. They should be stored using Hash-246 or better. I am more than open to wisdom on this method.
But my real question is output. If my client wants to derive a report based on said individual, and needs the SSN to show up on the report, how do I get it back out of Hash and send it to the report?
thanks.
I'm being asked to create a web-faced database storing PII and Privacy Act 1974 (same coverage?) information such as Social Security Numbers (SSN's).
I firmly believe (as with everyone else) that SSN's should not be stored in the clear. They should be stored using Hash-246 or better. I am more than open to wisdom on this method.
But my real question is output. If my client wants to derive a report based on said individual, and needs the SSN to show up on the report, how do I get it back out of Hash and send it to the report?
thanks.
ASKER
I was considering VPN over SSL.
Do you have any input on how to perform encryption?
Thanks.
Do you have any input on how to perform encryption?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks...This helps alot.
In addition, it may be illegal to transmit them in the clear so the question becomes how will you encrypt the reports that are developed over the internet?