|
|
Posted by christopher.secord@gmail.com on 04/01/06 02:12
ILCSP@NETZERO.NET wrote:
> Hi David, I totally agree with you. However, this does the job.
Actually no, it doesn't do the job. The point of the policy is that
your company will be in line for a major lawsuit if (when) your
database server is hacked and the SSNs are stolen and your customers
start falling victim to identity theft. Knowing this, someone wrote a
policy that you are not allowed to store SSNs. You have NOT complied
with that policy.
Someone else already offered you one very simple solution, you could
hash the SSNs and use the hash as an ID rather than the SSN. The only
thing I would add is that you should hold on to the last four digits of
the SSN and use them to resolve collisions. That you refuse to
implement this simple and effective solution actually makes me just a
little angry. I'm angry knowing that people like you, who don't care
to protect *my* personal information, are often in positions where you
have charge of my personal information.
Incidentally, the "perfect" solution to this problem can be found in
Bruce Schneier's book Applied Cryptography. I don't have it in front
of me right now but the gist of it is that you not only hash the SSNs
but you use the SSN as a key to encrypt the rest of the data. With
this system, when someone steals your user database, they wont get
anything - not even names and addresses.
Please look into this. It's the right thing to do.
Navigation:
[Reply to this message]
|