Avatar of Evan Cutler
Evan Cutler
Flag for United States of America asked on

Storing Social Security Numbers

I'm being asked to create a web-faced database storing PII and Privacy Act 1974 (same coverage?) information such as Social Security Numbers (SSN's).

I firmly believe (as with everyone else) that SSN's should not be stored in the clear.  They should be stored using Hash-246 or better.  I am more than open to wisdom on this method.

But my real question is output.  If my client wants to derive a report based on said individual, and needs the SSN to show up on the report, how do I get it back out of Hash and send it to the report?

ASP.NETEncryptionMicrosoft SQL Server

Avatar of undefined
Last Comment
Evan Cutler

8/22/2022 - Mon
Dave Baldwin

If you want to get it back for a report, you need encryption, not a hash.  Hash is by definition a one-way process.

In addition, it may be illegal to transmit them in the clear so the question becomes how will you encrypt the reports that are developed over the internet?
Evan Cutler

I was considering VPN over SSL.

Do you have any input on how to perform encryption?
Dave Baldwin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Evan Cutler

Thanks...This helps alot.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck