Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase ««12

Need Help With SQL Query Expand / Collapse
Posted Monday, September 3, 2012 7:47 PM



Group: General Forum Members
Last Login: Today @ 7:08 PM
Points: 42,059, Visits: 39,442
darrylmybiz (9/3/2012)
Yes, the SSN appears in a non-encrypted form a database.

It's databases like this that cause identity theft and a world of other pains to people who don't know that some company has violated what is supposed to be a sacred trust. Do everything you can to convince management that the SSN's should be deleted or encrypted. If you're doing backups, the backups should be destroyed properly. This is a serious offense to many different statutes by many federal agencies not to mention a clear violation of best practices. If management doesn't budge, consider blowing the whistle on them because this is a very, very bad thing and it needs to be fixed at any cost.

If you don't believe there's anything wrong with storing clear text SSNs, then please email me your SSN so I can show you what can happen.

If you agree that storing clear text SSNs is a bad thing but are afraid to approach management and afraid to blow the whistle even anonymously, then PM me with the name of the company and I'll make sure they go through an information security audit.

--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

Helpful Links:
How to post code problems
How to post performance problems
Post #1353671
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse