At 5:30 PM -0700 8/11/10, Daevid Vincent wrote:
 > -----Original Message-----
 2. Were told it was a social security number
    (i.e., in the form of 123-45-6789).


Stop.

Why are you even contemplating storing SS# ??

Daevid et al:

Why? Because my client wants to store SS numbers on their online system to aid them in their collection business.

You see, the client in this case is not asking people for their SS numbers, but rather trying to collect unpaid debts. Their clients (i.e., creditors) have provided them debtor data, which may/may not include SS numbers.

My current thoughts are that the entire process will be behind a password protected section of a web site where only the people working for the firm will have access. The point of the system will be to aid collectors in their collection efforts and to allow them to conduct business anywhere they can find Internet access.

Of course, this will not stop employees from abusing the data, but that possibility also exist in the hard-copy only office as well -- that's a criminal act and will be handled accordingly. The difference here is that the data can be accessed online via password authorization. Is that too easy?

My effort here with my "Encryption/Decryption Question" is to focus on the event that the web site may hacked and access to the database is provided to an intruder. In such case, then the SS numbers residing there should be encrypted and that was my current quest to resolve.

Now, if federal law prohibits storing SS numbers in an online database that's accessible via password authorization then that's "end-of-story". I'll simply tell the client that federal law prohibits such practice and that will be the end of it -- it makes no difference to me.

However, if the practice of storing SS number online is not prohibited by law, then what are the appropriate "due diligence" steps necessary to protect such data?

Cheers,

tedd

--
-------
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to