Camillia
asked on
Should I store SSN?
I'm working on a side project... it's forms with names, address, and other info. One of the fields is SSN.
I plan to encrypt the name and address fields. I can encrypt SSN as well but with all the cyber security issues going on... I'm thinking I shouldn't even store SSN or only store the last 4 digits.
The application will be hosted on a hosting server (ARMOR) eventually.
Any thoughts on if I should store SSN and encrypt or just leave out SSN? users can always search by name.
I plan to encrypt the name and address fields. I can encrypt SSN as well but with all the cyber security issues going on... I'm thinking I shouldn't even store SSN or only store the last 4 digits.
The application will be hosted on a hosting server (ARMOR) eventually.
Any thoughts on if I should store SSN and encrypt or just leave out SSN? users can always search by name.
Is it just for searching? Possibly hash the full one and encyrpt the last 4?
What database are you planning on using? One option is to store it as a hash. This way you can search by SSN with the hash.
ASKER
Database is SQL Server 2014 or 2016.
It's for a form and SSN goes with the person's data. When the form is filled, user's info is saved. I can give them search by anything and was thinking just giving them search by name or something else but not SSN.
It's for a form and SSN goes with the person's data. When the form is filled, user's info is saved. I can give them search by anything and was thinking just giving them search by name or something else but not SSN.
hash the full one and encyrpt the last 4Why not encrypt the whole thing? because of searching...it's faster to get a hashed field?
Hash is one way, so no way of getting that data back.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah, let me read about hashing.
Yeah, if there are multiple John Smith's, then address or another info needs to be tagged to it.
Yeah, if there are multiple John Smith's, then address or another info needs to be tagged to it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SSN is on the form that I'm automating. Can't leave it out but , Eric, what you're saying makes sense. If I'm not going to save it , why even ask for it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There are cases where you DO want to ask for data but you don't want to store it
This could be my situation, the more I think about it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.