A client using our system has requested that we store the SSNs/SINs of the end users in our database. Currently, we store minimal information about users (name, email address, and optionally, country), so I'm not overly concerned about a security breach - however, I have a suspicion there could be legal issues about storing SSNs and not taking "appropriate" measures to secure them (coming from Australia, this is my first encounter with them). Is this a valid concern?
I also read on the Wikipedia page about SINs (Canada's equivalent to SSNs) that it should ONLY be used when absolutely necessary and definitely shouldn't be used as a general identifier, or similar.
So, are there any potential legal issues about this sort of thing? Do you have any recommendations?
Do not store any document that contains social security number (SSN) or other confidential information unless it is critical to your business process. 2. Confidential data should be stored in an area that has physical access controls in place. Filing cabinets or computers that store SSN should be in a locked room.
An organization's collection and use of SSNs can increase the risk of identity theft and fraud. Each time an individual divulges his or her SSN, the potential for a thief to illegitimately gain access to bank accounts, credit cards, driving records, tax and employment histories and other private information increases.
Many businesses ask for your SSN because it is a convenient way to identify you in their system. As a result, your social security number can now reveal all kinds of information about you, including places you've lived, your credit history, and maybe even medical conditions.
But because the SSN is so commonly used as an individual account number, this nine-digit code ends up being a virtual pass key to a vast amount of private, and often sensitive, information about you -- your address, medical history, shopping preferences, household income, and use of prescription drugs, to name just a ...
The baseline recommendation would be to:
but the most important part would probably be:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With