Results 1 to 5 of 5

Thread: Handling Social Security Numbers

  1. #1
    Registered bbolte's Avatar
    Join Date
    Mar 2006
    Location
    Kansas
    Posts
    116

    Question Handling Social Security Numbers

    Can anyone clarify or point me in the direction for information on policies/laws/requirements concerning how to handle Social Security Numbers? Some of our clients are wanting/needing this information. Basically, we've told clients that we won't handle or store that info, but several are clamoring for it. So I need some official info so that we can determine what our next step is. thanks.

  2. #2
    Site Contributor KLB's Avatar
    Join Date
    Feb 2006
    Location
    Saco Maine
    Posts
    1,181
    Basically if they don't have a true legal need for it (e.g. to run credit checks, or for employees) they should not have it PERIOD!

    I see it all the time when working on database projects for people. They'll give me a paper form that requests people to provide a social security number, and I'll ask them why they need it and they look at with a blank stare. Nobody really knows why the form requests the SSN, it just always has. I tell them to get rid of it because they probably don't really need this information and if their data ever got stolen they could face serious lawsuits for release of personal information. Most of the time they follow my advice and stop requesting SSNs. If they still insist, I ask what security measures they are going to take to protect this information. Pretty quickly I can normally convince them that the risk outweighs the benefit.
    Ken Barbalace - EnvironmentalChemistry.com (Environmental Careers, Blog)
    InternetSAR.org: Volunteers Assisting Search and Rescue via the Internet
    My Firefox Theme Classic Compact: Based onFirefox's classic theme but uses much less window space

  3. #3
    Registered bbolte's Avatar
    Join Date
    Mar 2006
    Location
    Kansas
    Posts
    116
    that's it though - some of these clients are doing credit checks. they've been slow to move this portion to the web. i've found some stuff, but man you have to sift through tons of gov-speak! i'm looking for straightforward stuff and that's difficult to find...

  4. #4
    Site Contributor KLB's Avatar
    Join Date
    Feb 2006
    Location
    Saco Maine
    Posts
    1,181
    You probably won't find straight forward answers other than screw up and your *** will be hung out to dry.

    When it comes to SSN's and credit checks, the number should only be held as long as absolutely necessary to conduct the check and then deleted. It most certainly better not be transmitted across the Internet in an unsecured fashion (e.g. email) and the server it goes to had best have many layers of software and physical security.
    Ken Barbalace - EnvironmentalChemistry.com (Environmental Careers, Blog)
    InternetSAR.org: Volunteers Assisting Search and Rescue via the Internet
    My Firefox Theme Classic Compact: Based onFirefox's classic theme but uses much less window space

  5. #5
    Registered bbolte's Avatar
    Join Date
    Mar 2006
    Location
    Kansas
    Posts
    116
    Quote Originally Posted by KLB View Post
    You probably won't find straight forward answers other than screw up and your *** will be hung out to dry.
    oh I know - especially California...

Similar Threads

  1. Social Networking "News" Sites
    By KLB in forum General Promotion
    Replies: 0
    Last Post: 06-18-2006, 12:58 PM
  2. Free Server Security Audit by Touch Support
    By TSGradyR in forum The Marketplace
    Replies: 0
    Last Post: 03-30-2005, 11:00 PM
  3. Free Security Audit
    By TSGradyR in forum The Marketplace
    Replies: 0
    Last Post: 03-15-2005, 06:49 PM
  4. A few general questions about security ...
    By hixe in forum Web Hosting & Servers
    Replies: 3
    Last Post: 07-12-2004, 12:58 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •