|
|
|
|
|
|
by scpotter
4573 days ago
|
|
|
I thought encryption of SSN was a well know basic practice, but other responses here have me wondering. Besides whole tables columns or individual elements (for non-normalized data) can also be encrypted. Some PII like name and address are rarely encrypted in my experience because it's low value, but I've worked on an anonymization project where all PII is stripped out after it's of no value to the organization. Truly best practice: don't collect SSN unless you truly must have it, and never use it as a foreign key. The government is probably worst offender here, because there are really no consequences to individuals or organizations and tons of legacy systems. |
|
|