[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] what are the rules for SSNs?
- From: "Johannes B. Ullrich, Ph.D." <jullrich@xxxxxxxx>
- Subject: Re: [WEB SECURITY] what are the rules for SSNs?
- Date: Fri, 11 Jul 2008 16:27:40 +0000 (UTC)
The FTC has a summary here:
http://www.ftc.gov/bcp/edu/microsites/idtheft/business/safeguards.html
However, the rules are not as specific as for example PCI.
----- Original Message -----
From: "Licky Lindsay" <noontar@xxxxxxxxx>
To: "WASC Forum" <websecurity@xxxxxxxxxxxxx>
Sent: Friday, July 11, 2008 9:49:55 AM GMT -05:00 US/Canada Eastern
Subject: [WEB SECURITY] what are the rules for SSNs?
In the U.S., what laws, regulations, standards, etc control how handle
social security numbers?
For example, is it acceptable to store mass numbers of them
unencrypted in database?
Not asking if it's a good idea to do so.. asking if it's legal and in
compliance with standard practices. Realize those are not the same.
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|