asked on

Should I store SSN?

I'm working on a side project... it's forms with names, address, and other info. One of the fields is SSN.

I plan to encrypt the name and address fields. I can encrypt SSN as well but with all the cyber security issues going on... I'm thinking I shouldn't even store SSN or only store the last 4 digits.

The application will be hosted on a hosting server (ARMOR) eventually.

Any thoughts on if I should store SSN and encrypt or just leave out SSN? users can always search by name.

Kyle Abrahams, PMP

Is it just for searching? Possibly hash the full one and encyrpt the last 4?

Shaun Vermaak

What database are you planning on using? One option is to store it as a hash. This way you can search by SSN with the hash.

Camillia

ASKER

Database is SQL Server 2014 or 2016.

It's for a form and SSN goes with the person's data. When the form is filled, user's info is saved. I can give them search by anything and was thinking just giving them search by name or something else but not SSN.

hash the full one and encyrpt the last 4

Why not encrypt the whole thing? because of searching...it's faster to get a hashed field?

Kyle Abrahams, PMP

Hash is one way, so no way of getting that data back.

SOLUTION

gilnov

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Camillia

ASKER

Ah, let me read about hashing.

Yeah, if there are multiple John Smith's, then address or another info needs to be tagged to it.

SOLUTION

Éric Moreau

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Camillia

ASKER

SSN is on the form that I'm automating. Can't leave it out but , Eric, what you're saying makes sense. If I'm not going to save it , why even ask for it.

ASKER CERTIFIED SOLUTION