Yes, the SSN appears in a non-encrypted form a database.
It's databases like this that cause identity theft and a world of other pains to people who don't know that some company has violated what is supposed to be a sacred trust. Do everything you can to convince management that the SSN's should be deleted or encrypted. If you're doing backups, the backups should be destroyed properly. This is a serious offense to many different statutes by many federal agencies not to mention a clear violation of best practices. If management doesn't budge, consider blowing the whistle on them because this is a very, very bad thing and it needs to be fixed at any cost.
If you don't believe there's anything wrong with storing clear text SSNs, then please email me your SSN so I can show you what can happen.
If you agree that storing clear text SSNs is a bad thing but are afraid to approach management and afraid to blow the whistle even anonymously, then PM me with the name of the company and I'll make sure they go through an information security audit.
is pronounced ree-bar and is a Modenism for R
First step towards the paradigm shift of writing Set Based code: Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair
How to post code problemsHow to post performance problemsForum FAQs