Should a Federal Tax Id be encrypted in a database? [closed]

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 12 years ago.

开发者_运维百科 Improve this question

My first inclination is to say yes, since it's essentially a corporation's SSN which I would encrypt. However, I'm not sure whether SOX or and Federal guidelines actually require it to be encrypted. Anyone know for sure?

---

My rule of thumb: if you have to ask, the answer is probably yes

But I agree with @Adam, you should ask a lawyer about legal matters.

---

Considering that EIN's are generally public information - public companies put them on their 10-K and private companies usually include them on their D&B, it's probably not a big deal.

---

After further research, it appears that there is no specific requirement that a Tax ID (or SSN for that matter) be encrypted in the data layer, however, they need to be masked when presented to users.